INFORMATION SYSTEMS VULNERABILITY
What is vulnerability?
Vulnerability defines a bug, defect, or a weakness present in an information system. Multiple vulnerabilities exist in information systems, operating systems, software, networking protocols, and other information systems components.
In this lesson, you will learn about the most important vulnerabilities present in operating systems and information systems and you will explore ways to keep information systems secure by controlling those vulnerabilities.
Operating systems and software vulnerability
Software vulnerability is a bug or a defect present in software which might allow an unauthorized program or third-party person to obtain access to resources.
Software vulnerability control refers to the means of managing vulnerability of software and minimizing the possibility of having the vulnerabilities exploited by malicious intent.
Software vulnerability control is considered to be one of the most important steps in securing computer systems and computer networks, for the following reasons:
- Some software itself can be hostile and cause damage;
- Software vulnerabilities are almost always exploited for malicious purposes by virus programs because they allow for unauthorized access to resources, allow for the spread of viruses, and for all sorts of damages to the computer infected;
- Operating system vulnerabilities can be exploited by attackers, intruders and unauthorized people or programs to gain access and cause damage to the computer or to other computers and resources connected to the network.
Some people believe that viruses wouldn’t have existed if software didn’t have multiple vulnerabilities which could be exploited. But even if viruses hadn’t existed, there would still be a couple of tools that allow would be used by malicious third-party to obtain unlawful access to information systems and cause widespread damage, these tools are:
- Network sniffing
- Trojan Horses
- Man in the middle attacks
- Password cracking
It is also possible to gain unauthorized access to computer networks if firewalls are not setup or if they are setup but not configured properly.
To limit the scope of vulnerability for viruses and Trojan horses on computer and information systems, some of the following countermeasures can be adopted:
- Ensuring the security patches are kept up to date for all software installed on computers;
- Running virus scan software on all the computers in the organization and making sure the virus database is kept up to date by regularly downloading virus definition updates;
- Allowing only approved software to run on computers and monitoring what users install on their computers or alternatively locking down the users so that they are not allowed to install software on their computers;
- Running vulnerability scanning on the computer network to locate any computer with vulnerabilities and patching them accordingly.
Running virus protection software
Every organization should purchase and install virus scan software on all their computers and servers. After installing the software, it is important to set it up and configure it properly, so that any virus that attempts to infiltrate their computer systems can be detected and caught.
However, any virus scan software can only detect viruses that are stored in its own database. This means that the software will not be able to detect any new or unknown viruses that haven’t been loaded into its database. For this reason, it is important to constantly apply patches to the software, and to keep the virus database updated with automatic updates. Patches will help reduce the vulnerabilities that virus programs try to exploit, and updating the virus database will allow the virus scan software to download the latest virus definition and become aware of any newly discovered viruses.
To maximize the operation efficiency of the virus scanning software, it should be setup to perform the following operations:
- Regularly scanning the local drives on all the computers in an organization’s network, these scans might be scheduled to run daily, weekly or monthly, as required;
- Scanning of all the files during the virus scan operation and making sure no directories are being skipped, to ensure nothing is being missed;
- Prompting the users for action as soon as a virus is found, as this will allow the users to give more information to the IT staff relating to where the virus came from;
- Scanning all email attachments, at the firewall level or on the client computers. The IT departments in some organizations would choose to perform the scanning at both the firewall and the client computers level.
- Keeping a log of all virus scanning activities for future reference.
Updating security patches for Software
Before you can update the security patches for all software in an organization, you need to follow a couple of steps, such as:
1. Keeping an updated database with information about all the computers and software in the organization in order to know which security patches are required for each software. Below is a sample of the required information to be stored in the database:
- The name and location of each computer and what it’s used for;
- The operating system version installed on every computer;
- Whether or not the computers have any service packs installed for their operating system;
- The name and version of all the applications installed on every computer;
- A listing of the services running on every computer;
- A listing of active ports on computers and servers.
2. Evaluating security advisory bulletins because these normally list security vulnerabilities in application software and operating systems. Vulnerabilities can occur in web browser programs (such as Internet Explorer, Firefox, etc.), Microsoft operating systems, or a Unix or Linux platform. It is the job of systems administrators in any organization to determine whether the vulnerability in question is a security risk to the organization.
a. The system administrator will first need to determine whether the software, platform or operating system exhibiting the vulnerability is being used in the organization or not. If the vulnerable component is not being used in the organization, then the vulnerability does not pose a security risk to the organization. Otherwise, they will need to determine the amount of risk and any possible damage that may occur from that vulnerability.
b. Depending on the size of the organization (small, medium or large organization), the decision process might either be exclusively taken by systems administrators and the IT department, or it may be shared with management. In case the decision making process is shared with management, the IT personnel will need to adopt some methodology in categorizing the risk, taking into account the fact that people in management are not necessarily tech savvy.
LEARN MORE - STUDY OUR INFORMATION SECURITY COURSE
Learn to keep information on your computer secure. This course is equally important for the individual through to the largest corporation.