Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Lessons From a Honeynet That Attracted 700,000 Attacks

by Colm Murphy - Technical Director at Espion - Thursday, 24 May 2007.

Over the 5 year lifetime of the IrishHoneynet, we have witnessed hundreds of thousands of scans, probes and attacks against the servers that comprise the network. Our estimation is that given an average of 3,000 attack attempts a week, each server has seen more than 700,000 compromise attempts over the 5 years. Taken at face value, this is a remarkable figure.

The attacks have been thick and steady, and the relentless hackers appear hell bent on taking control of as many vulnerable systems as possible. This article will focus on providing some basic guidelines that will serve to assist you in conducting your own vulnerability management and performing scans against your own systems and networks, in the hope that you will identify and remedy any serious vulnerabilities and bugs in advance of the unyielding hackers, ultimately resulting in computer systems that are secure and protected.

Remediation of network vulnerabilities is something to consider, ideally before hackers exploit the weaknesses! Effective remediation entails continuous processes that together have become known as Vulnerability Management. Vulnerability management can assist organisations efficiently find and fix network security vulnerabilities. Systematic use of these processes protects business systems from ever more frequent viruses, worms and other network-borne attacks. The process of vulnerability management goes far beyond the traditional vulnerability scanning efforts, and generally involves a number of well-defined and structured steps, carried out on a continuous basis over time.

The Continuous Processes of Vulnerability Management

Create security policies & controls
Track inventory / categorize assets
Scan systems for vulnerabilities
Compare vulnerabilities against inventory
Classify risks
Pre-test patches
Apply patches
Re-scan and confirm fixes

Like it or not, there are five to twenty bugs in every thousand lines of software code, according to the National Institute of Standards and Technology. It’s a problem that will not vanish in the foreseeable future so dealing with it is the only practical option. Systematic use of vulnerability management processes is taking a step in the right direction. It ultimately will help keep you out of reactive mode and safe from those mean spirited attackers!