Managing Vulnerabilities Using a Vulnerability Scanner

When it comes to network security there are several things one must address. Patch management will take care of any vulnerability that the vendor is aware of and has issued a patch for, but it will do nothing for vulnerabilities for which a patch is still in development or the vendor chose not to fix at all. Furthermore, not all vulnerabilities are caused by software bugs and therefore they cannot be fixed by a patch. Some vulnerabilities are due to bad configurations and that is when a vulnerability scanner becomes an important asset. A good vulnerability scanner will also give you the necessary tools to address said vulnerabilities. This is how one should typically go about the process:

1.     Identification

Once the vulnerabilities on the network are identified, the administrator then needs to split the list of vulnerabilities into those that can be addressed through patch management and those which require manual intervention. A good vulnerability scanner will generally make this distinction.

2.     Understanding the Vulnerabilities

By reading the information that a vulnerability scanner provides about a particular vulnerability that has been detected, an administrator might be able to ascertain the scope of that vulnerability. For example, having AutoRun enabled on the system is one potential vulnerability. Since AutoRun is generally associated with CD/DVD drives, an administrator might dismiss this as unimportant if the machine on which the vulnerability was identified has no CD/DVD drive. However, the administrator will discover after reading the scanner’s information on that vulnerability that it also applies to removable media. This means that the vulnerability is a realistic threat and applicable to the current environment and thus action needs to be taken.

3.     Resolving vulnerabilities

Vulnerabilities are harder to deal with when a simple patch is not the solution. The easiest way to deal with vulnerabilities is generally to disable or remove the software in question but this is not always possible (at least not in a way that does not disrupt the business). A good vulnerability scanner will provide enough information to the administrator on how to rectify the specific vulnerability.

This is generally done by carrying out additional research on the vulnerability itself and what other people did to solve the problem. A good vulnerability scanner will provide various reference numbers on every vulnerability it discovers. There are a number of public vulnerability databases that make use of these reference numbers and through these databases you can find details on what is causing the issue and the steps on how to resolve it. These public vulnerability databases include:

• CVEs: Common Vulnerabilities and exposure Database
• BIDs: Reference information provided by security Focus
• MS BIDL: Microsoft Security Bulletin

Apart from the above resources, searching for the specific ID in any search engine should give you plenty of resources and forum discussions showing how other people went about securing their systems against the specific vulnerability.

Due to the nature of vulnerabilities and the countless variations of setups, dealing with vulnerabilities is a little harder than simply deploying patches; however, a good vulnerability scanner will give you all the necessary tools to detect and research vulnerabilities that affect your system. It’s important not to let the added complexity dishearten you from properly securing your environment. Remember, as with everything in security, all it takes is one weak link to render all your hard work null and void. An attacker only needs to compromise one weakness to gain unauthorized access to your system.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

All product and company names herein may be trademarks of their respective owners.

Guest Post:  Many thanks to Sarah Spiteri from GFI Software (http://gfi.com) for contribution.

 http://www.o2.co.uk/broadband/

Tags: distinction, IT Professional, manual intervention, nbsp, necessary tools, Network, network security, patch management, realistic threat, removable media, scope, software bugs, ssysadmin, SysAdmin, Vulnerability, vulnerability scanner, Windows, Windows 7

Related posts:

1. ASP.Net Vulnerability Patch released: Microsoft Security Bulletin MS10-070 ASP.net Vulnerability patch released...
2. ASP.NET Security Vulnerability Workaround In our first community post we covered a workaround...
3. Free ClamWin virus scanner moves most of Windows into quarantine issue fixed A “very unfortunate coincidence” when updating virus signatures and scanner...
4. Important: ASP.NET Security Vulnerability A few hours ago Microsoft released a Microsoft Security Advisory about...
5. Linux: 25 PHP Security Best Practices For Sys Admins PHP is an opensource server side scripting language and it...

Tags: distinction, IT Professional, manual intervention, nbsp, necessary tools, Network, network security, patch management, realistic threat, removable media, scope, software bugs, ssysadmin, SysAdmin, Vulnerability, vulnerability scanner, Windows, Windows 7
Posted in Security Misc. | No Comments »

• 
  Digg
• 
  Facebook
• 
  Delicious
• 
  StumbleUpon
• 
  Twitter
• 
  LinkedIn
• 
  Technorati
• 
  reddit
• 
  Mixx
• 
  Newsvine

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

CAPTCHA Code *