Vulnerability Assessment: Protecting Your Organization
PDF Add to WishList
To minimize costly security breaches, organizations need to evaluate the risk in their enterprise from an array of vulnerabilities. In this training course, you learn how to create a network security vulnerability assessment checklist by exposing infrastructure, server, and desktop vulnerabilities, create and interpret reports, configure vulnerability scanners, detect points of exposure, and ultimately prevent network exploitation.
You Will Learn How To
- Detect and respond to vulnerabilities, and minimise exposure to security breaches
- Employ real-world exploits and evaluate their effect on your systems
- Configure vulnerability scanners to identify weaknesses
- Analyse the results of vulnerability scans
- Establish an efficient strategy for vulnerability management
Important Course Information
Requirements:
- Basic understanding of network security and security issues at the level of:
- Course 468, System and Network Security Introduction
- You should have an understand of:
- TCP/IP networking
- Network security goals and concerns
- The roles of firewalls and intrusion detection systems
Certification Preparation:
- This course covers multiple domains on the (ISC)2 CISSP certification exam
- If you are interested in achieving the CISSP certification, see Course 2058, Certified Information Systems Security Professional (CISSP) Certification Exam Preparation
Course Outline
- Fundamentals
Introduction
- Defining vulnerability, exploit, threat and risk
- Creating a vulnerability report
- Conducting an initial scan
- Common Vulnerabilities and Exposure (CVE) list
Scanning and exploits
- Vulnerability detection methods
- Types of scanners
- Port scanning and OS fingerprinting
- Enumerating targets to test information leakage
- Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
- Deploying exploit frameworks
- Analysing Vulnerabilities and Exploits
Uncovering infrastructure vulnerabilities
- Uncovering switch weaknesses
- Vulnerabilities in infrastructure support servers
- Network management tool attacks
Attacks against analysers and IDS
- Identifying Snort IDS bypass attacks
- Corrupting memory and causing Denial of Service
Exposing server vulnerabilities
- Scanning servers: assessing vulnerabilities on your network
- Uploading rogue scripts and file inclusion
- Catching input validation errors
- Performing buffer overflow attacks
- SQL injection
- Cross–Site Scripting (XSS) and cookie theft
Revealing desktop vulnerabilities
- Scanning for desktop vulnerabilities
- Client buffer overflows
- Silent downloading: spyware and adware
- Identifying design errors
- Configuring Scanners and Generating Reports
Implementing scanner operations and configuration
- Choosing credentials, ports and dangerous tests
- Preventing false negatives
- Creating custom vulnerability tests
- Customising Nessus scans
- Handling false positives
Creating and interpreting reports
- Filtering and customising reports
- Interpreting complex reports
- Contrasting the results of different scanners
- Assessing Risks in a Changing Environment
Researching alert information
- Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
- Evaluating and investigating security alerts and advisories
- Employing the Common Vulnerability Scoring System (CVSS)
Identifying factors that affect risk
- Evaluating the impact of a successful attack
- Determining vulnerability frequency
- Calculating vulnerability severity
- Weighing important risk factors
- Performing a risk assessment
- Managing Vulnerabilities
The vulnerability management cycle
- Standardising scanning with Open Vulnerability Assessment Language (OVAL)
- Patch and configuration management
- Analysing the vulnerability management process
Vulnerability controversies
- Rewards for vulnerability discovery
- Markets for bugs and exploits
- Challenge programs
Convenient Ways to Attend This Instructor-Led Course
Hassle-Free Enrolment: No advance payment required to reserve your seat.
Tuition Fee due 30 days after you attend your course.
In the Classroom
Live, Online
Private Team Training
In the Classroom — OR — Live, Online
Tuition Fee — Standard: £2095
AFTERNOON START: Attend these live courses online via Anyware
7 - 10 Aug
(4 Days)
2:00 PM - 9:30 PM BST
New York / Online (AnyWare)
Reserve Your Seat
25 - 28 Sep
(4 Days)
2:00 PM - 9:30 PM BST
Rockville, MD / Online (AnyWare)
Reserve Your Seat
30 Oct - 2 Nov
(4 Days)
1:00 PM - 8:30 PM GMT
Alexandria, VA / Online (AnyWare)
Reserve Your Seat
29 Jan - 1 Feb
(4 Days)
2:00 PM - 9:30 PM GMT
New York / Online (AnyWare)
Reserve Your Seat
26 - 29 Mar
(4 Days)
1:00 PM - 8:30 PM GMT
Rockville, MD / Online (AnyWare)
Reserve Your Seat
30 Apr - 3 May
(4 Days)
2:00 PM - 9:30 PM BST
Alexandria, VA / Online (AnyWare)
Reserve Your Seat
Guaranteed to Run
When you see the "Guaranteed to Run" icon next to a course event, you can rest assured that your course event — date, time, location — will run. Guaranteed.Private Team Training
Enroling at least 3 people in this course? Consider bringing this (or any course that can be custom designed) to your preferred location as a private team training.
For details, call 0800 282 353 or Click here »
Tuition Fee
Course Tuition Fee Includes:
Training Hours
Standard class hours:
9:00 a.m. - 4:30 p.m.
Last day class hours:
9:00 a.m. - 3:30 p.m.
Free Course Exam – Last Day:
3:30 p.m. - 4:30 p.m.
Each class day:
Informal discussion with instructor about your projects or areas of special interest:
4:30 p.m. - 5:30 p.m.
AFTERNOON START class hours:
2:00 p.m. - 9:30 p.m.
Last day class hours:
2:00 p.m. - 8:30 p.m.
Free Course Exam – Last Day:
8:30 p.m. - 9:30 p.m.
Each class day:
Informal discussion with instructor about your projects or areas of special interest
9:30 p.m. - 10:30 p.m.
Enhance Your Credentials with Professional Certification
Learning Tree's comprehensive training and exam preparation guarantees that you will gain the knowledge and confidence to achieve professional certification and advance your career.
This course is approved by CompTIA for continuing education units (CEUs). For additional information and to confirm which courses are eligible towards your CompTIA certification, click here.