Vulnerable System and Application
Scanning and Reporting
by Kim Logan
As criminals’ attempts to steal identities grow more sophisticated, systems and Web application administrators must grow increasingly vigilant. It is critical that we remediate vulnerabilities in systems and applications to prevent cyber criminals from accessing and exploiting our community’s personal information.
Proactive vulnerability scanning allows us to see the flaws in our systems and applications, and good reports tell us exactly how to fix those flaws. Of course, fixing the newest vulnerabilities doesn’t guarantee protection if we haven’t fixed older vulnerabilities, too.
The most critical vulnerabilities change on a regular basis, and we rely on entities such as SANS and X-Force to let us know what they are.
For Web applications, the five most common attack types are as follow:
- remote code execution
- SQL injection
- format string vulnerabilities
- cross site scripting
- username enumeration
(Though the most common, these are not the only attacks of consequence.)
Our biggest concern with network devices is with vulnerabilities that allow an attacker to gain admin or root access to a system. It is important that we do not permit default administrator accounts to remain available and recognizable and that no administrator account and password are identical. Further, we must not allow high-powered accounts to have blank passwords.
At the University of Cincinnati, we look for these kinds of things with our ISS (IBM Internet Security Systems) and Hailstorm vulnerability scanning tools. Providing these reports allows the responsible parties to perform remediation of the most critical vulnerabilities. Working together, we can keep the university’s data safe – and the bad guys out.
|
