Skip the navigation

Strategies to protect against network security vulnerabilities

By Carl Banzhof
April 17, 2003 12:00 PM ET

Computerworld - The reality we must face is that Internet security vulnerabilities are never going away. Every year the number of identified vulnerabilities increases at an alarming rate.

Last year, the CERT Coordination Center at Carnegie Mellon University in Pittsburgh reported 4,129 vulnerabilities, compared with 1,090 in the year 2000. That's an increase of 378% in only two years.

CERT also reported that more than 95% of intrusions result from the exploitation of known vulnerabilities or configuration errors where countermeasures were available. The hackers who exploit these vulnerabilities are continually getting more sophisticated. Add to that the heightened threat of terrorist activity and the looming fear of what organizations have to lose, and you have daunting security challenges.

How can overwhelmed administrators who are already short on resources prepare and execute the tactics of a vulnerability defense strategy? And can those defense preparations wait? These questions, among others, haunt security administrators who understand the severe damage and information loss that can result from an exploited vulnerability.

Administrators must take a proactive approach to resolving vulnerabilities. If recent history of cyberattacks has taught us anything, it's that you can't protect yourself after the attack has started.

The best practices of vulnerability remediation outlined below are crucial to helping administrators assess their current risk, take steps to prepare their vulnerability defense with minimal interruption to current processes and lay the groundwork to proactively address future vulnerabilities (with their current IT staff) before they are exploited.

Step 1: Identification/Discovery of Systems

This initial step gives you, as security administrators, a clear view of the network through the use of an assessment tool or network mapping software that can scan all networks (and subnetworks) to determine used TCP/IP addresses and the associated devices connected to them.

Once all devices are identified, you can determine which systems are most critical to protect and then put them in order of priority.

Step 2: Vulnerability Assessment

Vulnerability assessment tools or scanners are used to identify vulnerabilities within the network. The vulnerabilities identified by most of these tools extend beyond software defects (which are fixed by patching) to include other easily exploitable vulnerabilities, such as unsecured accounts, misconfigurations and even back doors. There are several types of assessment tools available.

Although these tools have general similarities, they can vary in the methods and processes they employ to identify vulnerabilities. As a best practice, you shouldn't rely on a single assessment tool but should use different tools to gain a broader perspective of their exposure to vulnerabilities. Open-source or shareware assessment tools are available online and can be used to supplement commercial scanners.

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!