February 22, 2012

You are here: Home / Archives for Tutorials

4 Key Features of Good Endpoint Security Software

January 24, 2012 By

(Live-Hacking.Com) – Data leakage occurs when data that should have never left the physical confines of your company’s brick and mortar walls does, and control of that data is lost. One of the main reasons why this could happen is because companies lack endpoint protection. When a user copies data to their smartphone (think contacts, critical documents that they wish to

GFI EndPointSecurity™ console

GFI EndPointSecurity™ console

review while mobile, email attachments, etc), or to a USB flash drive, your company is primed for a data leak. Endpoint protection is designed to prevent that from ever happening in the first place. Sure, you can remotely wipe smartphones, at least the ones that are compatible with your company’s policies, and you can protect data on portable media with encryption, but both of those depend in part on the end user. Whether that person is intentionally malicious, apathetic, or simply ignorant, it is entirely possible to transfer data to unprotected media, unless you prevent it in the first place through endpoint security.

There are programs on the Internet today that can turn portable media players into mass storage devices capable of automatically seeking out and downloading key data to their storage. Search for podslurping to see just how creative these applications are, and don’t forget the users with DVD/CD burners in their machines that can burn a disk with gigabytes of data. Unless they have encrypted that data, it can be read by anyone who happens to come across that disk. Some companies have gone as far as to epoxy the USB connection on machines to prevent the physical attachment of external media, but this has several problems. They won’t be able to turn such damaged hardware back in at the end of a lease; any residual value after the useful life will be greatly decreased, there are lots of legitimate uses for USB that will be prevented by this, and it is not a full solution. Search on bluesnarfing to see how users can exploit Bluetooth connections to further transfer data. Instead of ruining your hardware, implement endpoint security to protect your data.

So how can endpoint security help a company to prevent data leakage? Here are the four most important features to look for in good endpoint protection software:

  1. Agent based enforcement: Endpoint protection software should use easy to deploy, tamperproof agents which can be rolled out to users, and once on their system, be locked down so even local admins cannot disable them.
  2. Easy, central management: Good endpoint protection software should support rapid policy creation through an easy to understand wizard, that can be deployed granularly with Active Directory Group Policy, and that has the flexibility to support business needs.
  3. Information at your fingertips
  4. Real-time centralized monitoring and alerts are just the starting point for endpoint protection’s information components. Look for centralized logging and reporting, that can generate on demand and scheduled reports.
  5. Flexibility:The one thing you can count on is that no matter what you set up, you will need exceptions. Whether you need to provide temporary access, allow systems admins or security personnel to bypass restrictions, or implement white-lists and blacklists, look for an endpoint protection that is not going to lock you down so tightly that it breaks business processes.

By deploying endpoint security, you are taking reasonable steps to prevent data leakage and protecting your company’s data and that of your customers. Endpoint protection makes good business sense in today’s environment where a data leakage can cost a company millions in reporting and monitoring, and cause irreparable damage to a company’s reputation.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more on how to make the best out of endpoint security.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Filed Under: Security, Tutorials Tagged With: , , ,

5 Ways to Create the Right Patch Management Policy

January 6, 2012 By

While patch management is, conceptually, a straightforward task, its correct implementation is not always that simple. One might be tempted to simply deploy patches on a need to basis without giving it much thought; however, in order for patch management to be fully effective, the right patch management policy is required, as without it patch management could become the threat you’re actually trying to prevent.5 Ways to Create the Right Patch Management Policy

So what makes the right patch management policy?

1. Inventory

Without knowing which software or systems need patching, no proper patch management process can exist. While this might seem obvious, it’s a step often overlooked in a company’s patch management policy. An inventory is also required when testing environments are created – an essential item in any patch management policy. Inventories can be done manually, however it’s wise to either have scripts that automate the process to a degree, or use a network scanner to do the job.

2. Monitoring

Every patch management policy needs a process that can identify which patches are missing or outdated, and this can be achieved by either monitoring vendor sites or using patch management detection software.

3. Testing

Once an administrator determines and downloads the patches needed on the network, it is essential that they are tested before they are deployed to make sure that that they are working well across all systems. Test environments that perfectly mimic the actual environments that the patches will be deployed on are needed. A blueprint for such environments ought to be prepared during the inventory step. As time goes by it’s important to keep the test environments in line with the actual environments. This can be done by comparing inventories or through the use of software which can notify the administrator when environments change.

4. Deployment and Verification

This is another pitfall. For many, their patch management process does not include verification but just deployment; however, the right patch management policy requires both. If the deployment fails for any reason, especially if the whole process of deployment is unattended, it can easily happen that the failure goes unnoticed thus giving the administrator a false sense of security. To avoid this, ensure that there is a way to determine the patch level of each machine and confirm that all the patches deployed were successful.

5. Disaster Recovery

No matter how many precautions are taken and how many tests are run, there is no guarantee that a patch deployment will not cause issues. Computer software is complex and it is impossible to test all possible combinations, especially when you factor hardware and chipsets in. Therefore, it is essential that a patch management policy includes a section on disaster recovery, so, should things go wrong, an administrator will be able to quickly recover the network to a working state.

Without the right patch management policy in place, patch management can indirectly be a security risk since the patch deployment itself can cause issues and possibly downtime. Once designed, the patch management policy will require a little extra effort; however, this is a much more favourable option than the effort spent trying to fix a broken environment, not to mention the loss of productivity.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about creating the right patch management policy.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Filed Under: Security, Tutorials Tagged With: , , , , ,

12 Reasons to Deploy Email Monitoring

December 21, 2011 By

(LiveHacking.Com) – With all of the effort email administrators put into monitoring their email servers for utilization, disk space, and error logs, they may be overlooking some of the most important information they can get out of their email system – how it’s actually being used. Companies that implement email monitoring quickly find a wealth of useful information about how employees are actually using email to perform their jobs, or in some cases, instead of performing their jobs. Using email monitoring is much like using web monitoring. It provides insight into patterns and behaviors, identifies trends and issues, and can even support compliance efforts.12 Reasons to Deploy Email Monitoring

Here are 12 important reasons why you should deploy email monitoring on your network:

  1. See who users email the most time to identify patterns and efficiencies.
    This will let you know who communicates with whom, to ensure the right people are interacting with one another.
  2. Learn who the key contacts are for each user or role.
    If a job transitions to another user, it can help them quickly get up to speed on the primary contacts they will have.
  3. Discover which customers or vendors need the most attention.
    This is a great way to head off customer satisfaction issues early.
  4. Identify the customers most likely to provide good referrals to others.
    Those who receive the best communications are likely to be the most satisfied.
  5. Identify the users spending excessive time on personal email.
    Sending emails to traditional personal accounts (Hotmail, Gmail, Yahoo, etc.) is a pretty good indication that they are not communicating with your customers unless you are a consumer-focused business.
  6. Measure response times to customer emails to be sure they are getting answers when they should.
    You should have standards for response times, and this will let you confirm your employees are meeting those commitments.
  7. Confirm that the help desk is replying to users within their SLAs.
    Users tend to call the help desk because they don’t get responses to emails quickly enough. Knowing just how long it takes to get a response helps identify staffing or performance issues.
  8. Find the mail hoarders so you can work with them to purge email, or charge them for the excessive space.
    Disk space is a limited commodity, and departments that use excessive amounts either need to be brought into compliance, or charged for the usage.
  9. Ensure that your email system isn’t being used as a file server, and that attachments are business-related.
    Email is a convenient way to trade files between users, but it places increased demands on server resources. See just how much space is being used, and ensure it’s not for MP3s and videos.
  10. Make sure customers aren’t emailing inactive or deleted accounts so you don’t miss any opportunities or leave customers thinking they are being ignored.
    An unanswered email is a good reason for a customer to contact your competition next. Identifying inactive accounts that customers still email makes sure someone responds.
  11. Ensure email communications use professional and appropriate language.
    Every email an employee sends represents your organization, so you want to be sure communications are sent in a professional manner without profanity or slang.
  12. Make sure users aren’t forwarding emails to personal accounts or the competition.
    Finding emails going to competitors helps stop the loss of intellectual property.

An email monitoring solution will show you how your users actually use your email system, where communications channels exist, and whether or not any compliance issues exist. It’s the next level of email management and an extremely valuable source of information.

Editor Note: This guest post was provided by Christina Goggi on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the benefits of using email monitoring.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Filed Under: Security, Tutorials Tagged With: , , , ,

6 Ways to Optimize Your Spam Detection Mechanism

November 28, 2011 By

(LiveHacking.Com) – Spam is a scourge that causes several problems for most organizations and therefore needs to be stopped before it reaches the users’ mailboxes. Luckily, there are various types of anti-spam filters to suit different types of organizations; however, it is important to understand that spam detection can be quite tricky. If the configuration is wrong, valuable emails will be incorrectly classified as spam. You therefore need to ensure your anti-spam filter is configured correctly to avoid as many false negatives as possible and without creating false negatives as well.

So how would one go about configuring spam detection?6 Ways to Optimize Your Spam Detection Mechanism

In order to have an effective spam detection mechanism, you can use various techniques. Different products might provide a combination of these technologies but it is important to understand what they are in order to be able to configure each one effectively.

1. Bayesian Filtering:

Bayesian spam filtering is an advanced way for a computer to determine whether an email is spam or not. Bayesian filtering is a system that through training can “learn” to distinguish between spam and legitimate emails. It does this through a statistical analysis of what words one expects to find in a legitimate email and not in spam. To do this, Bayesian filters need to be trained using legitimate emails and spam. Some products offer automated updates and allow the customer to do their own training. Having vendors do the training is advantageous due to the wider range of samples that the training is based on. It is hard to gauge the rate of false positives and false negatives this method can cause. The strength of this method is based entirely on the quality of the training and how typical the spam or legitimate email being checked is.

2. Databases:

Some anti-spam filters include databases of known spammers, open relays and spam emails. These databases have a variety of uses – from recognizing spam email, to recognizing other harmful content in emails such as links to malicious and phishing sites.

3. DNSBL:

DNSBL (DNS Blacklist) is a service offered by some organizations that provide a database of known spammers, open relays and zombies sending spam. Accuracy is dependent on the classification systems used by the service provider. While they’re generally quite good, these systems are sometimes accused of being too strict and thus causing some false positives.

4. Email Analysis:

There are a number of ways to analyze an email and be able to determine if it is spam or not. Some software might check that the headers are crafted correctly, for example if the emails are being addressed to whoever the email is claiming to be addressed to, while others might look for specific keywords. Accuracy can vary but you can expect that keyword-based anti-spam detection will have a higher than normal rate of false positives.

5. Greylisting:

Greylisting is a process whereby an email that arrives at your mail server from an unknown sender, is initially rejected. This will make a legitimate mail server retry again after a delay; if legitimate, the email will be accepted. In many cases the software used by spammers will not try again if the first attempt failed. Provided the mail server sending the email is properly configured, there is no chance of false positives with this method and a minor chance of false negatives should a spammer specifically cater for such scenarios.

6. Sender Policy Framework (SPF):

SPF works by having domain owners specifying what hosts are authorized to send email from the specific domain. If the host sending the email is an unauthorized source, it is marked as spam. This method can cause false positives if a legitimate user sends an email from an unauthorized location, such as a mobile phone.

Knowing what the major spam detection mechanisms are and to what extent they may create false positives are, will help you take an informed decision on how to choose and configure an anti-spam filtering solution.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on what your anti-spam filter should include.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Filed Under: Security, Tutorials Tagged With: , , , , , , ,

SecPoint Releases New Version of its Multi-threaded TCP Port Scanner

November 4, 2011 By

(LiveHacking.Com) - SecPoint, a Danish IT security network company, has released a new version of its multi-threaded TCP port scanner. The new version, which is released under a BSD style license and includes the source codes, adds new features like SYN scanning.

Other new features include:

  • Added host name resolution
  • Added option -o for output to file in plain text format
  • Added option -oh for output to file in html format
  • Added option -ox for output to file in xml format
  • Reversed the meaning of -r : by default shows port names, with -r does not show them
  • Skipping duplicated open ports: Due to the low delay between two sends, the pcap library may call the receive function multiple times for the same port. Increasing the delay time, this problem can be bypassed, but it will slow down processing. With this solution, it’s possible to keep a low delay and avoid duplicates at once.
  • Changed name to “portscanner”
  • Added target host name to output, if given
  • Removed printing of options -w and -n for Connect scan
  • Help message changed according to the new options

Using the program is simple and the ability to start multiple scanning threads makes the program quite fast. Running the following command will scan the common ports (ports 1-2000 plus a special selection that makes scanning more efficient):

./portscanner IP

Port ranges can be specified as follows:

./portscanner IP -p 21-80

Use the -s option to perform a SYN scan and -n to increase the number of threads. The default is 10. On our test machine running with -n 100 reduced the scan time for 7473 ports by 75%!

You can find out more here and the tool can be downloaded for Windows and Linux (including the source code) here.

Filed Under: Open Source, Security, Tools, Tutorials Tagged With: , ,

Why You Should Consider Network Auditing

October 31, 2011 By

(LiveHacking.Com) – Network auditing can be quite a daunting task for administrators. There are a number of procedures to be followed in order to run an effective network audit. The administrator needs to gather information related to the network infrastructure – from a list of applications installed to network configurations, as well as details of every type of hardware deployed on the network. When you take into account the fact that a network audit needs to be done periodically, it is a lot more expensive to run an audit manually than investing in a tool designed for this purpose.

There are several types of network auditing solutions; some are just designed for auditing, while others offer network auditing as one of their features.

In order to run a network audit manually you would need to analyze each and every item to ensure all hardware and software installed on your network is authorized, and check the system configuration on each machine. You will also need to compare this data with that of previous audits to identify what hardware / software / configurations changed and/or was removed. A good network auditing tool should run this process automatically for you. This software will create a baseline list for the administrator’s approval and, once that is done, the auditing tool will simply compare each scan to the approved baseline and simply notify the administrator when things change. This not only takes the load off the administrator, but it also allows for a higher frequency of audits – ensuring issues are detected in a timely manner.

There are a number of reasons to implement network auditing within the organization; these include:

Legal:

Networking auditing provides a number of benefits to the company’s legal requirements. It can ensure the administrator keeps on top of licensing and legal obligations. Additionally, it would provide the company with proof to satisfy any compliancy audits; for example several legal compliance rules mandate certain standards on the network. With a good network auditing solution you would have the required tool to prove you are compliant.

Security:

The value of network audit in terms of security is immeasurable; one could say it helps with all aspects from policy enforcement to detection of compromised system. If a user decides to open a share and allow access to everyone, for example, this can be exploited by various malware in their propagation, it can also give an unauthorized user access to data that he shouldn’t have access to.

An administrator will want to know when the configuration changes on one of the machines that he is responsible for.

Change Management:

An administrator needs to have an effective change management process for various reasons. S/he needs to maintain test environments, backup systems, and carry out other tasks that are dependent on these alternative systems being identically configured to the original ones.

For example, if a user were to install a new piece of software on his system without informing the administrator first, the administrator might test the latest patches before deploying them to the network and then be confident that productivity will not be impacted, but it turns out his testing didn’t take this new application in consideration and the system becomes unusable when the two are running together.

Network auditing can save the organization a substantial amount of time and money. Additionally, using software to automate network auditing reduces the risk of human error considerably.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on why your organization would benefit from network auditing.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Filed Under: Security, Tutorials Tagged With: , , ,

Why Does Your Organization Need Web Content Filtering?

October 3, 2011 By

(LiveHacking.Com) – The internet is a minefield for users who are not technology-savvy or who have a habit of clicking on links and downloading files without thinking of the consequences. Now take those users into a business environment and you start seeing the value and importance of web content filtering. As the web ‘threatscape’ becomes more complex and the Internet becomes a focal point for social, business and personal communication, web content filtering (and its additional security benefits) can go a long way toward protecting the network.

Content filtering server / proxy

Content filtering server / proxy

All IT teams are aware of the risks associated with unrestricted internet browsing, and the traps that exist to trick unsuspecting users into clicking on links or files that could introduce viruses and compromise your network. However, you shouldn’t assume that this knowledge is universal throughout your company.

Hackers and cybercriminals do not discriminate between experienced or naïve internet users – everyone is a possible target – however the less experienced are often a far easier target because they have no clue what security is all about let alone what types of threats exist.

You can eliminate a range of risks to your systems by restricting the Internet content available to your users, and good filtering solutions allow you to automatically protect your users from phishing sites or infected content.

Security breaches aren’t the only risk associated with unrestricted and unmonitored browsing. A lot of employee time can be wasted due to the addictive nature of some Web content, particularly games and social networking sites. Web content filtering software can help you to block certain categories of sites permanently or on a time-limited basis, greatly reducing cyber-slacking and productivity drops.

Another danger associated with company Internet usage is the fact that some websites border on the illegal. For example, if you don’t filter and monitor Internet usage, you may find that members of staff are using the corporate connection to download music or movies illegally, leaving your company open to potential legal action.

Making it known that that you are using Web content filtering technology can bring about a change in employee attitudes and how they use company resources. If employees know they can be held accountable for the content they access, they are less likely to indulge in Internet activities that they feel could put their job at risk.

Web content filtering brings with it the additional benefit of freeing up company Internet bandwidth for legitimate, business related activates.

Web content filtering solutions are typically inexpensive, and too many risks and liabilities come into play if you choose not to implement one. These solutions also bring with them plenty of benefits for you, as a network administrator, not least reducing the risk of malware infections circumventing all the protection you have in place.

Editor Note: This guest post was provided by Ben Taylor on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on web content filtering.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Filed Under: Security, Tutorials Tagged With: , ,

Why Do We Need Patch Management?

September 23, 2011 By

(LiveHacking.Com) – Patch management is a key function for anyone working in IT and is responsible for the network. There are various reasons why patch management is so important and how, if neglected, can lead to service disruptions or give cyber criminals access to the network where they can steal data or cause serious damage.

Computers work by running software that performs different operations. Operating systems, for example, are a list of instructions which the computer runs one after the other in order to do a task that the vendor intended.

From time to time, vendors will see the need to update their products to improve performance or to address some security issue and patch management is the process that makes changes to a program as per vendor’s specifications.

Why Would a Vendor want to update their software?

GFI LanGuard shows missing updates

GFI LanGuard shows missing updates

The primary reason is that the software contains errors. Errors in coding or more specifically in the logic flow of a program can lead to a malicious attacker exploiting the logic to make the program perform in a way that the vendor never intended it to. This could cause either a service disruption or, even worse, allow an attacker to manipulate the program so that it runs the code the attacker wants and, in so doing, giving him or her control over the system.

Programs are quite complex and based on millions of lines of such instructions. It is fair to say that every piece of software contains errors which cause some type of side effect. In many cases, these errors often go unnoticed, however if an error causes a major problem, then a vendor is in a race against time to correct the problem. The longer it takes to correct the errors, the greater the window of opportunity for malicious people exploit the error and target those who are using the software.

What are the risks if a system is unpatched?

Systems that are not regularly patched can experience a number of issues, including:

  • Intrusions – Malicious attackers can gain access to your system and:
    • Turn it into a botnet – your computer is taken over and used to launch attacks on other computers or used to send spam
    • Steal Information and/or install mechanisms to spy on all that happens on that computer and other PCs on your network in the future
    • Create /Install a Backdoor or Rootkit – The attacker might install software allowing him easy access to the computer even if the issue is subsequently patched
    • Hacktivism – The attacker might gain access to your web server in order to change it to display political/activism messages
    • Beachhead – the attacker might use this machine to run further attacks on your network to gain access to more critical/valuable systems
  • Denial of Service – The attacker might use the coding error to crash your system
  • Stability – Coding Errors are a problem not only when someone tries to exploit them but bad code can cause a system to fail on its own if not fixed.
  • Performance – Sometimes a vendor may issue a patch to boost the program’s performance and provide additional value to the customer.

Vendors do not issue patches if it is not essential for their customers. Creating a Patch involves a lot of work for a vendor in terms of development and testing. A robust patch management policy and system can help administrators promptly install patches when a vendor issues them and thereby ensure that systems are up-to-date and error-free.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on patch management.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

 

Filed Under: Tools, Tutorials Tagged With: , , ,

Why Does Your Organization Need Web Security?

August 29, 2011 By

(LiveHacking.Com) – Malware is a threat to businesses that is often found addressed in today’s news headlines. The term “malware” encompasses different types of malicious software which could infect your corporate network including viruses, worms, Trojans, spyware, adware, rootkits, crimeware and scareware.

In today’s business environment, most employees are careful when it comes to opening email attachments but are not always as cautious about clicking on links which can lead to a malware infection. With today’s sophisticated malware, the chances of a direct malware infection are high when downloading something from an infected website. Organizations find it extremely difficult to keep up with new malware and other security issues they need to address. Fortunately, businesses can now respond to possible malware threats through the use of internet monitoring software.

Internet monitoring software helps protect against web security threats by monitoring employees’ browsing activity. This software also helps enforce any internet usage policy a business has in place and can even be configured to block websites which employees are not allowed to access during business hours. To be truly effective, however, the internet monitoring software should include other essentials features. When shopping for new web filtering and web security software, keep the following features in mind:

  1. Web filtering should be very granular; meaning access to certain websites can be permitted or blocked based on an employee’s job requirements, the time of day, and the category of website. This will allow for easier administration of the software. Once configured, frequent changes should not be needed.
  2. Internet monitoring software should be able to protect the business from a variety of malware, spyware, and viruses. This is usually done using more than one type or version of virus/spyware engine. At minimum, at least two different types of virus/spyware protection should be included in any internet monitoring software you are considering.
  3. The solution should allow you to monitor and/or block certain downloads when necessary. You should also be able to block specific file types, such as mp3s, video files and zipped files, among others.
  4. Make sure that the web security solution you’re using is able to detect and warn users of possible phishing websites. Basically, this feature should tell the user whether he/she may be accessing known or suspected fake websites instead of the one they think they are actually linking to.
  5. Encrypted traffic should be inspected by internet monitoring software since it is one of the common ways of getting malicious traffic past firewalls and intrusion detection systems.
  6. Monitoring of outbound internet traffic will assist in preventing leakage of sensitive data/information either from an insider (i.e. employee or contractor) or from malicious software that is sending sensitive information to another location.

While this is not an all-encompassing list, it provides you with main features to look for when researching and selecting internet monitoring software to protect your business against any web security threats.

Editor note: This guest post was provided by Sean McCrearyon behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI Internet Monitoring Software.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Filed Under: Malware, Tutorials, Whitepaper Tagged With: , ,

4 Important Reasons to Use a Vulnerability Scanner

August 1, 2011 By

(LiveHacking.Com) — As a network administrator, could you honestly say that you are up-to-date on every new vulnerability which could affect the security of your operating systems and software products on your network? The sheer volume and frequency of this information makes it extremely difficult for a single individual to know it all, and other day-to-day tasks often get in the way. Using a vulnerability scanner can take off some of this responsibility from your shoulders, giving you peace of mind. Here are four reasons why using a vulnerability scanner will make your life easier:

GFI LANguard - Dashboard

GFI LANguard - Dashboard

  1. Good vulnerability scanners make use of highly detailed databases of known vulnerabilities and scan your systems to give you a realistic view of how secure they are. An extraordinary amount of manual checking would be required to stay in control of this without the help of dedicated software.
  2. It is practically impossible to manually keep track of certain small issues, such as individual open ports on a laptop or an antivirus product disabled by a user. Using a vulnerability scanner to alert you to these new security glitches reduces the quantity of manual checking that is otherwise required to ensure they don’t go unnoticed.
  3. Change management can be burdensome for a busy IT team, but if you fail to stay on top of it, it can be difficult to track the cause of new problems on your systems. A good vulnerability scanner maintains a list of significant network changes, and can also alert you to changes you may otherwise have been unaware of – a very useful feature if you have several technicians all capable of making configuration adjustments.
  4. You probably don’t enjoy trying to keep control of the numerous patches that have to be installed on your networked systems. Ranging from large operating system service packs to small patches that seal holes in software utilities, updates cannot be ignored. You can however minimize the late nights in the office and dark weekends in the server room by making use of the patch management facilities that form part of a robust vulnerability scanner solution.

These solutions also lower the risk of forgetting to apply important updates to those machines not instantly visible, such as the laptops hidden in desk drawers. Software auditing features can alert you when a machine appears on the LAN inadequately patched. Without these alerts, a computer runs the risk of being unprotected until is it picked up during your next manual update—not something that will be fun to explain to a chief executive if it results in your system being exploited.

Vulnerability scanners can remove some of the more routine and, let’s face it, sometimes rather dull tasks involved in managing an office network. At the same time, these solutions can help to ensure you meet all of your compliance obligations. Most importantly, they can help you, as an IT professional, to sleep more soundly at night!

Editor note: This guest post was provided by Ben Taylor on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI vulnerability scanner .

Disclaimer: All product and company names herein may be trademarks of their respective owners.

 

Filed Under: Tools, Tutorials Tagged With: , ,