Security Basics mailing list archives
Vulnerability Scanning - Prioritising Remediation
From: J Teddy <jteddylists () gmail com>
Date: Tue, 20 Sep 2011 15:37:18 +1000
I'm currently documenting how to prioritise remediation efforts from my last vulnerability scan. As my assets have all had information risk assessments conducted, I can easily calculate my CVSS score using the CVSS2 calculator. I then started thinking about compensating controls in my network where I could possibly lower the priority of the remediation. For example the SSH vulnerability priority may be lowered as there is a signature for prevention on my IPS. The question I can not answer is if my IPS has prevention for such a signature, and I’m running a vulnerability scan through that IPS, will my IPS block those packets, with the end result being my VA scan does not detect the vulnerability? Thanks. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Vulnerability Scanning - Prioritising Remediation J Teddy (Sep 20)
- RE: Vulnerability Scanning - Prioritising Remediation Mikhail A. Utin (Sep 20)
- Re: Vulnerability Scanning - Prioritising Remediation Todd Haverkos (Sep 21)
- Re: Vulnerability Scanning - Prioritising Remediation John Morrison (Sep 21)
- Re: Vulnerability Scanning - Prioritising Remediation ted fred (Sep 21)
- RE: Vulnerability Scanning - Prioritising Remediation Dominick Birolin (Sep 22)
- RE: Vulnerability Scanning - Prioritising Remediation Mikhail A. Utin (Sep 21)
- RE: Vulnerability Scanning - Prioritising Remediation Dominick Birolin (Sep 23)
- Re: Vulnerability Scanning - Prioritising Remediation J Teddy (Sep 23)
- Re: Vulnerability Scanning - Prioritising Remediation ted fred (Sep 21)
- Re: Vulnerability Scanning - Prioritising Remediation J Teddy (Sep 23)
- <Possible follow-ups>
- Re: Vulnerability Scanning - Prioritising Remediation krymson (Sep 22)