Simulation lab 2.1: module 02 explore the national vulnerability database

Q: How often is the NVD update?

The year feeds are updated once per day, while the recent and modified feeds are updated every two hours.

Last updated on December 08, 2021 at 14:59 PM

2021 has officially been a record-breaking year for vulnerabilities.

Our latest analysis of the National Vulnerability Database (NVD) has revealed that 2021 has now officially broken the record for common vulnerabilities and exposures (CVEs) logged by researchers.

NIST is the US National Institute of Standards and Technology, and its National Vulnerability Database (NVD) is a repository of Common Vulnerabilities and Exposures (CVEs). As one of the most trusted sources of information for IT and security professionals around the world, the NVD helps security teams around the world to stay up to date with security vulnerabilities as they are discovered.

More than 50 CVEs logged every day

2021 was an especially difficult year for security teams, with the rise of ransomware attacks and the growing need to secure a remote workforce. There have been more security vulnerabilities disclosed in 2021 (18,439)* than in any other year-to-date – averaging more than 50 CVEs logged each day.

This analysis follows our in-depth investigation of CVEs logged to NIST in 2020, issued at the beginning of this year. Many of the trends identified at the start of the year have continued through 2021. These include a record number of vulnerabilities, with the volume of low and medium severity vulnerabilities growing the most during the last 12 months.

Additional key findings

Our analysis also showed that:

90% of all CVEs discovered in 2021 so far can be exploited by attackers with limited technical skills
CVEs which require no user interaction, such as clicking a link, downloading a file or sharing their credentials, accounted for 61% of the total volume up to now
Fifty-four percent of vulnerabilities so far this year are classified as having “high” availability, meaning they are readily accessible/exploitable by attackers

Decline in ’no privilege’ CVEs

There was some positive news. Our analysis showed that ‘no privilege’ CVEs continued to decline in 2021. Just over half (55%) of 2021 CVEs require no privileges to exploit, down from 59% in 2020 and 66% in 2019. Meanwhile, vulnerabilities with a high confidentiality rating decreased from 59% to 53% of CVEs over the last 12 months – these are CVEs deemed likely to impact confidential data.

“The prominence of highly available CVEs that require limited technical skills to exploit and no user interaction is naturally a concern for security teams. Sadly, 2021 being a record-breaking year for vulnerabilities is in line with our expectations at the start of a year that has proved very difficult for security pros.”

“Cybercrime and security vulnerabilities are evolving all the time, and security teams are struggling to stay up-to-date. This milestone is also a reminder of the continued importance of patch management and defence in depth. Not all vulnerabilities are known and patched, which means security teams must have controls in place to detect and respond to attacks in their infancy before they can do real damage.”
George Glass, Head of Threat Intelligence

*All figures correct at the time of research at 09:00 (GMT) on 8th December 2021 and taken from the NIST National Vulnerability Database (NVD) at https://nvd.nist.gov/ based on CVSS v3.x.

Read our in-depth analysis of the vulnerabilities identified in 2020

Prerequisite: None.
This course is designed to introduce students to the impacts of information systems on the firm, industry, society, and the economy. The management of the information resource and issues related to accessing, processing, and distributing information within a business context are emphasized. Students will analyze the role of information systems in reaching organizational objectives including communication, collaboration, performance improvement and strategy implementation. Skill-based learning will reinforce strategic information systems concepts.

Schedule (*all times are ET)

M/W/F	Topic
10/12/14 January	No class Monday Introduction/Course Mechanics Read Module 01: Introduction to Security CompTIA Security+ SY0-601 Pre-Assessment Quiz [due 16Jan@2359] Vocab Quiz 1 [due 16Jan@2359] Simulation Lab 1.1 [due 16Jan@2359] Simulation Lab 1.2 [due 16Jan@2359] Live Virtual Machine Lab 1.1 [due 16Jan@2359] Live Virtual Machine Lab 1.2 [due 16Jan@2359] Module 01 Quiz [due 16Jan@2359]
17/19/21 January	MLK - no class Monday Read Module 02: Threat Mgmt & Cybersecurity Resources Vocab Quiz 2 [due 23Jan@2359] Simulation Lab 2.1 [due 23Jan@2359] Live Virtual Machine Lab 2.1 [due 23Jan@2359] Live Virtual Machine Lab 2.2 [due 23Jan@2359] Module 02 Quiz [due 23Jan@2359]
24/26/28 January	Read Module 03: Threats & Attacks on Endpoints Vocab Quiz 3 [due 30Jan@2359] Simulation Lab 3.1 [due 30Jan@2359] Live Virtual Machine Lab 3.1 [due 30Jan@2359] Live Virtual Machine Lab 3.2 [due 30Jan@2359] Live Virtual Machine Lab 3.3 [due 30Jan@2359] Module 03 Quiz [due 30Jan@2359]
31 January/ 2/4 February	Read Module 04: Endpoint & Application Development Security Vocab Quiz 4 [due 6Feb@2359] Simulation Lab 4.1 [due 6Feb@2359] Simulation Lab 4.2 [due 6Feb@2359] Live Virtual Machine Lab 4.1 [due 6Feb@2359] Live Virtual Machine Lab 4.2 [due 6Feb@2359] Module 04 Quiz [due 6Feb@2359]
7/9/11 February	Read Module 05: Mobile, Embedded, and Specialized Device Security Vocab Quiz 5 [due 13Feb@2359] Simulation Lab 5.1 [due 13Feb@2359] Simulation Lab 5.2 [due 13Feb@2359] Live Virtual Machine Lab 5.1 [due 13Feb@2359] Live Virtual Machine Lab 5.2 [due 13Feb@2359] Module 05 Quiz [due 13Feb@2359]
14/16/18 February	Read Module 06: Basic Cryptography Vocab Quiz 6 [due 20Feb@2359] Simulation Lab 6.1 [due 20Feb@2359] Simulation Lab 6.2 [due 20Feb@2359] Live Virtual Machine Lab 6.1 [due 20Feb@2359] Live Virtual Machine Lab 6.2 [due 20Feb@2359] Module 06 Quiz [due 20Feb@2359]
21/23/25 February	Read Module 07: PKI & Cryptographic Protocols Vocab Quiz 7 [due 27Feb@2359] Simulation Lab 7.1 [due 27Feb@2359] Live Virtual Machine Lab 7.1 [due 27Feb@2359] Live Virtual Machine Lab 7.2 [due 27Feb@2359] Module 07 Quiz [due 27Feb@2359]
28 February 2/4 March	Read Module 08: Networking Threats, Assessments, & Defenses Vocab Quiz 8 [due 6Mar@2359] Simulation Lab 8.1 [due 6Mar@2359] Live Virtual Machine Lab 8.1 [due 6Mar@2359] Live Virtual Machine Lab 8.2 [due 6Mar@2359] Live Virtual Machine Lab 8.3 [due 6Mar@2359] Module 08 Quiz [due 6Mar@2359]
7/9/11 March	Spring Break - no class
14/16/18 March	Read Module 09: Network Security Appliances & Technologies Vocab Quiz 9 [due 20Mar@2359] Simulation Lab 9.1 [due 20Mar@2359] Simulation Lab 9.2 [due 20Mar@2359] Live Virtual Machine Lab 9.1 [due 20Mar@2359] Live Virtual Machine Lab 9.2 [due 20Mar@2359] Module 09 Quiz [due 20Mar@2359]
21/23/25 March	Read Module 10: Cloud & Virtualization Security Vocab Quiz 10 [due 27Mar@2359] Simulation Lab 10.1 [due 27Mar@2359] Simulation Lab 10.2 [due 27Mar@2359] Live Virtual Machine Lab 10.1 [due 27Mar@2359] Live Virtual Machine Lab 10.2 [due 27Mar@2359] Module 10 Quiz [due 27Mar@2359]
28/30 March 1 April	Read Module 11: Wireless Network Security Vocab Quiz 11 [due 3Apr@2359] Simulation Lab 11.1 [due 3Apr@2359] Live Virtual Machine Lab 11.1 [due 3Apr@2359] Live Virtual Machine Lab 11.2 [due 3Apr@2359] Module 11 Quiz [due 3Apr@2359] Business Week - no class 30 Mar Business Week attendance quiz [due 31Mar@2359]
4/6/8 April	Read Module 12: Authentication Vocab Quiz 12 [due 10Apr@2359] Simulation Lab 12.1 [due 10Apr@2359] Live Virtual Machine Lab 12.1 [due 10Apr@2359] Live Virtual Machine Lab 12.2 [due 10Apr@2359] Module 12 Quiz [due 10Apr@2359]
11/13/15 April	Read Module 13: Incident Preparation, Response, & Investigation Vocab Quiz 13 [due 17Apr@2359] Simulation Lab 13.1 [due 17Apr@2359] Simulation Lab 13.2 [due 17Apr@2359] Live Virtual Machine Lab 13.1 [due 17Apr@2359] Live Virtual Machine Lab 13.2 [due 17Apr@2359] Live Virtual Machine Lab 13.3 [due 17Apr@2359] Module 13 Quiz [due 17Apr@2359]
18/20/22 April	Read Module 14: Cybersecurity Resilience Vocab Quiz 14 [due 24Apr@2359] Simulation Lab 14.1 [due 24Apr@2359] Simulation Lab 14.2 [due 24Apr@2359] Live Virtual Machine Lab 14.1 [due 24Apr@2359] Live Virtual Machine Lab 14.2 [due 24Apr@2359] Module 14 Quiz [due 24Apr@2359]
25/27/29 April	Read Module 15: Risk Management & Data Privacy Vocab Quiz 15 [due 1May@2359] Simulation Lab 15.1 [due 1May@2359] Live Virtual Machine Lab 15.1 [due 1May@2359] Live Virtual Machine Lab 15.2 [due 1May@2359] Module 15 Quiz [due 1May@2359]
2 May	Wrap-up Final Exam online (*9 May 0800-1100)

TQ = Take Quiz; HO = Hands-on

Course Student Learning Outcomes (SLOs)

Describe the key concepts in network defense (defense in depth, minimizing exposure, etc.).
Explain how network defense tools (firewalls, IDS, etc.) are used to defend against attacks and mitigate vulnerabilities.
Analyze how security policies are implemented on systems to protect a network.
Evaluate how network operational procedures relate to network security.
Analyze problems, recommend solutions, products, and technologies to meet business objectives.
Recommend best security practices to achieve stated business objectives based on risk assumptions.
Actively protect information technology assets and infrastructure from external and internal threats.
Monitor systems for anomalies, proper updating, and patching.
Assist in incident responses for any breaches, intrusions, or theft.
Evaluate and perform planning, testing, and implementation of software and hardware deployed.
Examine a specific architecture and identify potential vulnerabilities.
Design a secure architecture for a given application.

Policy Information

Academic Honor Code

As a student at The University of North Carolina Wilmington, I am committed to honesty and truthfulness in academic inquiry and in the pursuit of knowledge. I pledge to uphold and promote the UNCW Student Academic Honor Code.

The University of North Carolina Wilmington is a community of high academic standards where academic integrity is valued. UNCW students are committed to honesty and truthfulness in academic inquiry and in the pursuit of knowledge. This commitment begins when new students matriculate at UNCW, continues as they create work of the highest quality while part of the university community, and endures as a core value throughout their lives.

Please read and be familiar with the UNCW Student Academic Honor Code. I have highlighted some parts that are particularly relevant to courses I teach here.

Academic dishonesty in any form will not be tolerated in this class.

Time Commitment

It is a matter of UNC system policy that you should expect to be committed for an average of 8.5 hours per week (hpw) to this class (or any 3-credit hour class you take at UNCW).

A credit hour is defined as one 50-minute meeting of face-to-face instruction per week for 15 weeks, plus a minimum of 2 hours per week for 15 weeks of out-of-class student work.

1 credit = 50 min * 15 = 750 min instruction + 120 min * 15 = 1800 min student work; so, 12.5 hours of instruction + 30 hours of work = 42.5 hours
3 credits = 37.5 hours of instruction + 90 hours of work = 127.5 hours
For distance education, an equivalent amount of work is required (though it may be blended differently, e.g. much less face-to-face instruction).
**127.5 hours/15 weeks = 8.5 hours/week (hpw)

You should be mentally prepared to spend ~8.5 hpw on this class.

Grading

Grading Scale (+/- at instructor discretion)

A: (avg >= 90)
B: (90 > avg) and (avg >= 80)
C: (80 > avg) and (avg >= 70)
D: (70 > avg) and (avg >= 60)

Coursework Weighting

10% Quizzes
40% Assignments
30% Tests
20% Final

Late Policy

Vocab quizzes are due each week and will not be accepted late except in the case of an unexpected life event (e.g. car accident, illness, family death, etc.).

All other assignments have recommended due dates to allow reasonable pacing; however, all assignments (except vocab quizzes) will be accepted as long as they are completed by the last day of class.

Extra Credit

There is no specified extra credit in this class. I may, on occasion, subjectively award extra credit for assignment solutions that demonstrate meaningful, functional effort beyond the norm.

Attendance

I will offer opportunities to meet both in class and on Zoom. If you think it is to your benefit to attend, please do so. Otherwise, you will not be penalized for non-attendance.

Communication

The best way to contact me is via email. When writing me email, please, indicate your class. Also, be clear/concise: start with your question and then provide supporting details. You do not need to tell me how hard you have been working or how confused you are. Example
If you post questions in the assignment comment section in Canvas, I will likely not see it - don't do that.

Student Illness

Students are to do a health check each day before coming to campus. Students who experience COVID-19 symptoms should immediately contact the Abrons Student Health Center at (910) 962-3280. If a student becomes ill, s/he should let the professor know and must not attend the course in-person. If a student is too ill to attend virtually, they will be given the opportunity to complete the material asynchronously.

Disaster Contingency Plan

In the event that UNCW closes, students will be given an assignment to make up for 1 week of missed class time. This will be emailed to students within two days of the UNCW closing announcement. In the event that the rest of the semester is online, students need to be prepared by having reliable internet access, a webcam, and a microphone.

Students with Disabilities

If you are a student with a disability and need accommodations, you must be registered with Disability Services (DePaolo Hall, 910.962.7555). Please provide your Accommodations Letter within the first week of class or as soon as possible. You should then meet with your instructor to make mutually agreed upon arrangements based upon the recommendations in the Accommodations Letter. For additional information, please see UNCW Disability.

Title IX

UNCW takes all forms of interpersonal violence very seriously. When students disclose, first- or third-hand, to faculty or staff about sexual misconduct, domestic violence, dating violence and/or stalking, this information must be reported to the administration in order to ensure that students' rights are protected, appropriate resources are offered, and the need for further investigation is explored to maintain campus safety. There are three confidential resources who do not need to report interpersonal violence: UNCW CARE, the Student Health Center, and the Counseling Center. If you want to speak to someone in confidence, these resources are available, including CARE's 24-hour crisis line (910-512-4821). For more information, please visit www.uncw.edu/care

Code of Student Conduct

This course is subject to the Code of Student Life of the University of North Carolina Wilmington (the Code). The full Code is found here Code of Student Life. UNCW practices zero tolerance for violence and harassment of any kind. For emergencies, contact UNCW CARE at 910.962.2273 or Campus Police at 910.962.3184. For University or community resources visit Safe Relate Campus Resources.

Religious Observance Policy

In accordance with NC SL 2010-211, students are entitled to two excused absences for religious observances per academic year. These absences must be requested using the form provided on SeaNet, under "Student Services." These requests must be submitted by the student prior to the absence. Once the request is submitted, an email will be sent to all impacted instructors automatically. There is no need to send additional notification to instructors or the Registrar's Office. Any absence for religious purposes will be considered unexcused unless the appropriate form is submitted.

Seahawk Respect Compact

In the pursuit of excellence, UNC Wilmington actively fosters, encourages, and promotes inclusiveness, mutual respect, acceptance, and open-mindedness among students, faculty, staff and the broader community.

We affirm the dignity of all persons.
We promote the right of every person to participate in the free exchange of thoughts and opinions within a climate of civility and mutual respect.
We strive for openness and mutual understanding to learn from differences in people, ideas and opinions.
We foster an environment of respect for each individual, even where differences exist, by eliminating prejudice and discrimination through education and interaction with others.

Therefore, we expect members of the campus community to honor these principles as fundamental to our ongoing efforts to increase access to and inclusion in a community that nurtures learning and growth for all.

How often is the NVD update?

The "year" feeds are updated once per day, while the "recent" and "modified" feeds are updated every two hours.

What would you use the National Vulnerability Database NVD for?

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.

How many vulnerabilities are there in NVD?

NVD Contains.

What is the difference between NVD and CVE?

CVE – Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed vulnerabilities and exposures that is maintained by MITRE. NVD – The National Vulnerability Database (NVD) is a database, maintained by NIST, that is fully synchronized with the MITRE CVE list.