Vulnerabilities are weakness in the security system, for example, in procedures, design, or implementation that might be exploited to cause loss or harm. This category includes only general explanation of vulnerabilities. System/Application specific information is available in Attacks category.
Software Vulnerabilities
Deletion. Because of software's high value to a commercial computing center, access to software is usually carefully controlled through a process called configuration management so that software is not deleted, destroyed, or replaced accidentally.
Modification.
Logic bomb - changes made so that a program fails when certain conditions are met or when a certain date or time is reached. Trojan horse - a program that overtly does one thing while doing another
Virus - a specific type of Trojan horse that can be used to spread its "infection" from one computer to another Trapdoor - a program that has a secret entry point Information leaks - code that makes information accessible to unauthorized people or programs Theft - unauthorized copying of software.
Software Vulnerabilities
Buffer Overflow Incomplete Mediation Time-of-Check to Time-of-Use Errors Virus Trojan Horse Logic Bomb Time Bomb Worm Rabbit
Data Vulnerabilities
Confidentiality. Data can be gathered by many means, such as tapping wires, planting bugs in output devices, sifting through trash receptacles, monitoring electromagnetic radiation, bribing key employees, inferring one data point from other values, or simply requesting the data. Because data are often available in a form people can read, the confidentiality of data is a major concern in computer security. Integrity. Data are especially vulnerable to modification. Small and skillfully done ways. Network.= Networks are specialized collections of hardware, software, and such, it experiences all the normal security problems. modifications may not be detected in ordinary
Access=Access to computing equipment leads to three types of vulnerabilities. Intruder may steal computer time to do general-purpose computing that does not attack the integrity of the system itself. Malicious access to a computing system, whereby an intruding person or system actually destroys software or data. Unauthorized access may deny service to a legitimate user.
People= People can be crucial weak points in security. In particular, a disgruntled employee can cause serious damage by using inside knowledge of the system and the data that are manipulated.
Network Vulnerabilities
o o o o o o o o o o o o o o o o
Eavesdropping Session Hijacking Man in the Middle Addressing errors Cookie Malicious active code: Java, ActiveX Protocol Flaw Eavesdropping Passive wiretap Misdelivery Protocol flaw Transmission or component failure Denial of Service DNS Attack Traffic redirection Distributed Denial of Service
TOOL
Vulnerability Management
GFI LANguard performs network scans using vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network, including any virtual environment, is scanned. GFI LANguard allows you to analyze the state of your network security and take action before it is compromised.
Patch Management
When a network scan is complete, GFI LANguards Patch Management gives you what you need to effectively deploy and manage patches on all machines across different Microsoft operating systems and products in 38 languages. Not only can you automatically download
missing Microsoft security updates, but you can also automatically deploy the missing Microsoft patches or service-packs throughout your network at the end of scheduled scans.
Network Auditing
GFI LANguards Network Auditing tells you all you need to know about your network by retrieving hardware information on memory, processors, display adapters, storage devices, motherboard details, printers, and ports in use. Using baseline comparisons you can check whether any hardware was added or removed since the last scan. GFI LANguard will identify and report unauthorized software installations and provide alerts or even automatically uninstall unauthorized applications.
Firewall considerations
Firewalls installed on either the host or target computer(s) will interfere With the operations of GFI LANguard You must either: Disable the firewall software on the host/target computer(s) Or Use the Windows Internet Connection Firewall domain policies to configure the necessary ports and services required by GFI LANguard to operate correctly. For more information on how to configure Active Directory policies to support scanning of/from computers running the Windows Internet Connection Firewall (XP SP2 or 2003 SP1) visit:
Installation procedure
To install GFI LANguard 9: 1. Double-click on languardnss9.exe and click next on the welcome screen. 2. Read the licensing agreement carefully. To proceed with the installation, select I accept the terms of the license agreement and click Next. 3. Type the username and the company name. If you bought a license for GFI LANguard, type it in the License Key box. If you do not have a license yet and want to evaluate GFI LANguard for 10 days, leave the default EVALUATION license key in the License Key box. Click Next to continue
4. Specify the service account under which GFI LANguard will be running and click Next. NOTE: GFI LANguard requires administrative privileges to scan network computers. For more information on how to specify different administrator credentials on a computer-by-computer basis refer to the Computer Profiles section in this manual. 5. To install GFI LANguard to the default location, click Next to continue. Alternatively, to specify a custom installation folder click Browse , select a new installation path and click Next to continue.
6. GFI LANguard will prompt you to install the complimentary ReportPack. Select Download and install GFI LANguard ReportPack and its prerequisites to install the ReportPack. Click Next to proceed. 7. GFI LANguard has now finished installing. To launch GFI LANguard immediately, click on Finish. To launch GFI LANguard later, unselect Launch GFI LANguard 9.0 and click Finish.
database, configuration data and all the logs and debug information files. To delete any of this data from your new installation of GFI LANguard 9, select the appropriate box and click Next. 4. Once the uninstall of the previous version is complete, continue the installation by following the instructions listed in the installation procedure section above.
When you obtain the 30-day evaluation key or the purchased licensed key, you can enter your license key without re-installing or reconfiguring the product. To achieve this: 1. Launch GFI LANguard management console 2. Select General tab .. Licensing 3. In the right pane click on Change license key 4. Insert your new license key in the textbox provided. For more information on GFI LANguard licensing visit:
Troubleshooting
Introduction
The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main
sources of information available to users are: The manual most issues can be solved by reading this manual. GFI Knowledge Base articles Web forum Contacting GFI Technical Support
Knowledge Base
GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most uptodate listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.
Web Forum
User to user technical support is available via the web forum. The forum can be found at: http://forums.gfi.com/.
Build notifications
We strongly suggest that you subscribe to our build notifications list. This way, you will be immediately notified about new product builds. To subscribe to our build notifications, visit: http://www.gfi.com/pages/productmailing.htm.
Vulnerability and Risk Assessment Network Discovery and Patch Assessment Policy Compliance and Audit Reporting
NETWORK vulnerabilities are an increasingly common issue in today's highly complex computing environments. With exploit attacks appearing faster than ever before, it has become significantly more challenging for organizations to protect against attack. A notable case in point is the Sasser worm. Sasser was based on exploit code released two days earlier and only 18 days after the initial vulnerability was announced. With such a dynamic threat environment to contend with, IT professionals need a proactive security management strategy that goes beyond routine patch deployment. To meet the challenge, and reduce overall network security TCO in the process, organizations are adopting integrated security and threat management solutions from eEye Digital Security. Retina Network Security is a professional-grade security solution with a lengthy track record of success and industry leadership.Retina contains all the integrated security and threat management tools needed to effectively identify and remediate the Network vulnerabilities that lead to exposure and malicious attacks. Retina secures
networks by:
Accurately discovering all the assets in thenetwork Infrastructure includingoperating system platforms, networked devices, databases and third party or customapplications. Retina also discovers wireless devices and their configurations, ensuring Implementing corporate policy driven scans to audit int these connections can be audited for the appropriate security settings. Additionally,Retina scans active ports and confirms the services associated with those ports.ernal security guidelinesand ensure that configuration requirements are enforced and comply with definedstandards. These custom scans can also assist with meeting any regulatory compliancerequirements (SOX, HIPAA, GLB, PCI etc) customers may face. Remotely identifying system level vulnerabilities to mimic an attacker's point ofview, providing information that an outsider would see about your Network. Theseremote checks do not require administrator rights, providing an accurate assessment,with fewer resources required to scan across departments, locations or geographies
Incorporating the most comprehensive vulnerabilities database and scanning technology available, allowing users to proactively secure their networks against was developed and is constantly updated by the eEye Research Team, leveraging its expertise and superior vulnerability discovery methodology. Updates are automatically uploaded at the beginning of each Retina session. Providing a workflow approach to vulnerability management. Retina's user interface allows for multiple views and reporting options with which to analyze assessment data. This gives users the opportunity to view assets criticality correlated with complete vulnerability data. This approach allows users to effectively prioritize remediation efforts