M01 - Part 2 Hands-0n Project 2-1 Exploring Common Vulnerabilities and Exposures (CVE) PDF

Preview

Summary

Homework for my lab so i can do some work, I am just typing this so I can get some unlock fdklsjafklasdfads f sdfkdsjfasdklnfsad flmasdf sakdlfsdalf...

Description

4 This page gives a brief overview of CVE. Read through the information regarding CVE. In your own words, how would you describe it? How does it work? What advantages does it provide? The CVE Program's purpose is to discover, describe, and classify publicly revealed cybersecurity flaws. After that, the vulnerabilities are allocated. CVE Records are used by information technology and cybersecurity experts to guarantee that they are talking about the same thing and to increase their capacity to prioritize and remedy vulnerabilities.

6 Click FAQs to display more detailed information on CVE. Who is behind CVE? Who owns it? How is it used? How does CVE compare to a vulnerability database? How would you answer the argument that threat actors could use CVE? The Cybersecurity and Infrastructure Security Agency of the United States Department of Homeland Security (DHS) sponsors CVE (CISA). As the Department of Homeland Security's federally funded research and development center (FFRDC). CVE was created to connect vulnerability databases and other capabilities, as well as to make comparing security products and services easier. CVE does not include risk, effect, or repair information, as well as comprehensive technical information. The standard identifying number with status indication, a brief explanation, and references to relevant vulnerabilities are all contained in CVE. whether your vulnerability scanners look for this threat, and if your security system has the right attack signatures to spot efforts to exploit specific vulnerabilities. If you construct or manage systems for clients, CVE conformity of alerts will assist you in identifying any patches from the suppliers of commercial software items in those systems. 8 Scroll down to CVE List Basics. What is the process by which a vulnerability becomes a CVE listing? Who is involved in this process? You may quickly and reliably retrieve information from a range of information sources that are compatible with CVE by utilizing the CVE ID for a specific vulnerability or exposure. CVE may assist you in making a better decision about which security technologies and services are fit for your needs by permitting better comparisons between them.

9 Click the link CVE Data Feeds. Scroll through the newest CVE entries feed. Were you aware of these vulnerabilities? How does the CVE distribute its information? Would you consider it sufficient? How can this be used by security personnel?

I was not aware of these vulnerabilities. CVE distribute their information through social media. Yes, this is sufficient because social media plays a prominent role in society.

11 Enter a generic vulnerability such as passwords to display the CVE entries. How many are there that relate to this topic? Because the vulnerabilities are in various products, they may be fixed individually. However, those goods are affected because they contain the same software or because they are using the capabilities of another product. There were about 5 related to this topic.

13 Locate a CVE entry that contains the tag Disputed. Click this entry. Under Description click **DISPUTED** to read about what constitutes a disputed CVE. Who would dispute a CVE? Why? Whenever one party disputes with another's claim that a certain software flaw represents a vulnerability, the CVE Record given to that flaw may be marked as "DISPUTED." The CVE Program makes no judgement between which group is accurate in these circumstances. Instead, we keep a checklist of the disagreement and try to provide any open sources that may help individuals who are trying to figure out what's going on....