Risk mitigation
Risk mitigation involves either fixing the vulnerability or providing some kind of control through which the likelihood or the impact of the flaw is taken care of.
For example, there is a high-level vulnerability in an OpenSSH server. The patching of software might take some time, so in order to mitigate the risk, the system administrator has only allowed the office IP to be able to connect via SSH to the servers.
A sample scan report
Now that we understand the basics of vulnerability, CVSS scores, and risks, we will take a sample vulnerability assessment report of one of the workstations and understand more about it. This scan has been performed by Nessus:
If we look at the previous screenshot, we can see that Nessus has systematically categorized vulnerabilities according to the CVSS score and also colorized the entire flow to make it look simple for a system administrator to analyze.
If we expand the report, the Nessus shows detailed information related to which packages have...
