|
Network security is a dynamic process because of the new threats and vulnerabilities
that are uncovered every day. Your software may be secure today, but the intense
pace of upgrades will continue to create the openings for new issues to arise.
According to statistics released by the CERT Coordination Center, more than
300 vulnerabilities are reported every month. The process of discovering them,
determining the potential security risk, and recommending fixes is called a
Vulnerability Assessment.
A Network Vulnerability Assessment can:
- Identify any potential security breaches a hacker could exploit
- Analyze discovered vulnerabilities existing in the network
- Provide a detailed explanation of the recommended fix for each threat
Despite the fact that most security measures are put in place to protect a
network from the malicious outside world, many intrusion attempts are now happening
from inside the organization. With the proliferation of laptops and handhelds,
the possibility of an internal intrusion has greatly increased. For this reason,
a complete assessment should be done with scanners located inside and outside
the network to determine if potential issues exist in either place.
In addition, the reports generated should be structured for 2 levels of review.
The Executive Report should represent a high level overview of the number of
vulnerabilities detected, while the IT Department should receive a highly detailed
report containing descriptions of each vulnerability and explanations of the
fixes recommended for each one.
The key features of a Vulnerability Assessment are:
- Automated scanning of internal and external network devices
- Scan schedules customized to times of least activity on the network
- Full SSL support to scan SSLized services such as https, smtps, & imaps
- Smart service recognition to detect services moved to non-standard ports
- Non-destructive scanning to avoid interruption of normal network activity
- Complete reporting designed for 2 levels of review
A Vulnerability Assessment should be performed on a monthly or quarterly basis,
depending on network size and usage. New vulnerabilities are discovered every
day, including ones that can provide back door access through desktops or laptops
already connected to the network. Even a configuration change or faulty upgrade
can introduce an opportunity for breach that was not available a week ago. Testing
and review on a regular basis can help discover potential issues and reduce
the possible damage that can be done to the network, and in turn, the productivity
of the organization.
The results of vulnerability assessment tools represent a snapshot of system
security at a particular point in time. Although these systems usually don’t
reliably detect an attack in progress, they can determine whether an attack
is possible, and furthermore, provide information about what can be done to
minimize the possibility of damage from an attack.
Many companies provide Vulnerability Assessments, but it is advisable to consult
with multiple vendors prior to deciding who will be given access to the network.
The key factor is whether you are comfortable with their experience level, and
the type of reports that can be provided.
About the Author:
Vlad Sharoiko is the Director of Technical Services for Dicar Networks, San
Jose, CA.
Mr. Sharoiko has an extensive background in network security, including design
work on various network infrastructure projects. He has extensive experience
architecting and installing network security products for large ISP environments
and corporate customers. |
