CVE Vs NVD
Order ID |
53563633773 |
Type |
Essay |
Writer Level |
Masters |
Style |
APA |
Sources/References |
4 |
The perfect number of Pages to Order |
5-10 Pages |
Description/Paper Instructions
CVE vs. NVD
CVE vs NVD
Description: In this project, you will explore both CVE and NVD.
Submission: Answer the following questions and upload them to the Blackboard Assignments tab.
Vulnerability feeds are available to provide updated information to scanning software about the latest vulnerabilities. One of the most highly regarded vulnerability feeds is the Mitre Common Vulnerabilities and Exposures (CVE).
- Open your web browser and enter the URL https://cve.mitre.org/.
- Hover over About and click on About CVE
- This page gives a brief overview of CVE. Read through the information regarding CVE.
- a) In your own words, how would you describe it? How does it work? What advantages does it provide?
- Next, hover over About, click FAQs, and click on CVE Records.
- a) Describe the three elements that make up a CVE entry.
Now that you have a better idea of what the CVE list is designed for, let’s use it to cross-reference a current security situation in the United States. The SolarWinds massive security hack took place throughout 2020. This attack compromised thousands of US government-owned systems, among countless other systems where the software was integrated.
SolarWinds has been a highly valued company for many years and is known for some of the best network management software on the market. SolarWinds is a top performer in its field. The Orion platform, which they produce, is designed to manage many different infrastructure areas under the hood of a single piece of software. Orion was in the heat of the controversy. The SolarWinds actual supply chain was compromised, and a nation-state threat actor was able to insert a modified.dll file into their source code repository. When updates got pushed out to their users, the infected files were then brought over to systems worldwide.
At that point, the remote attacker could bypass authentication and execute API commands on the software. Linked below is a high-level overview of how the attack took place. I recommend reading the article; it’s very interesting.
https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack
Search for the SolarWinds Orion vulnerability in the CVE database.
- Navigate back to the CVE Mitre site and scroll up to the top of the page. Click Search CVE List.
- Search “SolarWinds Orion” to display the CVE entries.
- Locate CVE-ID: CVE-2020-10148 and click into it. The CVE will provide a brief overview of the vulnerability and provide references supporting its release. A lot of the time, this will be an official statement provided by the company.
- Under References, click on “CONFIRM: https://www.solarwinds.com/securityadvisory” to read more about the advisory notice released by SolarWinds along with fixes.
- Navigate back to the SolarWinds CVE record. Notice that next to the CVE-ID it says, “Learn more at National Vulnerability Database (NVD).” This is where you can find more detailed information and version numbers of the software that has been affected. Click on “Learn More at the National Vulnerability Database (NVD)” to view this database and how it relates to the CVE.
The National Vulnerability Database (NVD) is managed by the U.S. government as a repository for security checklists, vulnerability management data, software flaws, misconfigurations, product names, and their impacts. This data enables automation of vulnerability management, security measurement, and compliance.
- Navigate to the National Vulnerability Database home page. https://nvd.nist.gov/
- Click the plus sign next to General.
- Click FAQ.
- Click General FAQs.
- Read through the material.
- a) In your own words, how does the Mitre CVE compare with the NIST NVD?
- b) When would you use the CVE?
- c) When would you use the NVD?
- d) How frequently is the NVD updated?
- Return to the home page and again click the plus sign next to General.
- Click the NVD Dashboard to view the latest information.
- a) Do the numbers surprise you?
- b) How does the number of vulnerabilities under the score distribution compare?
- c) How many CVEs were received and processed today?
- Scroll through the last 20 scored vulnerability IDs and summaries.
- a) Have you heard of any of these vulnerabilities?
- Return to the home page and again click the plus sign next to General.
- Click Visualizations to display graphical information.
- Click Vulnerabilities – CVE.
- Click Description Summary Word to display a bar graph of the most common words used as part of a vulnerability description. Hover over the three highest bars to view the three most frequent words used.
- a)List the top three most frequently used words in a vulnerability description.
- Return to the NVD Visualizations page: https://nvd.nist.gov/general/visualizations. Click Products – CPE.
- a)Which vendor has the highest number of total products that appears in the NVD?
View other vendors by hovering over the bars.
- a)What do you find interesting about this distribution?
- Return to the home page. https://nvd.nist.gov/and click the plus sign next to “Other Sites”.
- Click Checklist (NCP) Repository.
- This page displays a form you can use to search for checklists, benchmarks, and secure configuration guides. This repository provides guidance on applying these security configurations and best practices to operating systems and applications.
Now let’s look at the Department of Defense (DOD) recommend best practices for applying and modifying Group Policy Objects on Windows Server 2019.
Group policy is what defines user/computer configurations and security access of an operating system. These group policy objects (GPOs) control what the computer is allowed to do and what the user is allowed to do in the OS.
- Click the target drop-down box and select Microsoft Windows Server 2019. Click search
- Under Resources, click on Group Policy Objects (GPOs) for July 2022.
- Download the check list resource and unpackage the zip file by double-clicking on it. Open the folder.
- Open the DoD Windows Server 2019 MS and DC v2r4 folder. Open the Reports folder.
- Open: DoD Windows Server 2019 Member Server STIG Computer v2r4.html
- Under Computer Configuration expand Security Settings expand Account Policies/Password Policy. This is the recommended password guidance for the most secure environment. It shows the recommended length and settings that should be applied to Windows Server 2019. This is just one example of the many thousands of GPOs that can be imported into any OS. By adopting and applying these policies to an operating system, you are creating a more secure environment.
- Finally, navigate the GPO list and find three other policies you find important from this list.
- a)
- b)
- c)
- Close all windows.
CVE Vs NVD
RUBRIC
QUALITY OF RESPONSE |
NO RESPONSE |
POOR / UNSATISFACTORY |
SATISFACTORY |
GOOD |
EXCELLENT |
Content (worth a maximum of 50% of the total points) |
Zero points: The student failed to submit the final paper. |
20 points out of 50: The essay illustrates poor understanding of the relevant material by failing to address or incorrectly address the relevant content; failing to identify or inaccurately explain key concepts or ideas; ignoring or incorrectly explaining key points or claims and the reasoning behind them; and/or incorrectly or inappropriately using terminology; and elements of the response are lacking. |
30 points out of 50: The essay illustrates a rudimentary understanding of the relevant material by mentioning but not fully explaining the relevant content; identifying some of the key concepts or ideas, though failing to fully or accurately explain many of them; using terminology, though sometimes inaccurately or inappropriately; and/or incorporating some key claims or points, but failing to explain the reasoning behind them or doing so inaccurately. Elements of the required response may also be lacking. |
40 points out of 50: The essay illustrates a solid understanding of the relevant material by correctly addressing most of the relevant content, identifying and explaining most of the key concepts and ideas, using correct terminology, explaining the reasoning behind most of the key points/claims; and/or where necessary or useful, substantiating some points with accurate examples. The answer is complete. |
50 points: The essay illustrates an exemplary understanding of the relevant material by thoroughly and correctly addressing the relevant content, identifying and explaining all of the key concepts and ideas, using correct terminology, explaining the reasoning behind key points and claims, and substantiating, as necessary or useful, points with several accurate and illuminating examples. No aspects of the required answer are missing. |
Use of sources (worth a maximum of 20% of the total points) |
Zero points: The student failed to include citations and/or references. Or the student failed to submit a final paper. |
5 out of 20 points: Sources are seldom cited to support statements, and/or the format of the citations is not recognized as APA 6th Edition format. There are major errors in the formation of the references and citations. And/or there is a major reliance on highly questionable The student fails to provide an adequate synthesis of the research collected for the paper. |
10 out of 20 points: References to scholarly sources are occasionally given; many statements seem unsubstantiated. There are frequent errors in the APA 6th Edition format, leaving the reader confused about the source of the information. There are significant errors in the formation of the references and citations. And/or there is a significant use of highly questionable sources. |
15 out of 20 points: Credible scholarly sources are used effectively to support claims and are, for the most part, clear and fairly represented. APA 6th Edition is used with only a few minor errors. There are minor errors in references and/or citations. And/or there is some use of questionable sources. |
20 points: Credible scholarly sources are used to provide compelling evidence to support claims and are clearly and fairly represented. The APA 6th Edition format is used accurately and consistently. The student uses references above the maximum required in the development of the assignment. |
Grammar (worth maximum of 20% of total points) |
Zero points: The student failed to submit the final paper. |
5 points out of 20: The paper does not communicate ideas or points clearly due to inappropriate use of terminology and vague language; thoughts and sentences are disjointed or incomprehensible; organization lacking; and/or there are numerous grammatical, spelling, and punctuation errors |
10 points out 20: The paper is often unclear and difficult to follow due to some inappropriate terminology and/or vague language; ideas may be fragmented, wandering, and/or repetitive; poor organization; and/or some grammatical, spelling, and punctuation errors |
15 points out of 20: The paper is mostly clear as a result of appropriate use of terminology and minimal vagueness; no tangents and no repetition; fairly good organization; almost perfect grammar, spelling, punctuation, and word usage. |
20 points: The paper is clear, concise, and a pleasure to read as a result of appropriate and precise use of terminology; total coherence of thoughts and presentation; and logical organization; and the essay is error-free. |
Structure of the Paper (worth 10% of total points) |
Zero points: The student failed to submit the final paper. |
3 points out of 10: The student needs to develop better formatting skills. The paper omits significant structural elements required for and APA 6th edition paper. Formatting of the paper has major flaws. The paper does not conform to APA 6th edition requirements whatsoever. |
5 points out of 10: The appearance of the final paper demonstrates the student’s limited ability to format the paper. There are significant errors in formatting and/or the total omission of major components of an APA 6th edition paper. They can include the omission of the cover page, abstract, and page numbers. Additionally the page has major formatting issues with spacing or paragraph formation. The font size might not conform to size requirements. The student also significantly writes too much or too little paper |
7 points out of 10: Research paper presents an above-average use of formatting skills. The paper has slight errors within the paper. This can include small errors or omissions with the cover page, abstract, page number, and headers. There could be also slight formatting issues with the document spacing or the font Additionally the paper might slightly exceed or undershoot the specific number of required written pages for the assignment. |
10 points: Student provides a high-caliber, formatted paper. This includes an APA 6th edition cover page, abstract, page number, headers and is double spaced in 12’ Times Roman Font. Additionally, the paper conforms to the specific number of required written pages and neither goes over or under the specified length of the paper. |
|
|
Also, you can place the order at www.collegepaper.us/orders/ordernow / www.phdwriters.us/orders/ordernow
|
Do You Have Any Other Essay/Assignment/Class Project/Homework Related to this? Click Here Now [CLICK ME]and Have It Done by Our PhD Qualified Writers!! |
|
|
PLACE THE ORDER WITH US TODAY AND GET A PERFECT SCORE!!!