The following excerpt is from Chapter 1 of the free eBook "Administrator shortcut guide to patch management" written...
by Rod Trent and available at Realtimepublishers.com. Click for the complete book excerpt series.
Types of vulnerabilities
When you think about vulnerabilities and what you can do to minimize your organization's exposure, it is helpful to categorize the possibilities so that you can plan and implement security based on the assigned category:
If you are part of a large company, each category of vulnerability will generally be handled by different teams or individuals. The following sections describe these categories of vulnerabilities and provide factors to help identify the most appropriate category when assigning responsibilities for each.
Of these three vulnerability categories, the product category most directly affects patch management.
When an administrator fails to observe administrative best practices -- for example, by using a weak password or logging on to an account that has more user rights than are necessary to perform a specific task -- an administrative vulnerability is introduced. An administrative vulnerability might be the most telling shortcoming in respect to your company's security policies and practices. If an administrator doesn't use proper techniques for securing the environment from an administrative level, there is a good chance that the administrator isn't knowledgeable enough to provide security for the other vulnerability types.
Through a default software installation, an OS or application software is installed using all the default settings provided by the programmers. Performing a default software installation on computers with sensitive data is not a good practice, especially when the chosen software is likely to be used by many people, such as on a public access computer or Web server. The reason is that, especially with earlier OSs and software, the default settings do not usually result in a secure system.
Over the past year, vendors have stepped up progress to change the way OSs and applications are installed so that a system installed with the default settings for new installations will be secure by default. If you want to enable a feature or service, you will need to know of any risks associated with turning the feature or service on.
All too frequently, patches for known security problems are not applied during a default installation. Granted, as software vendors write increasingly complex code, it becomes more difficult for them to keep up with the production of the necessary patches. Thus, server and systems administrators must make the effort to keep their systems patched.
Patching provides vendor-developed solutions to found or known vulnerabilities in their products. The following list highlights common product vulnerabilities:
- Buffer overrun -- Buffer overrun is a condition that results from adding more information to a buffer than it was designed to hold. An attacker might exploit this vulnerability to take over a system by inserting code of his or her choice into a program's execution file after an overrun of memory in the buffer takes place. A buffer is a region of memory reserved for use as an intermediate repository in which data is temporarily held before it is transferred between two locations or devices.
- Elevation of privileges -- An elevation of privileges is the process by which a user misleads a system to grant unauthorized rights, usually for the purpose of compromising or destroying the system. This vulnerability can be the result of a buffer overrun or an integer overflow attack.
- Denial of Service (DoS) attack -- A Dos attack is a computerized assault launched by an attacker to overload or halt a network service, such as a Web server or a file server. For example, an attack might cause the server to become so busy attempting to respond that it ignores legitimate requests for connections.
It's easy to overlook physical security, especially if you work in a small or home-based business. However, physical security is an extremely important part of keeping your computers and data secure -- if an experienced attacker can just walk up to your machine, it can be compromised in a matter of minutes. Although such an occurrence might seem like a remote threat, physical vulnerabilities present additional risks -- such as theft, data loss and physical damage -- that make it important to check your physical security posture for holes.
When looking at providing better physical security, use the following examples to build upon:
- If at all possible, sensitive systems should be kept behind a locked door.
- A good physical security plan limits what can be done with the computers. Some examples of things you can do to stop unwanted actions is to:
- Lock the CPU case
- Use a cable-type security lock to keep someone from stealing the whole computer
- Configure the BIOS not to boot from the floppy drive
- Use the syskey utility to secure the local accounts database, local copies of Encrypting File System (EFS) encryption keys, and other valuables that you don't want attackers to have
- Use the EFS to encrypt sensitive folders on your machine
- Keep hubs and switches behind looked doors or in locked cabinets, run cabling through walls and ceilings to make it harder to tap and ensure that your external data connection points are kept locked.
Click for the next excerpt in this series: Eight strategies for securing vulnerabilities.
Click for the book excerpt series or visit Realtimepublishers.com to obtain the complete book.