The Information Security or network security industry uses the term “vulnerability” quite often, but you might find yourself asking the following questions:
What is a Network Security Vulnerability or Information Technology Vulnerability?Where do vulnerabilities come from?How do I find and fix vulnerabilities on my network?
I will break down the nature of network security vulnerabilities, how they come into existence and how you can take action to eradicate them from your network. There are two main categories of vulnerabilities: software vulnerabilities and configuration vulnerabilities. We’ll take a look at each one separately.
What is a Software Vulnerability?
A software vulnerability refers to a flaw in a program’s code that might allow a hacker to take advantage of the system. Every electronic device that connects to a network runs some form of software, which means all devices are susceptible to software bugs – mistakes in the code that cause the program to behave unpredictably. If one of these bugs can be leveraged to compromise the device’s security, it is referred to as a vulnerability.
Software developers do their best to fix vulnerabilities before releasing their software, yet many will still be discovered after the software is made public. The developer combats these vulnerabilities by writing patches and updates. For example, Microsoft combats software vulnerabilities in Windows by releasing monthly updates and patches. These updates make slight modifications to the system’s software in order to fix vulnerabilities and make the system more secure. All computer users have experienced this in the form of your desktop interrupting their workday and asking to reboot, so it can finish installing updates. While this may be annoying or inconvenient, it helps keep your desktop secure. However, desktops are not the only things that need to be updated. IP phones, printers, web servers, email servers, file servers, routers, network switches and even firewalls need regular updates applied to fix vulnerabilities and keep hackers out.
What is a Configuration Vulnerability?
Configuration vulnerabilities refer to security flaws caused by setting up a system improperly, or by failing to change dangerous default settings. Nearly every device that connects to a network can be configured with countless software settings. Unfortunately, some of these settings are insecure right out-of-the box, and unless they are changed, the effectively lay out the welcome mat for hackers. Other settings may be secure at first, but tend to be changed because the security feature is deemed annoying or inconvenient.
A classic example of this is represented by network devices that use default usernames and passwords like “admin/admin” or “admin/password”. This makes a hacker’s job very easy; they can just log in and do as they please with virtually no hacking required! Another example of a configuration vulnerability is disabling the need to log-in for an FTP server because it’s too inconvenient to type a password every time you need to access your files remotely. The FTP software itself may be secure, but we just disabled all the built-in security. This would be similar to buying a thick steel door to protect our home, but never locking it. Software developers are getting better at making sure devices are secure when you first install them on your network, but they still require proper setup and maintenance to keep them locked down.
How can I prevent attacks?
Software companies understand the inherent risk and flaws with the software they develop. Because of this, they spend millions of dollars every year having their team re-write the software code to fix issues. These fixes or updates are known in the IT community as patches. Every month, for example, Microsoft releases updates to their code. This day was formalized in October 2003 as Black Tuesday or Patch Tuesday, which is the second Tuesday of every month. Similarly, every device that uses software and is connected to the internet (pretty much every electronic device, except for a calculator) has updates and patches that need to be run on the device.
As soon as a software update is publicly pushed out, hackers also have access to the update. They will immediately start to reverse engineer the update to determine the flaw in the code the patch was designed to correct. As soon as the update is released, the clock is ticking as to how long it will take for hackers to find ways to modify the code on a computer (or any other piece of hardware, for that matter) to allow them access into the system.
The next time your computer or any other device you are using prompts you to run an update; I would suggest you take the time to make sure the software update is complete.
For more information please contact John Pohlman directly at 801-889-1383