Device Detection, Vulnerability Scanning and Danger of Compliance and Security

All Safety Standards and Rules of Governance Compliance such as PCI DSS, GCSx CoCo, SOX (Sarbanes Oxley), NERC CIP, HIPAA, HITECH, GLBA, ISO27000 And FISMA requires devices such as computers, Windows Servers, Unix Servers, networks like firewalls, IPS systems and a way to ensure their security.

There are numbers Of buzzwords are used in this area – Security issues and devices tighten? & # 39; hardened & # 39; Device requires known security vulnerabilities & # 39; To eliminate or reduce. Vulnerability is a weakness or flaw in software design, implementation or management of a system that provides systems to threaten to exploit system weaknesses or processes. There are two main topics to deal with in order to prevent security vulnerabilities – settings and software downloads in application and operating system files. Eliminating vulnerabilities will require either "fix" – usually software update or patch for applications or OS files – or "reduce" – settings change. Difficulties are common for servers, workstations and networks such as firewalls, switches and routers.

How can I define weaknesses? A harmless scan or external Penetration Test will report any vulnerabilities that apply to systems and applications. You can buy a third-party scanning / pen test service – Pen test by its nature is done outside the public internet since this is where any threat would be new. Weaknesses Scanning services must be delivered on site on site. This can either be done by a third-party consultant with scanning hardware, or you can purchase a solution "black box" as the scanning device is permanently located within the network and scanners are provided remotely. Of course, scanning results are only accurate when scanning. Therefore, solutions that constantly monitor configuration changes are the only way to ensure your device's security is maintained.

What is the difference between "improvements" and "reduce"? "Vulnerability" remedies lead to removal or permanent fixation, so this term generally applies to software updates or patches. Patch management is increasingly automated by the operating system and product developer – as long as you complete patches when released, a built-in vulnerability will be released. For example, the recently announced Operation Aurora, classified as persistent obsession or APT, was successful in infiltrating Google and Adobe. Vulnerability in Internet Explorer was used to plant malware on computers with targeted users who access sensitive data. The correction for this vulnerability is to "fix" Internet Explorer by using Microsoft publishers. Adverse Effects & Vulnerabilities & # 39; Through Settings settings ensures that the weaknesses are disabled. Stability-based communication is no longer or less harmful than those that need to be treated with patches, although a security-enabled device might well reduce an application or OS threat. The biggest problem with malfunction is that they can be updated or enabled at any time – just a few clicks are required to change most settings.

How often are new vulnerabilities discovered? Unfortunately, all the time! It's worse, often the only way the international community detects vulnerability is after hackers have discovered it and utilized it. It is only when the damage has been done and the hack is driven back to form a preventive action, either patch or settings. There are various central storage sites for threats and vulnerabilities on the web, such as the MITER CCE lists and many security products collecting live threats or storm sites.

So all I have to do is work through Checklist and I'm safe? For academic purposes, but there are literally hundreds of known weaknesses for each platform and even in small information technology, it is a task to confirm the hardened position of any device that is virtually impossible task to manually perform.

Even If you automate sensitive scanning using a scanner to identify how hard your devices are before you start, you'll still have work to do to reduce and improve vulnerability. But this is only the first step – if you consider typical malfunction, for example, Windows Server should disable your host account. If you run a scan, identify where this vulnerability is for your devices, and then take steps to help reduce this vulnerability by turning off your host and then harming these devices. However, if another user with administrator views has access to these same servers and resets the host account for any reason, you will be postpone. Of course, do not know that the server has been vulnerable until you run the next scan that can not be for 3 months or even 12 months. There is another factor that has not yet been discussed how to protect your system from internal threat – more about this later.

How to change management is essential to ensure we are compatible? Indeed – Section 6.4 of the PCI DSS describes the requirements for a formally controlled change management process for this reason. Any change to a server or network may affect the "tighten" state of the device and it is therefore important that this be considered as a change. If you use a continuous mode change tracking solution then you will have a revised path available to give you a "closed loop" change management – such details about the accepted change are documented, along with details of the exact changes that were actually implemented. At the same time, devices that are modified will be reassessed for vulnerabilities and their confirmed state automatically confirmed.

What about internal threats? Cybercrime is involved in organized crime crimes, which means it's not just about halting malicious hackers who prove their talent as an enjoyable pastime! Firewalling, Intrusion Protection Systems, AntiVirus software and fully implemented device tightening measures will still not stop or even detect a rogue worker who acts as an "online man". This type of threat could lead to malware being introduced to other secure systems by a worker with administrator rights, or even retroactively being programmed into a core company. Similarly, with the advent of persistent risk factors (APT) as evident "Aurora" hacks that use social engineering to help employees introduce "Zero-Day" malware. Threats on "Zero Day" exploit unprecedented vulnerabilities – hackers discover new vulnerability and shape an attack process to exploit it. The job is then to understand how the attack happened and more important how to reduce or reduce threats in the future. Of course, anti-virus measures are often powerless against the "zero day" threat. Indeed, the only way to identify these types of threats is using File-Integrity Monitoring technology. "All Firewalls, Monitoring, Virus and Process Whitelisting technology in the world will not save you from a familiar internal hack, as the actor controls the privileges of key servers or legitimate access to the application code – Used in conjunction with density control is the only way to manage mainstream Vulnerable credit card systems. "Phil Snell, CTO, NNT

See our other documentary" File integrity monitoring – Last PCI DSS protection "For more backgrounds in this area, this is a brief summary-purely It's important to confirm all adds, modifies, and deletes files as any changes can be significant in preventing host security. This can be accomplished by monitoring any changes to the properties and file size.

However, we are looking to prevent one of the highs Developed types of hack, we need to introduce a completely infallible way to ensure file integrity. This calls for each file to be & # 39; DNA Fingerprinted & # 39 ;, usually generated by Secure Hash Algorithm. Safe Hash algorithms, such as SHA1 or MD5, produce unique, hexadecimal values ​​based on the contents of the file and ensure that even one character that changes to a file will be found. This means that even if an application is modified to uncover credit card information, the file is then & # 39; padded & # 39; To make the same size as the original file and with all other features changed to make the file look and feel the same Changes are still affected. This is why PCI DSS makes file health monitoring mandatory and why it is increasingly considered an important factor in security security as firewall and anti-virus protection.

Conclusion Device Armor is a necessary discipline for any organization serious about security. Furthermore, if your company is subject to administrative arrangements or formal security standards such as PCI DSS, SOX, HIPAA, NERC CIP, ISO 27K, GCSx Co Co., the device will need to be tightened. – All servers, workstations, and networks need to be tightened by the configuration of settings and software card installation – Any change in device may adversely affect your condition and cause your company to compromise security. Working to reduce the threat of "zero day" and the threat from the "inner man" – the rules will change regularly as new threats are defined

Source by Mark Kedgley

Leave a Reply

Your email address will not be published. Required fields are marked *