Professional Documents
Culture Documents
Chapter02-Managing Risk-Threats, Vulnerabilities, and Exploits
Chapter02-Managing Risk-Threats, Vulnerabilities, and Exploits
Chapter02-Managing Risk-Threats, Vulnerabilities, and Exploits
http://fpt.edu.vn 14/05/2019 2
Understanding and Managing Threats
http://fpt.edu.vn 14/05/2019 3
Best Practices for Managing
Threats Within Your IT Infrastructure
• Create a security policy
• Insurance
• Use access controls
• Use automation
• Include input validation
• Provide training
• Use antivirus software
• Protect the boundary
http://fpt.edu.vn 14/05/2019 4
Understanding and Managing
Vulnerabilities
• Vulnerability can be a weakness in an asset or the
environment.
• The loss occurs when a threat exploits the vulnerability.
– threat/vulnerability pairs
• Vulnerabilities can be mitigated.
http://fpt.edu.vn 14/05/2019 5
Mitigation Techniques
http://fpt.edu.vn 14/05/2019 6
Mitigation Techniques (cont.)
http://fpt.edu.vn 14/05/2019 7
Best Practices for Managing
Vulnerabilities Within Your IT Infrastructure
• Identify vulnerabilities
• Match the threat/vulnerability pairs
• Use as many of the mitigation techniques as feasible
• Perform vulnerability assessments
http://fpt.edu.vn 14/05/2019 8
Understanding and Managing Exploits
http://fpt.edu.vn 14/05/2019 9
Public-Facing Server
Exploits
• Perpetrators
– Script kiddies, programmers
• Initiate
– Public server discovery
– Server fingerprinting
– Vulnerability discovery
• Find information about Vulnerabilities and Exploits
– Blogs, forums, security newsletters
– Common Vulnerabilities and Exposures (CVE) list
– Reverse engineering
http://fpt.edu.vn 14/05/2019 10
Public-Facing Server
Mitigation Techniques
• Remove or change defaults
• Reduce the attack surface
• Keep systems up to date
• Enable firewalls
• Enable intrusion detection systems (IDSs)
• Install antivirus software
http://fpt.edu.vn 14/05/2019 11
Best Practices for Managing
Exploits Within Your IT Infrastructure
• Harden servers
• Use configuration management
• Perform risk assessments
• Perform vulnerability assessments
http://fpt.edu.vn 14/05/2019 12