SlideShare une entreprise Scribd logo

Greenbone vulnerability assessment - Networkshop44

Télécharger en tant que PPTX, PDF
Jisc
Jisc

Greenbone vulnerability assessment - Dirk Schrader, Greenbone

Formation
1  sur  15
Greenbone vulnerability assessment Dirk Schrader
what‘s bad on your network: tackling it with Vulnerability Management Dirk Schrader University of Manchester; March 24th, 2016 09:45 – 10:15, Theatre A
Introduction • Greenbone Networks • Develops Vulnerability Management Solutions since 2004 • Open Source and Transparency • Your data is your data: NO CLOUD • German • Dirk Schrader • CISSP (by ISC2) in good standing • CISM (by ISACA) in progress • 20+ years in IT Sec • German, too www.greenbone.net
What should be considered as ‚bad‘? www.greenbone.net Susceptibility Accessibility Capability Anything which is susceptible to misuse and accessible by an adversary with sufficient capabilities. That can be: • Software flaws • Defaults or misconfigurations • Unauthorized or unsuspected installations • Compliance deviation or Non-Compliance • Policy deviation or violation
Start with a different perspective, .. www.greenbone.net Processes, Policies & Awareness Physical Perimeter Network Host & OS Application Data Authentication NG Firewall N-IDPS H-IDPS AV-System SIEM / ISMS Vulnerability Management inside–outview outside–inview
.. then prepare, • Define secure configurations • Whitelist systems and applications • Map to security controls • Still, if none is there: start simple, enhance stepwise www.greenbone.net Policies Compliance Guidelines
.. identify, • Import and/or discover assets • Scan assets • Scan them authenticated • CPE information is vital www.greenbone.net
.. classify, • use CVSS, CVE, and CPE • enhance with add SecInfo • most important, tag with Asset Criticality info www.greenbone.net
.. prioritize, • based on Score, Quality of Detection, and available Solution Type • adding Asset Criticality Information • Attack status confirms www.greenbone.net
.. assign, • use Reports, Alerts, or a Ticket System • based on Knowlegde, Experience, and Role • track and trace assignment www.greenbone.net
.. mitigate and remediate, • patch and/or upgrade • block and/or isolate • work around • override is also a temporary option www.greenbone.net
.. store and repeat,.. • predict and trend assets • handle changes in infrastructure • time-stamped data supports Forensics • average of 40 high severity flaws published per week • 24h/48h ‚Window of Vulnerability‘ www.greenbone.net
.. and improve!• Eases implementation of Updates and Changes to Policies, Guidelines, and Compliance • Meaningful KPIs for the IT Security documented • The number of vulnerabilities over time is not meaningful • But the time needed to mediate/mitigate (reduced by..) • The time needed to identify (faster by x) • Fail/pass ratio of adherence to policy, compliance (increased by ..) www.greenbone.net
the process of Vulnerability Management www.greenbone.net prepare identify classify prioritize assign mitigate & remediate store & repeat improve
• Thank you, •ready for questions ?!

Recommandé

Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Jisc
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiJisc
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMSJisc
 
Securing Your Network
Securing Your NetworkSecuring Your Network
Securing Your NetworkePlus
 
Xaas infotech (2)
Xaas infotech (2)Xaas infotech (2)
Xaas infotech (2)Prabod Abhinov Gunupudi
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Benoît H. Dicaire
 
2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINALRick Kingsley
 

Recommandé

Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Jisc
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiJisc
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMSJisc
 
Securing Your Network
Securing Your NetworkSecuring Your Network
Securing Your NetworkePlus
 
Xaas infotech (2)
Xaas infotech (2)Xaas infotech (2)
Xaas infotech (2)Prabod Abhinov Gunupudi
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013Wolfgang Kandek
 
Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Benoît H. Dicaire
 
2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINALRick Kingsley
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Corporacion Colombia Digital
 
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...Nur Shiqim Chok
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPNIC
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is RealePlus
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
End Your Security Nightmares with ePlus and Cisco
End Your Security Nightmares with ePlus and CiscoEnd Your Security Nightmares with ePlus and Cisco
End Your Security Nightmares with ePlus and CiscoePlus
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Jisc
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology OperationsIvanti
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTheAnfieldGroup
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
Secure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudSecure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudExtreme Networks
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
UTM Technology & Leaders of UTMs in Gartner Magic report 2014
UTM Technology & Leaders of UTMs in Gartner Magic report 2014UTM Technology & Leaders of UTMs in Gartner Magic report 2014
UTM Technology & Leaders of UTMs in Gartner Magic report 2014Tarek Nader
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Professional development processes - Networkshop44
Professional development processes - Networkshop44Professional development processes - Networkshop44
Professional development processes - Networkshop44Jisc
 

Contenu connexe

Tendances

[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...Nur Shiqim Chok
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPNIC
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is RealePlus
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
End Your Security Nightmares with ePlus and Cisco
End Your Security Nightmares with ePlus and CiscoEnd Your Security Nightmares with ePlus and Cisco
End Your Security Nightmares with ePlus and CiscoePlus
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Jisc
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology OperationsIvanti
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTheAnfieldGroup
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
Secure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudSecure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudExtreme Networks
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
UTM Technology & Leaders of UTMs in Gartner Magic report 2014
UTM Technology & Leaders of UTMs in Gartner Magic report 2014UTM Technology & Leaders of UTMs in Gartner Magic report 2014
UTM Technology & Leaders of UTMs in Gartner Magic report 2014Tarek Nader
 

Tendances (20)

Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of Things
 
Security Risks: The Threat is Real
Security Risks: The Threat is RealSecurity Risks: The Threat is Real
Security Risks: The Threat is Real
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive Security
 
End Your Security Nightmares with ePlus and Cisco
End Your Security Nightmares with ePlus and CiscoEnd Your Security Nightmares with ePlus and Cisco
End Your Security Nightmares with ePlus and Cisco
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, Ercot
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
Secure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private CloudSecure Mobility with Analytics for the Private Cloud
Secure Mobility with Analytics for the Private Cloud
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
UTM Technology & Leaders of UTMs in Gartner Magic report 2014
UTM Technology & Leaders of UTMs in Gartner Magic report 2014UTM Technology & Leaders of UTMs in Gartner Magic report 2014
UTM Technology & Leaders of UTMs in Gartner Magic report 2014
 

En vedette

EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Professional development processes - Networkshop44
Professional development processes - Networkshop44Professional development processes - Networkshop44
Professional development processes - Networkshop44Jisc
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Jisc
 
How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44Jisc
 
Application of Assent in the safe - Networkshop44
Application of Assent in the safe - Networkshop44Application of Assent in the safe - Networkshop44
Application of Assent in the safe - Networkshop44Jisc
 
Internet in space - Networkshop44
Internet in space - Networkshop44Internet in space - Networkshop44
Internet in space - Networkshop44Jisc
 
Abuse helper app - Networkshop44
Abuse helper app - Networkshop44Abuse helper app - Networkshop44
Abuse helper app - Networkshop44Jisc
 
Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44Jisc
 
Data centre networking at the University of Bristol - Networkshop44
Data centre networking at the University of Bristol - Networkshop44Data centre networking at the University of Bristol - Networkshop44
Data centre networking at the University of Bristol - Networkshop44Jisc
 
Trust and identity services and architecture - Networkshop44
Trust and identity services and architecture - Networkshop44Trust and identity services and architecture - Networkshop44
Trust and identity services and architecture - Networkshop44Jisc
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Jisc
 
Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44Jisc
 
Ipv6 deployment at the university of reading - Networkshop44
Ipv6 deployment at the university of reading - Networkshop44Ipv6 deployment at the university of reading - Networkshop44
Ipv6 deployment at the university of reading - Networkshop44Jisc
 
Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44Jisc
 
Telephony developments at pirbright - Networkshop44
Telephony developments at pirbright - Networkshop44Telephony developments at pirbright - Networkshop44
Telephony developments at pirbright - Networkshop44Jisc
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44Jisc
 
Finding vulnerabilities - networkshop44
Finding vulnerabilities - networkshop44Finding vulnerabilities - networkshop44
Finding vulnerabilities - networkshop44Jisc
 
Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...Jisc
 
The simplification of the campus network Juniper - Networkshop44
The simplification of the campus network Juniper - Networkshop44The simplification of the campus network Juniper - Networkshop44
The simplification of the campus network Juniper - Networkshop44Jisc
 
SafeShare - Networkshop44
SafeShare - Networkshop44SafeShare - Networkshop44
SafeShare - Networkshop44Jisc
 

En vedette (20)

EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
Professional development processes - Networkshop44
Professional development processes - Networkshop44Professional development processes - Networkshop44
Professional development processes - Networkshop44
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44
 
How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44How to view a project, as a junior engineer - Networkshop44
How to view a project, as a junior engineer - Networkshop44
 
Application of Assent in the safe - Networkshop44
Application of Assent in the safe - Networkshop44Application of Assent in the safe - Networkshop44
Application of Assent in the safe - Networkshop44
 
Internet in space - Networkshop44
Internet in space - Networkshop44Internet in space - Networkshop44
Internet in space - Networkshop44
 
Abuse helper app - Networkshop44
Abuse helper app - Networkshop44Abuse helper app - Networkshop44
Abuse helper app - Networkshop44
 
Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44Attracting, recruiting and retaining staff - Networkshop44
Attracting, recruiting and retaining staff - Networkshop44
 
Data centre networking at the University of Bristol - Networkshop44
Data centre networking at the University of Bristol - Networkshop44Data centre networking at the University of Bristol - Networkshop44
Data centre networking at the University of Bristol - Networkshop44
 
Trust and identity services and architecture - Networkshop44
Trust and identity services and architecture - Networkshop44Trust and identity services and architecture - Networkshop44
Trust and identity services and architecture - Networkshop44
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44
 
Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44
 
Ipv6 deployment at the university of reading - Networkshop44
Ipv6 deployment at the university of reading - Networkshop44Ipv6 deployment at the university of reading - Networkshop44
Ipv6 deployment at the university of reading - Networkshop44
 
Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44Data networking at UCL - Networkshop44
Data networking at UCL - Networkshop44
 
Telephony developments at pirbright - Networkshop44
Telephony developments at pirbright - Networkshop44Telephony developments at pirbright - Networkshop44
Telephony developments at pirbright - Networkshop44
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
 
Finding vulnerabilities - networkshop44
Finding vulnerabilities - networkshop44Finding vulnerabilities - networkshop44
Finding vulnerabilities - networkshop44
 
Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...
 
The simplification of the campus network Juniper - Networkshop44
The simplification of the campus network Juniper - Networkshop44The simplification of the campus network Juniper - Networkshop44
The simplification of the campus network Juniper - Networkshop44
 
SafeShare - Networkshop44
SafeShare - Networkshop44SafeShare - Networkshop44
SafeShare - Networkshop44
 

Similaire à Greenbone vulnerability assessment - Networkshop44

Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management ProgramTripwire
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
Decrease Cyber Risk at your Community Bank
Decrease Cyber Risk at your Community BankDecrease Cyber Risk at your Community Bank
Decrease Cyber Risk at your Community BankGreat Bay Software
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookSam Bowne
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Myths of validation
Myths of validationMyths of validation
Myths of validationJeff Thomas
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 

Similaire à Greenbone vulnerability assessment - Networkshop44 (20)

Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
Decrease Cyber Risk at your Community Bank
Decrease Cyber Risk at your Community BankDecrease Cyber Risk at your Community Bank
Decrease Cyber Risk at your Community Bank
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management Handbook
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Myths of validation
Myths of validationMyths of validation
Myths of validation
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 

Plus de Jisc

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 

Plus de Jisc (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 

Dernier

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 

Dernier (20)

Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 

Greenbone vulnerability assessment - Networkshop44

  • 2. what‘s bad on your network: tackling it with Vulnerability Management Dirk Schrader University of Manchester; March 24th, 2016 09:45 – 10:15, Theatre A
  • 3. Introduction • Greenbone Networks • Develops Vulnerability Management Solutions since 2004 • Open Source and Transparency • Your data is your data: NO CLOUD • German • Dirk Schrader • CISSP (by ISC2) in good standing • CISM (by ISACA) in progress • 20+ years in IT Sec • German, too www.greenbone.net
  • 4. What should be considered as ‚bad‘? www.greenbone.net Susceptibility Accessibility Capability Anything which is susceptible to misuse and accessible by an adversary with sufficient capabilities. That can be: • Software flaws • Defaults or misconfigurations • Unauthorized or unsuspected installations • Compliance deviation or Non-Compliance • Policy deviation or violation
  • 5. Start with a different perspective, .. www.greenbone.net Processes, Policies & Awareness Physical Perimeter Network Host & OS Application Data Authentication NG Firewall N-IDPS H-IDPS AV-System SIEM / ISMS Vulnerability Management inside–outview outside–inview
  • 6. .. then prepare, • Define secure configurations • Whitelist systems and applications • Map to security controls • Still, if none is there: start simple, enhance stepwise www.greenbone.net Policies Compliance Guidelines
  • 7. .. identify, • Import and/or discover assets • Scan assets • Scan them authenticated • CPE information is vital www.greenbone.net
  • 8. .. classify, • use CVSS, CVE, and CPE • enhance with add SecInfo • most important, tag with Asset Criticality info www.greenbone.net
  • 9. .. prioritize, • based on Score, Quality of Detection, and available Solution Type • adding Asset Criticality Information • Attack status confirms www.greenbone.net
  • 10. .. assign, • use Reports, Alerts, or a Ticket System • based on Knowlegde, Experience, and Role • track and trace assignment www.greenbone.net
  • 11. .. mitigate and remediate, • patch and/or upgrade • block and/or isolate • work around • override is also a temporary option www.greenbone.net
  • 12. .. store and repeat,.. • predict and trend assets • handle changes in infrastructure • time-stamped data supports Forensics • average of 40 high severity flaws published per week • 24h/48h ‚Window of Vulnerability‘ www.greenbone.net
  • 13. .. and improve!• Eases implementation of Updates and Changes to Policies, Guidelines, and Compliance • Meaningful KPIs for the IT Security documented • The number of vulnerabilities over time is not meaningful • But the time needed to mediate/mitigate (reduced by..) • The time needed to identify (faster by x) • Fail/pass ratio of adherence to policy, compliance (increased by ..) www.greenbone.net
  • 14. the process of Vulnerability Management www.greenbone.net prepare identify classify prioritize assign mitigate & remediate store & repeat improve