Lessons From a Honeynet That Attracted 700,000 Attacks
by Colm Murphy - Technical Director at Espion - Thursday, 24 May 2007.
Vulnerability Scanning

A vulnerability scan tests the effectiveness of security policy and controls by examining the network infrastructure for vulnerabilities. The scanning process will systematically test and analyse IP devices, services and applications against known security holes. There are many software tools available that will perform vulnerability scanning. Some are open-source and freely downloadable, such as the Nessus public domain scanner. Other commercial solutions such as the Qualysguard web-based solution does the scans for you over the Internet and provides more comprehensive reporting functionality that you would expect from a commercial vendor. Another advantage to a commercial service is being always up-to-date with the most recent vulnerabilities. Similar to anti-virus technology, you are only as good as the most recent database.

Classify the Risk. It is practically impossible to fix everything at once. Most scanners will rank vulnerabilities helping you to determine what to fix first. Microsoft, for example, publishes four categories of risk: Critical, Important, Moderate and Low with corresponding rates of remediation.

Software always has and always will have bugs, so it is prudent to pre-test patches before applying them to live systems. Some faulty patches have crashed business processes. Most problems with patches are due to third-party applications or modifications to default configuration settings. It is also important to verify cryptographic checksums, Pretty Good Privacy signatures and digital certificate to confirm patch authenticity.

Fixing security problems is the result of vulnerability management. Traditional manual processes for applying patches and other remediation are slow and expensive. Sometimes the high cost of patching coupled with the high volume of patches released by vendors encourages organisations to delay remediation. Organisations may delay updates Ė even for critical patches Ė until multiple patches or service packs are available, or until arrival of a regular monthly, quarterly or annual update process. Unfortunately, delay can be a fatal strategy so itís important to remediate vulnerabilities as quickly as possible. Automated patch management and software distribution solutions can help speed this process and keep costs to a minimum. After application of a patch or remediation process, organisations should rescan IP-connected assets to ensure that the fix worked and that it does not cause other network devices, services or applications to malfunction. Verification of fixes with resulting scan reports provides documentation for compliance with security provisions of laws and regulations such as PCI and Sarbanes-Oxley.

The bottom line is that Vulnerability Management is a valuable pro-active tool in your protection arsenal. It is only by taking pro-active steps, and ultimately getting there before it is too late, that you can confidently thwart the determined efforts of the few bully-boy attackers who relentlessly flood our networks with their malicious payloads.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th