In computer security, a vulnerability is a weakness which allows an .pdf

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's
information assurance. Vulnerability is the intersection of three elements: a system susceptibility
or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a
vulnerability, an attacker must have at least one applicable tool or technique that can connect to a
system weakness. In this frame, vulnerability is also known as the attack surface.
Vulnerabilities are flaws in computer software that create weaknesses in your computer or
network’s overall security. Vulnerabilities can also be created by improper computer or security
configurations. Threats exploit the weaknesses of vulnerabilities, resulting in potential damage to
the computer or its data.
The impact of a security breach can be very high. The fact that IT managers, or upper
management, can (easily) know that IT systems and applications have vulnerabilities and do not
perform any action to manage the IT risk is seen as a misconduct in most legislations.
Intrusion detection system is an example of a class of systems used to detect attacks. Some sets
of criteria to be satisfied by a computer, its operating system and applications in order to meet a
good security level have been developed: ITSEC and Common criteria are two examples.
Vulnerability falls under security like computer security, network security,etc.
How to mitigate the risk
§ Install Anti-Virus Software.
Ensure that reputable anti-virus software is installed on all computers. This should include all
servers, PCs and laptops. If employees use computers at home for business use or to remotely
access the network, these PCs should also have anti-virus software installed.
§ Ensure that the anti-virus software is up to date.
Everyday new computer viruses are being released and it is essential that businesses are
protected from these viruses by keeping the anti-virus software up to date. If possible, companies
should look at policies whereby computers that do not have the most up to date anti-virus
software installed are not allowed to connect to the network.
§ Employ a firewall to protect networks.
As computer viruses can spread by means other than email, it is important that unwanted traffic
is blocked from entering the network by using a firewall. For users that use computers for
business away from the protection of the company’s network, such as home PCs or laptops, a
personal firewall should be installed to ensure the computer is protected.
§ Filter all email traffic.
All incoming and outgoing email should be filtered for computer viruses. This filter should
ideally be at the perimeter of the network to prevent computer viruses. Emails with certain file
attachments commonly used by computer viruses to spread themselves, such as .EXE, .COM and

.SCR files, should also be prevented from entering the network.
§ Educate all users to be careful of suspicious e-mails.
Ensure that all users know to never open an attachment or to click on a link in an email they are
not expecting. Even when the email is from a known source, caution should be exercised when
opening attachments or clicking on links in emails. Criminals use the trust placed in an email
contact you know to trick you into clicking on a link or attachment.
§ Scan Internet Downloads.
Ensure that all files downloaded from the Internet are scanned for computer viruses before being
used. Ideally this scanning should be done from one central point on the network to ensure that
all files are properly scanned.
§ Don’t run programs of unknown origin.
It is important that you use a trusted source for your software requirements. This is to ensure
that all software installed can be accounted for and that its sources can be confirmed to be
legitimate. Apart from ensuring that the correct licensing agreements are in place, using a trusted
supplier can help reduce the risk of software infected with a virus compromising your business.
All users should be educated to never run a computer program unless the source is known or has
originated from a person or company that is trusted.
§ Implement a vulnerability management program.
Most computer viruses and worms try to exploit bugs and vulnerabilities within the operating
system and applications that companies use. New vulnerabilities are introduced into networks
every day, be that from installing new software and services, making changes to existing systems
or simply from previously undiscovered vulnerabilities coming to light. It is important to
regularly review your network and the applications running on it for new vulnerabilities. Any
discovered vulnerabilities should be rated and prioritized regarding their criticality and the
potential business impact they could have. Once this has been done, a plan on how to manage
those vulnerabilities, either by patching, upgrading, or managing the vulnerability using tools
such as firewalls or Intrusion Detection Systems should be put into place.
§ Make regular backups of critical data.
It is important to ensure that regular copies of important files are kept either on removable
media such as portable drives or tape to ensure you have a trusted source for data in the event
that the network is infected with a computer virus. Not only will this ensure that important data is
available in the event of a computer virus infecting the company’s network, backups will also
enable the company to restore systems to software that is known to be free from computer virus
infection. For added security you should store these backups securely offsite. That way should a
major disaster happen to the business, e.g. the building goes on fire, the data will remain safe in
the secure offsite location and can be restored quickly in a new facility

§ Develop an Information Security Policy.
The creation and publication of an Information Security Policy is key to ensuring that
information security receives the profile it requires in the organisation and is the first critical step
in securing the company’s systems and data. It is important that senior management support the
Information Security Policy and that all users are made aware of their roles and responsibilities
under this policy.
§ Monitor logs and systems.
Regular monitoring of network and system logs can assist in the early identification of a
computer virus infecting the network or other attacks by criminals. Unusual traffic patterns or
log entries could indicate that the network has been infected or that its security has been
compromised. As well as monitoring for suspicious traffic and events, it is important that logs
for other devices are checked regularly to ensure that the network remains protected. Log files
for the backups should be checked regularly to ensure that the backups succeeded, likewise the
log files for anti-virus software deployed should be regularly checked to ensure that all PCs are
running the latest version of the anti-virus software.
§ Develop an Incident Response Plan.
Knowing what to do when a computer virus enters the network or when you suffer a security
breach is critical to minimise the damage they may cause, both to the business and also to
customers and suppliers. The incident response plan should outline the roles and responsibilities
that people have in the event of a computer virus infecting the network or indeed any other type
of security breach. This plan should be drawn up and agreed between all relevant parties before
an incident occurs. Remember, the worst time to develop a security incident response plan is in
the middle of such an incident.
§ Restrict end user access to systems
Where possible, end users should not be given administrative privileges to their workstations.
Most computer viruses can only run in the context of the user that is logged into the system, i.e.
they only have the same permissions as the user running the program. If that user has their access
restricted, then the virus will be similarly restricted. Unfortunately many applications designed
for the Windows platform require the end user to have such privileges; however these users
should be the exception rather than the rule.
Vulnerabilities are related to:
Physical environment of the system
The personnel management
Administration procedures and security measures within the organization
Business operation and service delivery
Hardware

Software
Communication equipment and facilities and their combinations.
Personal Vulnerability:
If you do not take measures to keep your computer safe, your computer -- and you -- could
become the target of a cybercrime. Cybercrimes are those instances when criminals, known as
hackers or attackers, access your computer for malicious reasons. You can fall victim any time
you are on an unprotected computer, receive a deceptive email claiming there is an “urgent
matter”. They might be seeking sensitive, personal identification information stored on your
computer, like credit card numbers or private account logins they use for financial gain or to
access your online services for criminal purposes. Or they could want your computer’s resources,
including your Internet connection, to increase their bandwidth for infecting other computers.
This also allows them to hide their true location as they launch attacks. The more computers a
criminal hides behind, the harder it becomes for law enforcement to figure out where the
criminal is. If the criminal can’t be found, he can’t be stopped and prosecuted.
Technical Vulnerability:
A hardware, firmware, or software weakness or design deficiency that leaves an automated
information system open to potential exploitation either externally or internally, thereby resulting
in risk or compromise of information, alteration of information, or denial of service. Technical
vulnerability information, if made available to unauthorized persons, may allow an AIS to be
exploited,resulting in potentially serious damage to national security.
Operational Vulnerability:
Applications like Adobe, Google, Java, common web browsers and browser plugins/extensions
are some of the most vulnerable applications and therefore the applications targeted by cyber-
crime organizations. If you are using these applications then you should consider it a high
priority to patching these applications to stay protected and safe.
When people think about security breaches, they often think about vulnerabilities in Microsoft
operating systems and applications. While hackers primarily targeted vulnerabilities in Microsoft
operating systems and applications in the past, they have increasingly turned their attention to
vulnerabilities affecting commonly used Windows applications from vendors other than
Microsoft because Microsoft has become more adept at minimizing the number of zero day
vulnerabilities and mechanisms have been developed to effectively remediate such
vulnerabilities.
The National Vulnerability Database, ranks the 15 most vulnerable applications based on the
total number of vulnerabilities and severity of those vulnerabilities. While the list does include
three Microsoft applications (Internet Explorer, Office and Visio), you can see that the vast
majority of applications on the list are from vendors other than Microsoft. To highlight the key

commonality here is many of these you can see are Internet Based applications.
Physical Vulnerability:
Overt assault against or attack upon the physical environment (e.g., mob action) is a type of
vulnerability outside the scope of this Report.
Security controls applied to safeguard the physical equipment apply not only to the computer
equipment itself and to its terminals, but also to such removable items as printouts, magnetic
tapes, magnetic disc packs, punch cards, etc. Adequate DOD regulations exist for dissemination,
control, storage, and accountability of classified removable items. Therefore, security measures
for these elements of the system are not examined in this Report unless there are some unique
considerations. The following general guidelines apply to physical protection.
(a) The area containing the central computing complex and associated equipment (the machine
room or operational area) must be secured to the level commensurate with the most highly
classified and sensitive material handled by the system.
(b) Physical protection must be continuous in time, because of the threat posed by the possibility
of physical tampering with equipment and because of the likelihood that classified information
will be stored within the computer system even when it is not operating.
(c) Remote terminal devices must be afforded physical protection commensurate with the
classification and sensitivity of information that can be handled through them. While
responsibility for instituting and maintaining physical protection measures is normally assigned
to the organization that controls the terminal, it is advisable for a central authority to establish
uniform physical security standards (specific protection measures and regulations) for all
terminals in a given system to insure that a specified security level can be achieved for an entire
system. Terminal protection is important in order to:
Prevent tampering with a terminal (in stalling intelligence sensors);
Prevent visual inspection of classified work in progress;
Prevent unauthorized persons from trying to call and execute classified programs or obtain
classified data.
If parts of the computer system (e.g., magnetic disc files, copies of printouts) contain unusually
sensitive data or must be physically isolated during maintenance procedures, it may be necessary
to physically separate them and independently control access to them. In such cases, it may be
practical to provide direct or remote visual surveillance of the ultra-sensitive areas. If visual
surveillance is used, it must be designed and installed in such a manner that it cannot be used as a
trap-door to the highly sensitive material it is intended to protect.
Solution

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's
information assurance. Vulnerability is the intersection of three elements: a system susceptibility
or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.[1] To exploit a
vulnerability, an attacker must have at least one applicable tool or technique that can connect to a
system weakness. In this frame, vulnerability is also known as the attack surface.
Vulnerabilities are flaws in computer software that create weaknesses in your computer or
network’s overall security. Vulnerabilities can also be created by improper computer or security
configurations. Threats exploit the weaknesses of vulnerabilities, resulting in potential damage to
the computer or its data.
The impact of a security breach can be very high. The fact that IT managers, or upper
management, can (easily) know that IT systems and applications have vulnerabilities and do not
perform any action to manage the IT risk is seen as a misconduct in most legislations.
Intrusion detection system is an example of a class of systems used to detect attacks. Some sets
of criteria to be satisfied by a computer, its operating system and applications in order to meet a
good security level have been developed: ITSEC and Common criteria are two examples.
Vulnerability falls under security like computer security, network security,etc.
How to mitigate the risk
§ Install Anti-Virus Software.
Ensure that reputable anti-virus software is installed on all computers. This should include all
servers, PCs and laptops. If employees use computers at home for business use or to remotely
access the network, these PCs should also have anti-virus software installed.
§ Ensure that the anti-virus software is up to date.
Everyday new computer viruses are being released and it is essential that businesses are
protected from these viruses by keeping the anti-virus software up to date. If possible, companies
should look at policies whereby computers that do not have the most up to date anti-virus
software installed are not allowed to connect to the network.
§ Employ a firewall to protect networks.
As computer viruses can spread by means other than email, it is important that unwanted traffic
is blocked from entering the network by using a firewall. For users that use computers for
business away from the protection of the company’s network, such as home PCs or laptops, a
personal firewall should be installed to ensure the computer is protected.
§ Filter all email traffic.
All incoming and outgoing email should be filtered for computer viruses. This filter should
ideally be at the perimeter of the network to prevent computer viruses. Emails with certain file
attachments commonly used by computer viruses to spread themselves, such as .EXE, .COM and
.SCR files, should also be prevented from entering the network.

§ Educate all users to be careful of suspicious e-mails.
Ensure that all users know to never open an attachment or to click on a link in an email they are
not expecting. Even when the email is from a known source, caution should be exercised when
opening attachments or clicking on links in emails. Criminals use the trust placed in an email
contact you know to trick you into clicking on a link or attachment.
§ Scan Internet Downloads.
Ensure that all files downloaded from the Internet are scanned for computer viruses before being
used. Ideally this scanning should be done from one central point on the network to ensure that
all files are properly scanned.
§ Don’t run programs of unknown origin.
It is important that you use a trusted source for your software requirements. This is to ensure
that all software installed can be accounted for and that its sources can be confirmed to be
legitimate. Apart from ensuring that the correct licensing agreements are in place, using a trusted
supplier can help reduce the risk of software infected with a virus compromising your business.
All users should be educated to never run a computer program unless the source is known or has
originated from a person or company that is trusted.
§ Implement a vulnerability management program.
Most computer viruses and worms try to exploit bugs and vulnerabilities within the operating
system and applications that companies use. New vulnerabilities are introduced into networks
every day, be that from installing new software and services, making changes to existing systems
or simply from previously undiscovered vulnerabilities coming to light. It is important to
regularly review your network and the applications running on it for new vulnerabilities. Any
discovered vulnerabilities should be rated and prioritized regarding their criticality and the
potential business impact they could have. Once this has been done, a plan on how to manage
those vulnerabilities, either by patching, upgrading, or managing the vulnerability using tools
such as firewalls or Intrusion Detection Systems should be put into place.
§ Make regular backups of critical data.
It is important to ensure that regular copies of important files are kept either on removable
media such as portable drives or tape to ensure you have a trusted source for data in the event
that the network is infected with a computer virus. Not only will this ensure that important data is
available in the event of a computer virus infecting the company’s network, backups will also
enable the company to restore systems to software that is known to be free from computer virus
infection. For added security you should store these backups securely offsite. That way should a
major disaster happen to the business, e.g. the building goes on fire, the data will remain safe in
the secure offsite location and can be restored quickly in a new facility
§ Develop an Information Security Policy.

The creation and publication of an Information Security Policy is key to ensuring that
information security receives the profile it requires in the organisation and is the first critical step
in securing the company’s systems and data. It is important that senior management support the
Information Security Policy and that all users are made aware of their roles and responsibilities
under this policy.
§ Monitor logs and systems.
Regular monitoring of network and system logs can assist in the early identification of a
computer virus infecting the network or other attacks by criminals. Unusual traffic patterns or
log entries could indicate that the network has been infected or that its security has been
compromised. As well as monitoring for suspicious traffic and events, it is important that logs
for other devices are checked regularly to ensure that the network remains protected. Log files
for the backups should be checked regularly to ensure that the backups succeeded, likewise the
log files for anti-virus software deployed should be regularly checked to ensure that all PCs are
running the latest version of the anti-virus software.
§ Develop an Incident Response Plan.
Knowing what to do when a computer virus enters the network or when you suffer a security
breach is critical to minimise the damage they may cause, both to the business and also to
customers and suppliers. The incident response plan should outline the roles and responsibilities
that people have in the event of a computer virus infecting the network or indeed any other type
of security breach. This plan should be drawn up and agreed between all relevant parties before
an incident occurs. Remember, the worst time to develop a security incident response plan is in
the middle of such an incident.
§ Restrict end user access to systems
Where possible, end users should not be given administrative privileges to their workstations.
Most computer viruses can only run in the context of the user that is logged into the system, i.e.
they only have the same permissions as the user running the program. If that user has their access
restricted, then the virus will be similarly restricted. Unfortunately many applications designed
for the Windows platform require the end user to have such privileges; however these users
should be the exception rather than the rule.
Vulnerabilities are related to:
Physical environment of the system
The personnel management
Administration procedures and security measures within the organization
Business operation and service delivery
Hardware
Software

Communication equipment and facilities and their combinations.
Personal Vulnerability:
If you do not take measures to keep your computer safe, your computer -- and you -- could
become the target of a cybercrime. Cybercrimes are those instances when criminals, known as
hackers or attackers, access your computer for malicious reasons. You can fall victim any time
you are on an unprotected computer, receive a deceptive email claiming there is an “urgent
matter”. They might be seeking sensitive, personal identification information stored on your
computer, like credit card numbers or private account logins they use for financial gain or to
access your online services for criminal purposes. Or they could want your computer’s resources,
including your Internet connection, to increase their bandwidth for infecting other computers.
This also allows them to hide their true location as they launch attacks. The more computers a
criminal hides behind, the harder it becomes for law enforcement to figure out where the
criminal is. If the criminal can’t be found, he can’t be stopped and prosecuted.
Technical Vulnerability:
A hardware, firmware, or software weakness or design deficiency that leaves an automated
information system open to potential exploitation either externally or internally, thereby resulting
in risk or compromise of information, alteration of information, or denial of service. Technical
vulnerability information, if made available to unauthorized persons, may allow an AIS to be
exploited,resulting in potentially serious damage to national security.
Operational Vulnerability:
Applications like Adobe, Google, Java, common web browsers and browser plugins/extensions
are some of the most vulnerable applications and therefore the applications targeted by cyber-
crime organizations. If you are using these applications then you should consider it a high
priority to patching these applications to stay protected and safe.
When people think about security breaches, they often think about vulnerabilities in Microsoft
operating systems and applications. While hackers primarily targeted vulnerabilities in Microsoft
operating systems and applications in the past, they have increasingly turned their attention to
vulnerabilities affecting commonly used Windows applications from vendors other than
Microsoft because Microsoft has become more adept at minimizing the number of zero day
vulnerabilities and mechanisms have been developed to effectively remediate such
vulnerabilities.
The National Vulnerability Database, ranks the 15 most vulnerable applications based on the
total number of vulnerabilities and severity of those vulnerabilities. While the list does include
three Microsoft applications (Internet Explorer, Office and Visio), you can see that the vast
majority of applications on the list are from vendors other than Microsoft. To highlight the key
commonality here is many of these you can see are Internet Based applications.

Physical Vulnerability:
Overt assault against or attack upon the physical environment (e.g., mob action) is a type of
vulnerability outside the scope of this Report.
Security controls applied to safeguard the physical equipment apply not only to the computer
equipment itself and to its terminals, but also to such removable items as printouts, magnetic
tapes, magnetic disc packs, punch cards, etc. Adequate DOD regulations exist for dissemination,
control, storage, and accountability of classified removable items. Therefore, security measures
for these elements of the system are not examined in this Report unless there are some unique
considerations. The following general guidelines apply to physical protection.
(a) The area containing the central computing complex and associated equipment (the machine
room or operational area) must be secured to the level commensurate with the most highly
classified and sensitive material handled by the system.
(b) Physical protection must be continuous in time, because of the threat posed by the possibility
of physical tampering with equipment and because of the likelihood that classified information
will be stored within the computer system even when it is not operating.
(c) Remote terminal devices must be afforded physical protection commensurate with the
classification and sensitivity of information that can be handled through them. While
responsibility for instituting and maintaining physical protection measures is normally assigned
to the organization that controls the terminal, it is advisable for a central authority to establish
uniform physical security standards (specific protection measures and regulations) for all
terminals in a given system to insure that a specified security level can be achieved for an entire
system. Terminal protection is important in order to:
Prevent tampering with a terminal (in stalling intelligence sensors);
Prevent visual inspection of classified work in progress;
Prevent unauthorized persons from trying to call and execute classified programs or obtain
classified data.
If parts of the computer system (e.g., magnetic disc files, copies of printouts) contain unusually
sensitive data or must be physically isolated during maintenance procedures, it may be necessary
to physically separate them and independently control access to them. In such cases, it may be
practical to provide direct or remote visual surveillance of the ultra-sensitive areas. If visual
surveillance is used, it must be designed and installed in such a manner that it cannot be used as a
trap-door to the highly sensitive material it is intended to protect.

In computer security, a vulnerability is a weakness which allows an .pdf

Related slideshows

More Related Content

In computer security, a vulnerability is a weakness which allows an .pdf