• No results found

How To Manage A System Vulnerability Management Program

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Manage A System Vulnerability Management Program"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

System Vulnerability Management

Definitions

White Paper

(2)

www.altiris.com

Altiris, Inc. is a pioneer of IT lifecycle management software that allows IT organizations to easily manage desktops, notebooks, thin clients, handhelds, industry-standard servers, and heterogeneous software including Windows, Linux, and UNIX. Altiris automates and simplifies IT projects throughout the life of an asset to reduce the cost and complexity of management. Altiris client and mobile, server, and asset management solutions natively integrate via a common Web-based console and repository. For more information, visit www.altiris.com.

NOTICE

The content in this document represen ts the cu rrent vie w of Altiris as of the date of publication. Because Altiris responds continually to chan gin g ma rket conditions, th is document should n ot be interp reted a s a commitment on the part of Altiris. Altiris cannot gua ra ntee the accura cy of any information presented after the date of publication . Cop yright © 2005, Altiris, Inc. All righ ts rese rved.

Altiris, Inc. 588 W est 400 South Lindon, UT 84042 Phone: (801) 226 -8 500 Fa x: (801) 226 -8506

BootW orks U.S. Pa tent No. 5,764,593. RapiDeplo y U.S. P atent No. 6,144,99 2.

Altiris, BootW orks, Invento ry So lution, PC Transplant, Ra piDeplo y, and Rap idInstall are re giste red trademarks of Altiris, Inc. in the United States.

Carbon Cop y is a registered trademark licensed to A ltiris, Inc. in the Un ited States and a re gistered trademark of Altiris, Inc. in othe r countries.

Microsoft, W indows, and the W indows logo are trademarks, or re gistered tra demarks of Microso ft Corporation in the United State s a nd/or other countries.

Other brand s and n ames are the prope rty of their re spective o wners.

Information in this document is sub ject to chan ge without notice. For the latest documentation, visit www.altiris.com.

(3)

System Vulnerability Management... 1 Patching 1

Vulnerability Scanner 1

Vulnerability Remediation 1

System Security Audit and Compliance 2

Antivirus status 2

Proactive policy checking against a modified or customized

NSA, NIST, CIS policy 2

Security patches 2

Authorized software 2

Authorized hardware 2

Personal firewalls 3

Network Access Control 3

Summary ... 4 CONTENTS

(4)
(5)

The category of System Vulnerability Management is a broad category that contains both proactive and reactive system security components, each of which solves a particular problem. These components include:

• Patching

• Vulnerability scanning

• Vulnerability remediation

• System security audit and compliance

• Network access control Patching

Patching products are typically used by IT operations staff to identify and apply key missing patches for operational and security issues.

Operational issues could be considered memory leaks, bugs that crash systems, and so on. Security patches usually eliminate a defect in an operating system or an application that could allow a hacker or

unauthorized user to tamper with or steal valuable information or data. They often do this by either planting a worm or another such element that can affect an entire network or allow an outsider to take control of a system in order to gain access to the network.

Vulnerability Scanner

Vulnerability scanners attack all IP addresses, mostly at the network layer, in order to find industry known vulnerabilities. Industry known vulnerabilities are collected in public depositories such as BUGTAQ, CVE, and so on. Vulnerability scanners can be intrusive as they try to exploit the vulnerabilities. Some vulnerability scanners can also look at lower-level system configuration settings.

Vulnerability Remediation

Most industry known vulnerabilities are eliminated either by applying the appropriate patch or by changing a system configuration. However, vulnerability scanners do not remediate. Most remediation occurs by using a patching product that applies the appropriate patch that

eliminates key vulnerabilities. Some products will take in the results of a vulnerability scanner and tie the vulnerability to the appropriate patch or configuration setting. They will then apply the patch or make the

appropriate configuration change. Vulnerability remediation is typically owned by IT operations.

SYSTEM VULNERABILITY MANAGEMENT

(6)

2 < System Vulnerability Management Definitions www.altiris.com System Security Audit and Compliance

The security teams, under varying regulations, are required to determine a proactive system security stance. This includes a policy of how all systems should be configured from a security stand point. A complete audit and compliance program has the security team auditing the systems against the proactive system security policy and then reporting to operations where systems are out of compliance. The operations team then brings these systems into compliance.

Most security teams begin with an industry best-practices policy from leading organizations such as the National Security Agency (NSA), National Institute of Standards (NIST), Center for Internet Security (CIS), SANS, Microsoft, IBM, and many others. Audit and compliance tools are also used to audit against DISA, the U.S. Army, and other DOD STIGS as outlined in the Security Technical Information Guide. Many of these policies include hundreds of system configuration settings such as: user and group setup, system audit settings, privileges, rights, password lengths, password aging, registry settings, registry keys, and hundreds of others. Audit and compliance tools audit the seven key audit areas: Antivirus status

Check if antivirus software is on, if the latest version is installed with the latest definitions, and so on.

Proactive policy checking against a modified or customized NSA, NIST, CIS policy

Check for all system settings against the proactive system security policy.

Security patches

Check to verify that the operations teams have deployed all major security patches as a check and balance to the patch product used to deploy the software patch.

Authorized software

Check that only authorized software is present and that unauthorized software such as public instant messenger, Kazaa, MP3 players, keyboard access products, and so on are not present.

Authorized hardware

Check that only authorized hardware is present and that unauthorized hardware such as modems with auto answer on, enabled USB hard drives, wireless NIC cards, and so on are not present.

(7)

Personal firewalls

Check to see if personal firewalls are operational.

Network Access Control

Many notebook computer users are “ad hoc” users who periodically gain access to the network. These users consist of a mobile workforce, partners, suppliers, contractors, and so on. If their systems are infected with a worm or a virus, then once they are connected to the network it takes merely seconds for the infection to spread. Therefore, new generation network edge audit tools place systems in quarantine or a safe zone, audit for the presence of updated antivirus and security patches, and either allow or not allow systems onto the network based on the audit results. This is also called scan and block or enforcement.

(8)

4 < System Vulnerability Management Definitions www.altiris.com SUMMARY

References

Download now ( PDF - 8 Page - 116.38 KB )

Related documents

Mobile Broadband at Virginia Tech

together make up a wireless access network, which will enable users in that coverage area (Blacksburg, Virginia in this instance) with fully mobile broadband connectivity..

How To Audit A Health Insurance Program

Our audit objective was to determine whether United paid for services designated with modifier 59 that were not distinct or independent from the other medical procedures provided

Business etiquette and attitude towards in Delavska hranilnica d.d.

Prepričana sem, da je poslovni bonton pomemben del znanja zaposlenih v bančnih institucijah, zato bom poskušala ugotoviti rabo poslovnega bontona zaposlenih v podjetju

THE PORT AUTHORITY OF NEW YORK AND NEW JERSEY. COMMITTEE ON OPERATIONS MINUTES OF SPECIAL, INTERIM MEETING Wednesday, May 25, 2011

d/b/a Condé Nast (Condé) covering approximately 1,008,012 rentable square feet (rsf) of office space and approximately 30,000 useable square feet (usf) of non-office space

ADSSC Design Standards Manual

Flow division control facilities shall be provided as necessary to ensure organic and hydraulic loading control to plant process units and shall be designed for easy operator

Helix Water District 2020 Water Shortage Contingency Plan

If there is a gap between available water supply and projected water demand, the District’s water conservation department will recommend implementation of the District’s water

Nonsingular isogeometric boundary element method for Stokes flows in 3D

We compare the computational cost between the technique introduced in Section 6 and standard singular integration techniques in Section 7.3, while Point 2 above is explored in detail

Experimental Study on Prefabricated Highway

The main factors affecting vehicles’ impacting coefficient to PHSB namely the first natural frequencies of PHSB, structure of deck system, the mass and speed of vehicles are