Introduction
List and define what the root causes of vulnerabilities are.
Vulnerabilities are considered as components that affect the security of a computer machine and interfere with the proper functioning of both hardware and software. The root causes of vulnerabilities are due to the attack where there is a penetration of a substance that exploits the programs. The root causes of vulnerabilities include: security misconfiguration settings, the kernel flaws, the buffer overflows, insufficient input validation, symbolic links, file descriptor attacks, race conditions and incorrect file and directory permissions. These vulnerabilities are interferes with the security of computers after they penetrates into the system.
How can these root causes be eliminated?
The root causes of vulnerability can be eliminated using the following ways:
- Organizations are required to determine the desired security state in their surroundings. This will involve use of the correct devices, service configuration, and the authoritative rules in access and control of the resources.
- Prioritize the vulnerabilities. Ensuring that there are no violations of the policy and they are categorized with the help of the risk and the effort-based criteria.
- Shield the entire system. Organizations must be in the frontline to minimize the damages that develops due to vulnerabilities by implementation of compensation controls.
- Mitigate the vulnerabilities. This will be achieved through the patching vulnerable services, the change of the vulnerable configurations, and the use of application updates that removes vulnerable codes.
- Maintenance and monitoring; the vulnerabilities management must be an ongoing process and it should not take place at specific durations but throughout. This is because the computing environments and technologies warrant changes.
Who in an organization should be responsible for eliminating the root causes?
The top management which includes the chief executive officers and the managers must ensure that they allocate the funds to accommodate the elimination of the root causes of vulnerabilities. The middle level managers and the other work force are held more responsible since they are in direct contact with the systems in the daily activities of an organization.
Various testing viewpoints
- Vulnerability scan; it is the use of automated tools to counterpart conditions linked to vulnerabilities. Its advantage is that it eliminates the false positives since it uses the existing credentials for authenticity. Its disadvantage is that the existence of the level of vulnerabilities appears in isolation.
- Vulnerability assessment; it is the application of discovery and vulnerability scan to identify the vulnerabilities and categorize the findings in an environmental perspective under testing. Its disadvantage is that it requires the combination of two testing viewpoints and one can fail.
- Security assessment; it depends on vulnerability assessment and adds verification manually so as to confirm the exposure but it does not involve exploiting vulnerabilities in gaining of further access. It has a limitation in that it does not test the depth of exposure that susceptibility can lead to.
- Penetration test; it focuses on the launch of real attacks on the computer systems and the data tools used by the attackers. Its advantage is that it promotes the defenders ability to detect real attacks and respond appropriately. It also engages the use of additional countermeasures that mitigates threats facing the system. Its disadvantage is because it uses the non-technical attack methods.
- Security audit; it is guided by a risk function to focus on a detailed control or issues in compliance. It has an advantage because it covers a narrow scope and utilizes all the other security testing viewpoints. Its disadvantage is due to the fact that it requires an audit or risk function to operate.
Discuss the problems that assessors can face when they conduct an assessment. How can each problem be mitigated?
- Resistance- it comes from the system developers, system administrators and from the end users. Resistance can be due to fear of collapse of network availability, inconveniences and the resistance to change. The problem is mitigated through approval and support by the top management and the incorporation of security assessments in an organization security policy.
- Lack of realism- the systems settings are modified to appear more secure and resist any attack but these changes are looked upon during the assessment period. The problem is addressed by the provision of no advance assessment notice to the system administrators and users.
- Time- the security assessment takes place abruptly with narrow timeframes therefore it cannot test the critical systems and wide and complicated networks. The solution to the problem is the need to test the system at off-hours.
- Evolving technology- the assessors must be on toes to discover the emerging technologies and the testing techniques. This can be solved by the ability of the budget to fund training and seminars that will update the assessors on the current technologies.
- Resources- assessors are victims when it comes to obtaining adequate resources that will be used in the assessment. The use of commercial assessment software requires the renewal of licenses that will ensure the contract does not expire. The solution to this is need for equal distribution of resources at all level of an organization and employment of skilled assessors.