Security vulnerability management program and network solutions

Vulnerability scans should be run on a regular schedule. It's important to keep in mind that a network is not a static entity. Devices and applications are installed, modified, and removed on an ongoing basis, and each change can introduce — or re-introduce — vulnerabilities. A network with few or no vulnerabilities today could have dozens of new vulnerabilities next week — or even tomorrow. Today's high-end vulnerability scanning tools automate the selective scanning of your network. It would be advisable, for example, to scan your mission-critical devices, such as your Web server or inventory database, frequently — perhaps daily or even hourly. Employee workstations, on the other hand, would likely require less-frequent scanning — perhaps weekly or monthly. By automating selective scanning, today's advanced scanning systems adequately protect your network without imposing an undue burden on your network resources.

Vulnerabilities solutions, wireless network programs, and more

An important differentiator among scanning tools is their ability to effectively manage the vulnerability repair process. Determining that a vulnerability exists is only the first step, and is of little practical value without the follow-on steps of repairing the vulnerability and then confirming that the fix was effective. Many of the tools currently on the market — and many third-party security consulting firms — simply provide a lengthy report on the vulnerabilities discovered. They leave it up to your IT staff to analyze the results, prioritize and implement repairs, verify that repairs are effective, as well as manage the entire process.

Today's advanced vulnerability scanning tools, such as StillSecure's VAM, include a workflow management component that rectifies these important deficiencies. Full-featured vulnerability management systems prioritize and track a vulnerability from discovery through confirmed repair. Without workflow management, scanners generate data without assigning any responsibility for ensuring the needed fixes will occur. An effective scanning product initiates follow-up scans to verify the effectiveness of the repairs made. With these additional workflow capabilities, vulnerability management products help IT organizations enforce and bring accountability to security policies. All scanning, repair, and verification activities are now traceable for every vulnerability encountered on the network. This also satisfies many security and regulatory compliance / auditing processes.

EXAMPLE: A real-world vulnerability — OpenSSH CRC32 Buffer Overflow — illustrates why the scanning process is a critical component of a secure network. SSH (Secure Shell) is an encrypted means of communicating with remote devices. SSH listens on a network port for all connection requests. When a new request is received, SSH asks the connecting computer for a user name and password. If both the user name and password are correct, a secure connection is created between the two devices.

The OpenSSH vulnerability allows an attacker to exploit the user name and password request by injecting certain malicious code. This code causes the SSH server to either crash or immediately grant a system-level session (root access). Without a vulnerability scanner running regularly scheduled scans, you might never know this vulnerability exists on your network. A thorough scan would identify where SSH software on your network is susceptible to this attack, and you could then take the appropriate steps to fix the problem.