(LiveHacking.com) – A vulnerability scanner is an essential tool for any systems administrator. Vulnerabilities on your network and in your software can easily lead to compromised systems. There is a false impression that it requires a lot of skill to compromise a computer system. However, in reality, the number of incidents where machines are compromised due to trivial events is substantial. And these could all be identified and prevented up by a good vulnerability scanner.
In this article we outline five threats posed by vulnerabilities and juxtapose them with five real-life cases.
1. Change to a network – In 2004, a postal bank office in Israel suffered a break-in. A quick investigation found that nothing went missing, so the whole episode was dropped as some prank. In the following days however, the office noticed that tens of thousands of shekels were going missing. A more thorough investigation revealed a rouge access point installed on the network. The thieves had broken into the postal bank office to install it a few days earlier. The break-in obviously went unnoticed. A vulnerability scanner would have done a wealth of good in this case as it monitors changes to the network, advising the administrator when hardware is added or removed. Such an action would have alerted the administrator of the rouge access point the minute it was installed.
2. Creation of an account and irregular use – In April 2011, a story broke out about a former Gucci employee illegally accessing Gucci systems and causing $200,000 worth of damage. It all started when the Gucci employee was fired. His administrator promptly disabled his accounts as good security practices recommend. However, before being fired, the employee had created a fake user account that the administrator was not aware of, and which he then used to access Gucci systems. In this case, a good vulnerability scanner would have proved useful in detecting the threat firstly by alerting the administrator when the account was created, and secondly by notifying them when the account had been used on an irregular basis, so the administrator could then delete the unnecessary account.
3. Deploying a patch – On April 13, 2004, Microsoft released a patch for a security flaw in its Windows operating system. A few weeks after the patch was made available, a malicious computer worm was released on the internet. This Sasser worm exploited the vulnerability and caused wide-spread chaos even though companies had a few weeks’ head start to deploy the patch. This caused a news agency to lose satellite communications for hours, an airline to cancel flights and a financial institution to close 130 of its offices due to widespread infection. An important function of a vulnerability scanner is to scan the network for vulnerable applications for which a patch is available and inform the administrator. Provided the administrator is proactive in testing and deploying the patch, a few weeks would be more than enough to secure a network.
4. Creation of blank passwords – One of the top hacker stories recurring in the news over the past five years is that of Gary McKinnon. Out of his conviction that the United States government had certain information about extraterrestrials and knowledge of anti-gravity and free energy, in February 2001, McKinnon started looking for proof by trying to gain unauthorized access to US military and NASA’s computer systems . He allegedly scanned the system for administrator accounts using blank passwords, and actually managed to find quite a few systems, which he then compromised. A good vulnerability scanner will help in two ways in such a situation. First and foremost, it will scan and report on a system’s password policies, enabling the administrator to determine if users can create weak passwords. Additionally, a vulnerability scanner will also check administrator accounts for blank passwords.
5. File sharing software –We all know that the US military takes secrecy seriously, and there is no doubt that some of the most secretive details revolve around the presidential helicopter defense system. In March 2009, however, news broke out that details about Marine One’s missile system were being shared on a P2P network from a computer in Iran. It turned out that an employee of the contractor in charge of the helicopter had installed file sharing software and inadvertently shared the classified file. The dangers of file sharing software in relation to data leakage are well known. A good vulnerability scanner will not only inform the administrator if new software is installed on a system but also when file sharing software is installed on a scanned computer.
These threats could have easily been brought to the attention of the systems administrator by means of a vulnerability scanner. Vulnerabilities can cause a number of issues that can lead to a system compromise. The number is so staggering that it might not be possible to stay ahead without a systems support. A good vulnerability scanner nowadays checks for many vulnerabilities at the click of a button and can indeed provide the necessary information to help an administrator avoid many pitfalls, such as those discussed in the five examples above.
Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.
Disclaimer: All product and company names herein may be trademarks of their respective owners.