|
You are
here: Home
>>Computer
and Information security>>Software Vulnerability
control Software
Vulnerability Control
A software vulnerablilty is
some defect (commonly called a "bug") in software
which may allow a third party or program to gain unauthorized
access to some resource. Software vulnerability control is one
of the most important parts of computer and network security
for the following reasons.
- Virus programs use
vulnerabilities in operating system and application
software to gain unauthorized access, spread, and do
damage.
- Intruders use
vulnerabilities in operating system and application
software to gain unauthorized access, attack other
systems, and do damage.
- Some software itself may
be hostile.
Countermeasures
There are several
countermeasures that may help ensure that unauthorized
and possibly hostile virus or trojan software does not
run on your systems. These countermeasures also limit
the scope of the vulnerability. Countermeasures
include:
- Run virus scan
software on every organizational computer and
update the virus scan database at least twice per
week. Perform a full scan at least once per week.
- Keep software
security patches updated - Get on computer
security advisory mailing lists and update
applicable software. With some systems such as
Windows systems you can set up a server to
automatically update systems on your network. One
way to do thin in Windows 2000 systems and above
is to use a systems update server (SUS) and set
your Windows domain policies to have all computers
regularly updated with approved updates as they
are released by Microsoft.
- Only allow
approved software to be run on your computer
systems so hostile trojan programs are not run.
This may involve locking your users down so they
cannot install software on their computer systems.
- Limit services on
all servers and workstations to the minimum
required. Be sure the network administrator is
aware of all operating services especially on all
servers.
- Run vulnerability
scanners both inside and outside your network to
find computers with vulnerabilities so you will
know which ones need patched. The cost of this
should be weighed against the security need.
Running
Virus Scan Software
Virus scan software
should be run on every computer within the
organization. This will detect known viruses when they
attempt to infiltrate the system if the virus scan
software is setup correctly. Keep in mind however that
virus scan software will only detect viruses in its
database, so there are two concerns:
- Unknown viruses
will not be stopped by the scanner - This is why
patching applications is very important. Patching
applications will help eliminate the
vulnerabilities that virus programs will exploit.
- The virus database
must be updated at least weekly so as new viruses
are discovered, they will be found by your virus
scanner programs. these updates may be downloaded
from the maker of the virus scan software. They
are normally executable files which update the
database on the client computers. The executable
file can be placed in the user's network login
script program so it will run when they boot their
system. In some cases it may be best to test the
virus update before runing it on the entire
system.
To be most effective,
virus scanner programs should be set up to do the
following:
- Perform regular
weekly or monthly scans of the entire computer
system's local drives.
- Scan all files
when a scan is performed and don't allow any
exclusions of any directories such as the recycle
bin.
- Be sure to prompt
for user action when a virus is found. this way
the user is more likely to be aware of where the
virus came from and they can call your IT staff.
- Set the system to
scan files when a file is run, copied, renamed or
created.
- Set up e-mail
scanning to scan e-mail attachments. this can also
be done at the firewall, but should be done at
least either at the firewall or on all client
computers. Scanning at both locations may be a
good idea if it is feasible.
- You may also want
to scan web content for hostile content either at
the firewall or client computer depending on your
setup. You should know that scanning for hostile
e-mail or web content on the firewall may
overburden your firewall. Many firewall
organizations recommend that the scanning be done
on a separate computer. How this is done will
depend on your situation, but you should at least
determine the process load on the firewall before
adding this capability.
|
Related Topics on Computer and
Information security
- Software
Vulnerability Control
- Firewall Protection
- Network
Intrusion Detection
- Network Port
Scanning
- Network Tools
passwords
- Types of attacks
- Application
Level Protection
- Systems Protection
- Mail and Security
- Hostile Software
For more topics and tutorials visit -
http://www.comptechdoc.org
|
| Browse
the subcategories |
|
 Computer And Information Security
CCTV, Surveillance Systems, Equipment & Components
Access Control Components, Equipment And Systems
Alarms, Burglar, Electronic Systems, Equipment & Components
Fire Protection, Detection & Controls
Intrusion Detection
Perimeter Security, Fences, Ballistic
Security & Specialty Services
Security Design Services
Facilities Systems
Miscellaneous
|
| Find
Products for :-
|
| Find
Solutions for:-
|
| Complete
information on security services, guarding services,
investigators, detectives and security systems. We also have a
online directory guide of the companies providing services the
above services in different states of India like Delhi, Mumbai,
Gurgaon, Banglore, Noida etc.
www.securityservicesindia.com
|
| A Directory on Insurance as well as
Insurance related topics updated to the latest. A
total solutions site for your basic to advanced
Insurance needs |
www.insurance4india.com
|
| Want
a loan? Learn the pros and cons for taking a loan and lots of
information for your finance problems.
www.finance4india.com
|
| Plan
a trip to India! Visit the beautiful, culture rich country
having diverse climates, castes, languages and creed. Each
visit will add a new experience in your life, select your tour
and make a trip to India with us
www.visitindia.org.in
|
|
