|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Security Tools for the Budget Conscious ISP —continued
VP Core Competence, Inc. [January 23, 2004] |
 |
Vulnerability Assessment
Securing your network often starts with vulnerability assessment. The purpose
of a vulnerability assessment is to identify as many of your own weaknesses
as possible so that you can fix them before attackers take advantage of them.
Network Vulnerability Assessments are conducted using network mappers, port scanners, and other tools that remotely identify network nodes and running services. Begin by gathering information about the target network, including IP blocks and server names culled from whois, web pages, and other resources. Use these starting points to discover devices, mapping out as much of the network as possible. Then scan individual devices to identify the operating systems, software, and services they appear to be running.
System Vulnerability Assessments are conducted by running OS fingerprinters, service scanners, enumeration tools, security policy checkers, and password crackers on selected devices. Probe ports found by network scans to determine the type and version of server software being used. Use application-specific modules to look for unpatched Common Vulnerabilities and Exposures—for example, Microsoft IIS and SQL Server CVEs on Windows servers, or Apache and Sendmail CVEs on *NIX servers. Flag weak security policies, passwords, and user/group/share names that attackers might find useful.
Web Vulnerability Assessment tools continue this process by probing more deeply into web services, related objects, and supported web applications. Use these tools to check for potentially dangerous CGI scripts and cookies, server configuration errors, and poorly-written HTML that could give attackers access to unauthorized data, let them execute arbitrary commands on your server, deface site content, or otherwise compromise your server. Application-specific assessment tools can also be run against mail servers, routers, and other critical infrastructure components.
Throughout this process, keep in mind that vulnerability assessment only identifies risk factors that attackers might leverage. Because attackers often use open source tools for reconnaissance, these tools can help you spot the holes that are most likely to be exploited. However, no tool can find every possible hole. And, although some assessment tools recommend fixes to correct identified problems, making those changes is still up to you. Use your assessment results to make decisions and take appropriate action, reducing risk to acceptable levels.
Security Administration and Audit
After you've completed your initial vulnerability assessment and applied all
planned changes, consider using automated tools to benchmark your security against
industry best practices and keep your security policies and patches up-to-date.
Security Administration tools can help you stay on top of policies and patches. Most security incidents stem from improperly-configured systems and CVEs, which themselves result from inattention. Don't let this happen to you. Use automated patch managers to spot missing operating system, security, and application patches, fixing CVEs as soon as stable updates are available. Use automated policy administration tools to enforce security settings like minimum password length, guest account access, telnet login as root, and logging of critical events. Such tools require initial effort to define policies, but can run at scheduled intervals to maintain security with less baby-sitting.
Security Audits measure your entire network's level of compliance with a defined policy, which is often based on industry standards or benchmarks like those published by the Center for Internet Security. Many organizations hire a third party to audit network and system security to increase subscriber confidence, obtain site accreditation, or comply with industry regulations. But you can also conduct your own an in-house audit to understand how well you're doing with respect to industry benchmarks, and whether earlier security improvements have started to unravel over time. Audit tools provide summary reports that make it easier to grasp overall scores and trends—even by those who lack the expertise to understand (or permission to fix) the underlying issues.
|
Security
Tools for the Budget Conscious ISP, Part I:
Vulnerability Assessment |
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers