IT innovation and continued data protection requires proactive measures to secure IT infrastructures and systems, and protect against “zero day” attacks. Data security enforcement keeps cyber criminals out of systems and networks, and data prevention strategies must evolve at a rapid pace to stay ahead of cyber criminals. Data Security professionals are constantly working to proactively discover weak points in their own networks. All proactivity measures start with vulnerability assessment and exploiting vulnerabilities by performing penetration tests on their own systems.
Vulnerability Assessment is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Security risk is measured in the number of vulnerabilities. Risk is directly proportional to the number of potential vulnerabilities, the level of security risk and the predicted cost of a security breach. Completely eliminating security risks is not possible, but minimizing the number and magnitude of those risks is performed by using penetration tests.
Vulnerability assessment, sometimes referred to as risk assessment, techniques vary greatly but here are baseline security measures that will help protect your network and data.
Baseline Reporting: Monitoring CPU, memory, traffic and traffic volume fluctuations, data storage, device maintenance, automatic patch updates & regular software updates, securing management interfaces and user access privileges to the network infrastructure.
Software Program Development: Adhoc software, retrofit software solutions and customized software are vulnerable to zero day attacks because of computer security holes. Zero day derives from the number of days between the public advisory and the release of the exploit.
Operating systems and applications: Various Operating Systems (Windows, Linux, etc.) and applications (Flash, Java, etc.) should be patched and regularly updated. Also scan DLL files and folders for specific OS and applications.
Assessment Tools/Vulnerability Scanners: Vulnerability assessment tools vary greatly but all are scanning for bugs in operating systems, a breach in a commercial product or a misconfiguration of infrastructure components.
Port Scanners: Ports scanners are used to probe servers and hosts to look for open and active ports.
Protocol Analysers: Analyse network traffic flows (such as TCP flows) and its characteristics such as half-open and established.
Networks and Systems: Analysis of network flow among systems, network drivers, systems authentication processes, application flows to the systems and networks, database to application servers, and to data storage flows and accessibility.
Honeypots and Honeynets: Special type of software in the form of appliances or agents used for recording attacks by luring attackers and criminals to purposely vulnerable computer systems or networks.
Hardware, BIOS & Microkernel: Performing vulnerability scanning on devices’ BIOS and kernel is necessary to prevent IPC attacks (internal process communication between kernel and underlying systems), communicating via IPC protocols to the computer chip, PDoS (Permanent Denial of Service) attack on BIOS and its manipulation.
Data security professionals run penetration tests as white-hat personnel and engage in authorized attempts to evaluate and exploit vulnerabilities of their own internal IT infrastructure and systems. Follow the steps outlined here to ensure that your systems are protected from un-authorized attempts to exploit loopholes in your system from black-hat cyber criminals.