Cyber security 360
Vulnerabilities
What are vulnerabilities and why should we care
A vulnerability is a weakness in an IT system that can be exploited by an attacker to deliver a successful attack. They can occur through flaws, features or user error, and attackers will look to exploit any of them, often combining one or more, to achieve their end goal. A vulnerability, which has at least one definite attack vector is an exploitable vulnerability. Attackers will, for obvious reasons, want to target weaknesses in the system or network that are exploitable. Of course, vulnerability is not something that anyone will want to have, but what you should be more worried about is it being exploitable.There are cases when something that is vulnerable is not really exploitable. The reasons could be:
- Insufficient public information for exploitation by attackers.
- Prior authentication or local system access that the attacker may not have
- Existing security controls
Cyber Security Vulnerability Assessment
Once a vulnerability is detected, it goes through the vulnerability assessment process. What is a vulnerability assessment? It is a process of systematically reviewing security weaknesses in an information system. It highlights whenever a system is prone to any known vulnerabilities as well as classifies the severity levels, and recommends appropriate remediation or mitigation if required.
The assessment process includes:
The assessment process includes:
- Identify vulnerabilities: Analysing network scans, firewall logs, pen test results, and vulnerability scan results to find anomalies that might highlight vulnerabilities open to cyber-attacks.
- Verify vulnerabilities: Decide whether an identified vulnerability could be exploited and classify its severity to understand the level of risk
- Mitigate vulnerabilities: Come up with appropriate countermeasures and measure their effectiveness if a patch is not available.
- Remediate vulnerabilities: Update affected software or hardware wherever possible.
Vulnerability Assessment Types
Network-based assessmentThis type of assessment is used to identify potential issues in network security and detect systems that are vulnerable on both wired and wireless networks.
|
Host-based assessmentHost-based assessment can help locate and identify vulnerabilities in servers, workstations, and other network hosts. It generally assesses open ports and services and makes the configuration settings and the patch management of scanned systems more visible.
|
Wireless network assessmentIt involves the scanning of Wi-Fi networks and attack vectors in the infrastructure of a wireless network. It helps validate that a network is securely configured to avoid unauthorised access and can also detect rogue access points.
|
Application assessmentIt is the identification of security vulnerabilities in web applications and their source code. This is achieved by implementing automated vulnerability scanning tools on the front-end or analysing the source code statically or dynamically.
|
Database assessmentThe assessment of databases or big data systems for vulnerabilities and misconfiguration, identifying rogue databases or insecure dev/test environments, and classifying sensitive data to improve data security.
|
Vulnerability Remediation
To always be one step ahead of malicious attacks, security professionals need to have a process in place for monitoring and managing the known vulnerabilities. Once a time-consuming and tedious manual job, now it is possible to continuously keep track of an organisation’s software inventory with the help of automated tools, and match them against the various security advisories, issue trackers, or databases.
If the tracking results show that the services and products are relying on risky code, the vulnerable component needs to be located and mitigated effectively and efficiently.
The following remediation steps may seem simple, but without them, businesses may find themselves in a bit of difficulty when fighting against hackers.
If the tracking results show that the services and products are relying on risky code, the vulnerable component needs to be located and mitigated effectively and efficiently.
The following remediation steps may seem simple, but without them, businesses may find themselves in a bit of difficulty when fighting against hackers.
Step 1: Know Your CodeKnowing what you’re working with is crucial and the first step of vulnerability remediation. Continuously monitoring software inventory to be aware of which software components are being used and what needs immediate attention will significantly prevent malicious attacks.
|
Step 2: Prioritise Your VulnerabilitiesOrganisations need to have prioritisation policies in place. The risk of the vulnerabilities needs to be evaluated first by going through the system configuration, the likelihood of an occurrence, its impact, and the security measures that are in place.
|
Step 3: FixOnce the security vulnerabilities that require immediate attention are known, it is time to map out a timeline and work plan for the fix.
|