Wikipedia
describes vulnerability management as "the cyclical practice of
identifying, classifying, remediating, and mitigating vulnerabilities,
especially in software and firmware". Vulnerability management is an
integral part of computer and network security. If you are responsible for
managing company servers and/or networks, it is vital for you to understand
about, and implement, vulnerability management.
Where
can vulnerability attacks come from?
- From outside the network
- From inside the network, perhaps via a VPN (virtual private network)
- From outside over the telephone, using such tricks as social engineering
- From an insider on the local network
- From an insider on the local system
- From malware
- A web server compromise can expose the organization to widespread ridicule.
- A server compromise might allow private customer data to be stolen, which could lead to claims for compensation, especially if it involves credit card details.
- An insider who is angry might do something mischievous, like launch a logic bomb to destroy data.
- An insider who feels aggrieved sells company trade secrets.
- Employees might be deceived by social engineering tricks, which might leak sensitive data to the press.
- A hacker who penetrates systems might find evidence of wrongdoing that can then be used to blackmail the company.
What
should you know about vulnerability management?
- Vulnerabilities are gateways through which threats become manifest.
- Scanning for vulnerabilities without remediating them has little value.
- A little scanning and remediation is better than a lot of scanning and less remediation.
- Vulnerabilities that need fixing have to be prioritised based on those that pose the most immediate risk to the network.
- Security experts need processes to allow them to stay focused on vulnerabilities so that fixes can become more frequent and effective.
All an
attacker needs is a toe-hold. If there is a single vulnerability left unfixed
and it can be reached from outside the organization AND it is compromised, then
the vulnerability can be used as a springboard to attack other systems on the
network. If a data breach occurs and it is traced back to a flaw the company
was aware of but hadn't fixed, the consequences can be serious. Think of the “damages” phase of a court case!
So the
regular pattern of vulnerability management should be to: scan the network and
identify vulnerabilities; prioritise those that are found; identify fixes; and,
apply the fixes.
The
starting point for managing computer vulnerabilities is an asset register. What
hardware AND software does the company own? What versions are they? Where is
it? There are many software packages that can be obtained to automate this
process, normally by searching the company network for attached systems and
devices, discovering disk drives and auditing them for installed software.
Don’t forget to include backup or spare systems that may not be switched on all
the time – they have to be audited too in case they contain risks from
unpatched old software.
Depending
upon the types of threats that an organisation might expect, it might be
necessary to implement a networking monitoring system to check network traffic
continuously for unusual activity. For example, if a little-used server
suddenly receives many data transfer requests, this might be suspicious. Some companies set up traps by loading a
server with interesting – but fake – data with the aim of sidetracking hackers
away from the real data they are after.
Vulnerability
management should be high on the agenda of essential IT processes for most
businesses. It is important, vital, for business management to understand it
and how it can protect the company.
No comments:
Post a Comment