Use Information Services to Identify Well Known and up to Date Security Gaps and Plug These

Maintain the currency of network system security

Identifying security gaps 2 Sources of information 2

Plugging gaps with appropriate hardware and/or software 4 Finding solutions 4 Software fixes 4 Hardware fixes 5

Summary 7 Check your progress 7

Reading: Maintain the currency of network system security 1 2005

Identifying security gaps

With the rapidly changing environment, especially due to the Internet and e- commerce systems, it is essential that security be taken seriously. Hackers love to find flaws in popular products and protocols. These are most likely to be the ones that most organisations are using to run their business. Vendors are normally quick to respond and provide fixes to the security gaps. Organisations must treat these fixes as an essential maintenance procedure.

Sources of information Not everyone cares what is going on in the world of information technology.

If you are taking this course because you love computers and you spend all your spare time surfing the Internet, you may find that statement strange. But there are people who see the computer as a tool and have other interests than to read every computer magazine.

However, from time to time, computer problems can make the six o’clock news and IT issues get to the masses. Usually these are virus alerts, and these are wakeup calls to organisations to ensure that they have kept their virus checking software up-to-date and have downloaded the latest virus checking files.

In the world of IT, every week there are also other announcements of security problems with popular software products or common standards. Some of these are limited to a very small number of users but others impact millions of users.

It is important that Network Administrators regularly check to ensure that the applications and protocols that they are using have not been compromised.

How do you check for security gaps?

Well the most popular and up-to-date source of information is the Internet.

A recent Google search using the keywords ‘computer security’ returned 3.25 million hits!

2 Reading: Maintain the currency of network system security 2005

Checking for problems and fixing them is now so important that organisations should include appropriate processes in their procedures and policy documentation. Administrators and other operators should be trained in the process of identifying and fixing security problems and vulnerability.

Activity

Visit http://www.sans.org/ and follow the link to ‘The top 20 most critical Internet security vulnerabilities’. These are very useful security alerts and information. Review some of the current warnings and consider the organisations that may be impacted by these.

Feedback

There are many Windows and UNIX systems, web servers, databases, etc, that have vulnerabilities. This website also includes tools that can test for the top 20 problems.

Sites such as http://www.itsecurity.com can also offer free updates and alerts.

Plugging gaps with appropriate hardware and/or software

Finding solutions Now I know that I have a problem. What can I do?

Usually the warnings will come with the solution. Usually the vendor will post the solution on their website and you will be able to download the fix.

Activity

For the problems you found out about in the previous activity, what are the solutions?

Feedback

There will be links to vendor sites or third party sites that will have fixes. These are usually free.

Software fixes By far the most common problems are with software products. The fix is usually a patch or service pack that plugs the gap (until the next one). The vendor of the software will normally provide files on their website that can be downloaded. You then follow the instructions and install the patch as you would any other software upgrade.

As with all software you may need to test it first. You may find that the patch conflicts with another application that you are running. In a large site the patch may need to be applied to all the desktop computers. This will need to be appropriately planned for.

Over a period of time you may have installed several fixes. Occasionally, the vendor will release a service pack or patch that contains several fixes. The administrator will need to keep copies of these since, if the system

needs to be rebuilt, then all the fixes and service packs need to be reloaded. This can get to be a complex recording procedure, especially if an organisation has lots of servers and workstations. Software vendors can now help by providing information about fixes that have been loaded.

For example, Microsoft now has:  a Windows update which will let you visit the Microsoft site and it will check out your computer for you  Microsoft Baseline Security Analyzer (MBSA) which is a free tool to check aspects of security in Microsoft products  Microsoft Network Security Hotfix Checker (HfNetChk) which can check the fixes on Windows Servers. This is part of MBSA.  a command line tool called Qfecheck.exe that tracks and verifies the fixes installed in Windows 2000 and XP.

Activity

Use the Microsoft Windows Update facility, from IE or from Start/Settings, to check out your computer system.

Download the patches that are considered critical for the continued safe and secure operation of your system. (You may be surprised as to how many vulnerabilities have been discovered.)

When they are downloaded, install them.

Hardware fixes Occasionally, the security problem is in a piece of hardware. This may be firmware code that is just like a piece of software or it may require certain parameters to be configured. Again, the best source of information is the vendor’s Internet site.

Alternatively, the solution to a problem may be a specific piece of hardware. For example, firewalls can be used to prevent certain types of hacker attacks and these now form an important part of a security policy.

Activity 1 Go to the Cisco website at http://www.cisco.com 2 Follow links to ‘Product and Services’ and ‘Security Advisory’. Then search for ‘Multiple Vulnerabilities in Cisco Secure Access Control Server’. 3 Read the document that describes Multiple Vulnerabilities in Cisco Secure Access Control Server. 4 Summarise how the problem may be solved.

Feedback

The problem may be solved by:  obtaining and installing a patch  installing upgraded software  using a workaround to temporarily remove the user accounts causing the problem.

Activity

Search for ‘intrusion detection system’ at the Cisco website at http://www.cisco.com. Review the features of the Intrusion Detection System. What types of attack can it detect?

Feedback

Types of attack that can be controlled include:  Named attacks — single attacks that have specific names or common identities such as Smurf, PHF, Land.  General category attacks — attacks that keep appearing in new variations with the same basic methodology such as Impossible IP Packet or IP fragmentation.  Extraordinary attacks — extremely complicated or multi-faceted attacks such as TCP hijacking or email spam.

If you are not sure of these types of attacks, use the Internet to research them.

Summary

The most popular and up-to-date source of information on security gaps is the Internet. For example, software vendor websites should be regularly scanned for known problems and fixes.

Software fixes are usually in the form of a patch or service pack that plugs the gap (until the next problem is discovered). The vendor of the software will normally provide files on their website that can be downloaded.

Hardware security problems are less common, and could include problems with hardware-related software.

The addition of hardware can also provide a solution to a security problem, such as installing a firewall to protect an organisation’s network data.

Check your progress Now you should try and do the Practice activities in this topic. If you’ve already tried them, have another go and see if you can improve your responses.

When you feel ready, try the ‘Check your understanding’ activity in the Preview section of this topic. This will help you decide if you’re ready for assessment.