How to uncover network vulnerabilities
There's a couple of scenarios where reading this blog post will be helpful, which include but are not limited to:
You're new in IT and want to know where to start finding vulnerabilities on the network you're managing.
You've just moved into a poorly managed infrastructure where the previous IT guy was clueless.
You're doing a start up and want to ensure things are kept safe, so knowing how to find vulnerabilities in the network seems sensible.
Of course there are many other reasons as well.
Lets get started, by defining a network. What is a network? How do you know where you're responsibility starts and stops? And what tools can you deploy to help you to manage network vulnerabilities?
A computer network is defined as …. “A computer network is a digital telecommunications network which allows nodes to share resources. In computer networks, computing devices exchange data with each other using connections (data links) between nodes. These data links are established over cable media such as twisted pair or fiber-optic cables, and wireless media such as Wi-Fi.“...according to wikipedia, and this in theory might as well cover the entire internet, and traditionally people would stop worrying after the data leaves the business network (aka your office), however with the increasing desire to move things cloud based we can't just stop in our business network, we have to be concerned and capable of ensuring that any cloud resources the business uses hasadequate vulnerability protections.
In regards to cloud services that the business uses such as email, website hosting and maybe even data storage, there should be a healthy amount of documentation provided by the cloud supplier. If there isn't, then you should be questioning them. Chase them on all aspects of security not just vulnerability management, but physical security, raiding drives to protect against corruption etc.
Specifically in regards to vulnerability detection and management, enquire about how they handle severe and critical vulnerabilities. Ask them if they are using WSUS for windows patch management and if they have Linux systems or tools that can manage third party software. WSUS, is going to primarily patch Microsoft related technology, and not their backup software, the operating system of their Cisco switches and routers etc, there's a lot of scope for none Microsoft technology. A very important piece of information that needs to be assessed is how regularly are they patching severe and critical vulnerabilities, does it take then 48 hours or 6 months? A risky vulnerability can cause havoc on a network and if it's not managed they can be combined with other vulnerabilities to provide unauthorised access.
Now what about the business network, all those physical machines, the in-house storage, the active directory system, backup systems etc. Every network will be different, like a fingerprint but they generally have similar functions and roles. The primary protection against vulnerabilities is detection, so when looking into this field, it really needs to be automated. It would be a spectacularly time intensive job to do manually, so below are some tools that can assist with the task.
WSUS: used to scan all windows machines and servers on a network/domain and assess their level of patching against what is recommended, if gaps are found they will patch and update.
Anti-Malware: This should be deployed to all machines and servers on the network/domain because it will help identify when vulnerabilities might be getting taken advantage of (and proactively block this activity).
3 rd Party Patching tools: As mentioned above, it's not always possible for WSUS to patch everything, so there are tools such as solarwinds, lansweeper and pdq deploy which can assist in patching software across the network.
Having the software and capability to do this though is not always enough. One of the best methods to detect vulnerabilities is to proactively scan your network with tools such as Nessus, which are connected to the CVE database that logs all known vulnerabilities. Running this against your network of machines will help identify incorrect configurations and security risks, which IT can then go ahead and invest time in fixing.
Please also keep in mind that all this activity should be regular and on schedules, don't just do the task once and think the business is fine. Vulnerabilities are released daily which means as soon as you patch you can be out of date and vulnerable within days. If you have any questions on how to implement a great patch management system or run vulnerability scans across the business network, get in touch. We're always happy to get involved.
- The Essential Cyber Hygiene for your business
- Why do you need a SIEM?
- New Year cyber security recommendations
- Protecting your identity online
- What is a VPN and why do you need one?
- Quick tips to improve your board’s cybersecurity
- Password Management Software
- How to make of your employees the best line of cyber defence against cyberattacks
- Certificate management processes
- What is Phishing and what can you do to prevent it?
- Found malware, now what do you do?
- Data breaches and other scary 2019 events- Special Halloween post
- How to get your cyber security budget approved by the board
- The TechForce Sponsorships
- How to start a career in the security industry
- Protecting your business in the cyber security era
- Secure Your Supply Chain
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Fake invoice email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- Cyber Essentials Demystified
- How to choose a Security Awareness Platform
- 6 Quick and Easy Email Security Tips for Dummies
- Hackers On Tour
- How to share passwords safely in your Small Business
- In the news - Warning. North Sea firms likely already attacked
- 10 Steps to Cyber Security
- 6 Top Tips to Prevent Cyber Attacks
The Essential Cyber Hygiene for your business
We hear about the Travelex, British Airways, Maersk and Equifax data breaches. Over 90% of these incidents can be prevented by following basic Cyber Hygiene for your businessMore
Why do you need a SIEM?
A SIEM is a security information event manager, which very simply means its software that manages events regarding information security, simple enough.More
New Year cyber security recommendations
In this blog post we give you some new year cyber security recommendations to protect your accounts and identityMore
Protecting your identity online
Is it possible to really protect your identity online? How do “you” protect your identity online and how do others that have your identification details protect you in the ever expanding “online” aspect of computing?More
FOR LATEST UPDATES SUBSCRIBE HERE: