Lessons From a Honeynet That Attracted 700,000 Attacks
by Colm Murphy - Technical Director at Espion - Thursday, 24 May 2007.
Over the 5 year lifetime of the IrishHoneynet, we have witnessed hundreds of thousands of scans, probes and attacks against the servers that comprise the network. Our estimation is that given an average of 3,000 attack attempts a week, each server has seen more than 700,000 compromise attempts over the 5 years. Taken at face value, this is a remarkable figure.

The attacks have been thick and steady, and the relentless hackers appear hell bent on taking control of as many vulnerable systems as possible. This article will focus on providing some basic guidelines that will serve to assist you in conducting your own vulnerability management and performing scans against your own systems and networks, in the hope that you will identify and remedy any serious vulnerabilities and bugs in advance of the unyielding hackers, ultimately resulting in computer systems that are secure and protected.

Remediation of network vulnerabilities is something to consider, ideally before hackers exploit the weaknesses! Effective remediation entails continuous processes that together have become known as Vulnerability Management. Vulnerability management can assist organisations efficiently find and fix network security vulnerabilities. Systematic use of these processes protects business systems from ever more frequent viruses, worms and other network-borne attacks. The process of vulnerability management goes far beyond the traditional vulnerability scanning efforts, and generally involves a number of well-defined and structured steps, carried out on a continuous basis over time.

The Continuous Processes of Vulnerability Management
  • Create security policies & controls
  • Track inventory / categorize assets
  • Scan systems for vulnerabilities
  • Compare vulnerabilities against inventory
  • Classify risks
  • Pre-test patches
  • Apply patches
  • Re-scan and confirm fixes
Like it or not, there are five to twenty bugs in every thousand lines of software code, according to the National Institute of Standards and Technology. Itís a problem that will not vanish in the foreseeable future so dealing with it is the only practical option. Systematic use of vulnerability management processes is taking a step in the right direction. It ultimately will help keep you out of reactive mode and safe from those mean spirited attackers!

Everything starts with a policy

Policy management is critical. Enterprise policies start at the top of an organisation and require executive oversight. Policies determine the nature of controls used to ensure security, such as standard configurations for all security devices and applications including antivirus, firewall and intrusion prevention. Policies and controls also should include servers, network services, applications and ens-user PCs. In the past, policy management was a manual, cumbersome process. New software tools can automate some aspects of policy management and enforce configurations on endpoint devices. Automation saves time, improves accuracy and lowers total cost of ownership.

It is only possible to secure what you know you have. You need to find vulnerabilities before you can fix them. Creating and maintaining a current database of all IP devices attached to the network is an absolute must. It is also useful to categorise assets by business value to prioritise vulnerability remediation. An accurate inventory ensures that you select and apply the correct patches during the remediation phase. Discovering devices, software and services and tracking this inventory can be done manually. However, it is possible to automate the entire discovery and tracking inventory process with automated scanning software tools.

Spotlight

Lessons learned developing Lynis, an open source security auditing tool

Posted on 15 October 2014.  |  Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //