Security Vulnerabilities

What are vulnerabilities, and how are they exploited?

A vulnerability is a weakness in an IT system that can be exploited by an attacker to deliver a successful attack. They can occur through flaws, features or user error, and attackers will look to exploit any of them, often combining one or more, to achieve their end goal.

Flaws

A flaw is unintended functionality. This may either be a result of poor design or through mistakes made during implementation. Flaws may go undetected for a significant period of time. The majority of common attacks we see today exploit these types of vulnerabilities.

Vulnerabilities are actively pursued and exploited by the full range of attackers. Consequently, a market has grown in software flaws, with ‘zero-day’ vulnerabilities (that is recently discovered vulnerabilities that are not yet publicly known) fetching hundreds of thousands of pounds

Zero-day vulnerabilities

Zero-days are frequently used in bespoke attacks by the more capable and resourced attackers. Once the zero-days become publicly known, reusable attacks are developed and they quickly become a commodity capability. This poses a risk to any computer or system that has not had the relevant patch applied, or updated its antivirus software.

Features

A feature is intended functionality which can be misused by an attacker to breach a system. Features may improve the user’s experience, help diagnose problems or improve management, but they can also be exploited by an attacker.

Examples of features include Microsoft’s macros into their Office suite and JavaScript, which are widely exploited by cybercriminals to spread malware.

User error

Users can be a significant source of vulnerabilities. They make mistakes, such as choosing a common or easily guessed password, or leave their laptop or mobile phone unattended. Even the most cyber aware users can be fooled into giving away their password, installing malware, or divulging information that may be useful to an attacker. These details would allow an attacker to target and time an attack appropriately.

How to address Vulnerabilities

Administrators must take a proactive approach to resolving vulnerabilities. If recent history of cyberattacks has taught us anything, it’s that you can’t protect yourself after the attack has started.

The best practices of vulnerability remediation outlined below are crucial to helping administrators assess their current risk, take steps to prepare their vulnerability defense with minimal interruption to current processes and lay the groundwork to proactively address future vulnerabilities (with their current IT staff) before they are exploited.

STEP 1

Identification/Discovery of Systems

This initial step gives you, as security administrators, a clear view of the network through the use of an assessment tool or network mapping software that can scan all networks (and subnetworks) to determine used TCP/IP addresses and the associated devices connected to them. Once all devices are identified, you can determine which systems are most critical to protect and then put them in order of priority.

STEP 2

Vulnerability Assessment

Vulnerability assessment tools or scanners are used to identify vulnerabilities within the network. The vulnerabilities identified by most of these tools extend beyond software defects (which are fixed by patching) to include other easily exploitable vulnerabilities, such as unsecured accounts, misconfigurations and even back doors.

STEP 3

Vulnerability review

The key objective of this step is to clearly understand where your network is at risk and to prioritize the most critical vulnerabilities and systems in preparation for remediation. Some limited review capabilities are available within the scanners or the scanning report. A more effective approach is to leverage vulnerability remediation and review tools that allow administrators to combine data from multiple scanners and provide several ways to organize and review the data.

STEP 4

Vulnerability remediation

Once the vulnerabilities have been reviewed and put in order of priority, you must determine how to approach the remediation. There are three typical options available to security administrators:

The Common Vulnerabilities and Exposures Web site is also a good resource for finding information about these tools.

After any of the above options are completed, a differential scan of the devices that were repaired should be run to verify the effectiveness of the remediation efforts.

STEP 5

Ongoing vulnerability management

The need for ongoing management of network vulnerabilities is often overlooked at the onset of a vulnerability remediation project. Yet with new vulnerabilities being identified every day and users reintroducing vulnerabilities into their environments, the remediation strategy needs to be repeated regularly.

Skip to content