How to Detect Security Vulnerabilities in Your Systems

By Gary S. Miliefsky
Tue, May 01, 2007

Network World

Exploiters on the Internet have caused billions of dollars in damages. These exploiters are intelligent cyber terrorists, criminals and hackers who have a plethora of tools available in their war chests ranging from spyware, rootkits, Trojans, viruses, worms, bots, and zombies to various other blended threats.

Exploits can be grown and harvested the same day a security hole is announced - in so-called "zero-day attacks" - so they are getting much harder to stop. Open source malware code, freely available on the Internet, is enabling this phenomenon and cannot be reversed. Although the number and types of exploits "in the wild" continues to rise exponentially, there are fewer than a dozen core methodologies used for their execution and proliferation. Most exploits can be removed, but some exist indefinitely and can only be destroyed or removed by loss of data - you've probably heard of these "rootkits." Most exploits will re-infect a host if a security hole, also known as the Common Vulnerability and Exposure (CVE), is not removed.

Many exploiters are doing it for profit. Just take a look here and you'll see where the US$10 billion in identity theft last year occurred the most.

Not all exploits are created equal. Most are evolutionary improvements on existing exploits. What's very interesting is that the average exploit currently has a dozen names. With the advent of the Common Malware Enumeration (CME) standard, there will be one shared, neutral indexing capability for malware but that will take years - probably more than five years, like the CVE standard which is still just starting to catch on, since its inception in 1999 by Mitre, now funded by the U.S. Department of Homeland Security.It is crucial today to prevent vulnerabilities across the enterprise and remove these CVEs - these security holes in your desktops, laptops and servers. Knowing what they are, where they are on your network, and how to remove them is more important than sniffing packets and listening for burglars.

According to USCERT, 95 percent of downtime and IT related compliance issues are a direct result of an exploit against a CVE. Your firewall, IDS, IPS, anti-virus software and other countermeasures don't look for or show you how to remove your CVEs. So you are really only 5 percent secure.

You probably never heard of a CVE, but you do know about Blaster, Msblast, LovSAN and the Nachi and Welchia worms which caused massive downtime and financial losses. They all exploited one CVE - one minor hole. It was a software flaw known as a buffer overflow in a certain service called the "DCOM interface for RPC" running in most Microsoft Windows operating systems which allowed hackers to send these exploits out and take advantage of most of the Windows systems that had this flaw.

Continue Reading

As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make to help achieve project success.
Learn how Gartner's criteria for next generation IPS helps organizations achieve effective threat prevention despite changes in network communications, new applications, and changes in the threat landscape.
3 minute Flash video - overview of the need for and value of Configuration Control.
Cloud deployments are playing a critical role in propelling innovation for many companies. At the same time security has become the #1 one of the top concerns for IT and business leaders as they migrate into the cloud. In this webinar, learn from Accenture discusses how to recast the cloud as a "fresh chance to rethink your approach to security."
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all Newsletters | Privacy Policy
Resource Center