A Beginners Guide to Network Vulnerability Assessment and Management:
In this tutorial, we will explore the concept of network vulnerability with reference to a computer and network security.
Network security is a huge topic. In our earlier tutorials, we have discussed on various security protocols, firewall, and security management, but here we will see the definition, classification, causes, consequences, and few examples of network vulnerability.
We will also discuss vulnerability scanning and vulnerability assessment processes in detail.
What You Will Learn:
- What is Network Vulnerability
- Vulnerability Assessment
- Vulnerability Scanning
- Vulnerability Management Process
What is Network Vulnerability
From the security point of view of a hardware system like PC or a network, vulnerability is a flaw in the system which can be oppressed by a third party like a hacker for pursuing unauthorized activities within the system and the network.
Sometimes vulnerability is also known as the attack surface as it provisions the attacker the base with which it can exploit the system.
It can also be referred to as the flaw in the design, implementation, construction, operation, and maintenance of a network or system which will affect or ravage the overall security policies and management of the network.
Often people get confused with vulnerability and security risk. But, both are different as the risk involved is the chances of an attack on any network by various means to exploit the vulnerability.
Classification of Vulnerability
Based on the kind of asset, we will classify the type of vulnerabilities:
- Hardware Vulnerability– It refers to the flaws that arise due to hardware issues like excessive humidity, dust and unprotected storage of the hardware.
- Software Vulnerability– The flaw in the design technique of the project, inappropriate testing and lack of timely audit of assets, lead to the software vulnerability.
- Network Vulnerability: Due to the use of open network connections, unprotected network architecture and weak communication channel this type of issues arise.
- Physical Vulnerability: If the system is located in an area which is subject to heavy rain, flood or unstable power supply, etc. then it is prone to physical vulnerability.
- Organization Vulnerability: This vulnerability arises due to the use of inappropriate security tools, audit rules and flaws in administrative actions.
Causes of Vulnerability
Briefed below are the various causes of Vulnerability.
- The complex and huge structure of the networks will be a possible cause of flaws in the architecture which will lead to vulnerability.
- Deploying the similar kind of hardware, network design, software tools, the coding system, etc will increase the chances for the hacker to easily crack the code of the system and the system will become prone to exploitation.
- Systems which are more dependent on physical network connections and port connectivity are having more probability of vulnerability.
- The networking systems and PC’s which are using weak passwords for security purpose will be easily exploited by the attacker.
- The operating systems which easily give access to any of the software program and each of the user who wants to access it get hacked easily by the attacker and they can make changes in the program for their benefits.
- Many of the websites on the Internet, when we are browsing them contain harmful malware and other viruses which can be installed on our system by themselves when we visit them. Thus the system will get infected by those viruses and any information can be leaked from the computer by those viruses.
- An exploitable software bug in the software program will lead to a software vulnerability.
8 Most Common Network Security Vulnerabilities
Given below are some of the common Network Security Vulnerabilities.
#1) USB thumb drives:
The use of USB drives is the most usual way in which any networking system can get affected. Even the firewall will not be able to stop the virus attack as these are used between many PC’s to exchange a large amount of data information and can carry lots of data within it.
The USB drives which are infected with viruses such as worm are automatically installed on the OS and are connected to the USB port as most of the OS by default allows these programs to run.
Remedy: We can stop automatically installing these into the OS by changing the default settings in the operating systems and can make them more secure towards the USB drive virus attacks.
#2) Laptop and Notebooks: The devices like laptops and notebooks are very handy and portable and are equipped with all the latest technology drivers, OS and have Ethernet port as well through which it can be connected easily with any networking system.
Laptops are very unsafe from an organization point of view, an employee’s laptop contains confidential data like employee’s salary, address, contact information, personal data, company’s crucial database and personal banking passwords etc.
Any organization can’t bear to leak all this information as it will impact the business and the organization can suffer from the business loss.
Remedy: All the confidential and crucial data should be stored in the encrypted form so that no third party can easily access it. The rights to access the database should be limited or reserved. In addition to this, only the LAN port should be enabled and all the other ports should be disabled by the administrator.
#3) Miscellaneous USB devices: Apart from the USB thumb drives, there are some other devices that are present in the network with the ability to read and store data within them and can expose your system to vulnerability.
The devices such as digital camera, printer, scanner, MP3 player etc, which are infected with the virus will come in contact with your system through the USB port and can harm your networking system.
Remedy: Impose such policies which can control the automatic running of the USB port programs on your system.
#4) Optical Media: The optical media is the carrier of a crucial data packet which is exchanged in the WAN networking system for long distance communication. Hence, the data from these links as well can be leaked or misused by the third party for the benefits someone else as in the case of USB devices.
Remedy: The management needs to impose such policies and asset control rules which can monitor and control the misuse of data.
#5) E-mail: E-mail is the most common source of communication within an organization or between various organizations for business purposes. Any company uses e-mail for sending and receiving the data. But e-mail is more frequently misused as it can be easy to forward to anyone.
Also, at times, e-mails carry the viruses which can learn the destination host credentials and then the hacker can easily access the emails of that employee of the organization from anywhere. They can further misuse it for other unauthorized access as well.
Remedy: The use of e-mail security policies and frequent change of passwords of the system on a regular interval of time is the best solution for this.
#6) Smartphones and Other Digital Devices: Smart mobile phones and other tablet devices have the potential of working as a computer in addition to performing different tasks like smart calling, video calling, high-storage capacity, high-resolution camera, and huge application support system.
The risk of leakage of confidential data is also high as the organization employee using a smartphone can click the picture of the secret business proposal or quotations and can send them to anyone using a mobile 4G network.
Remedy: Need to implement policies which can control the device access while entering and leaving the environment of the networking system.
#7) Weak Security Credentials: The use of weak passwords in the networking system will expose the network to various virus attacks easily.
Remedy: The password used for network security should be strong like a unique combination of alpha-numeric characters and symbols. Also, the same password should not be used for a long time, one should keep changing the system password at regular intervals for obtaining better results.
#8) Poor Configuration and use of Outdated Firewall: The firewall plays a very crucial role in the network security management process. If an administrator does not properly configure the firewall at various levels of the networks, then it will become prone to attack.
Apart from this, the software patch of the firewall should be updated all the time for the proper functioning of the firewall. Use of outdated firewall hardware and software are of no use.
Remedy: Regular updation of the firewall software and proper implementation.
It is the process that will assist you to explore, analyze and evaluate the security concerns in your computer and the network system. The same is applicable to an organization as well.
The assessment will survey the loopholes and vulnerabilities in your network design or the running system that will leave the scope for the hacker to enter from it and access your system. Hence, it will generate awareness regarding possible network threats.
In an organization, for any particular project, network vulnerability assessment is not just a review and analysis of the computer or networking tools used, but also of the devices and sources linked with the network like a printer, Internet connection resources etc. as all these can be a possible source of attack on a network.
The time and date when the organization has decided to conduct the assessment test should be informed to everyone and should prepare a list of IP addresses and subnet mask on which the test is going to be performed.
Also, the results at both the originating and receiving end of the IP addresses host point should be monitored to filter out the suspected issues.
Vulnerability Assessment Steps
Enlisted below are the various steps involved in Vulnerability Assessment.
- Collection of data: The first step of the assessment is to collect all the necessary data regarding the resources used in the system like IP addresses of the system, media used, hardware used, kind of antivirus used by the system, etc. Once all these details are collected, further analysis can be done.
- Identification of possible network threat: Now with the input data, we can locate the possible cause and loopholes of the network threats in the network, that can harm our system. Here, we also need to prioritize the threat that should be attended first as the need of the system is to deal with the big threat first.
- Analyzing the router and WI-FI password: It is necessary to check that the passwords used to login into the router and the password used to access the Internet is strong enough so that can’t be easily cracked. Also, here it is essential to validate that the password should be changed on a regular interval of time so that the system will become more immune to attacks.
- Reviewing Organization’s Network strength: The next step is to evaluate the network strength of the system with respect to the usual attacks inclusive of the distributed denial of service (DDoS), man-in-the-middle attack (MITM) and network intrusion. This, in turn, will give us a clear picture of how our system will respond in case of these attacks and if it is capable to rescue itself or not.
- Security Assessment of Network device: Now analyze the response of the network devices like a switch, router, modem and PC against network attacks. This will elaborate on the reaction of the devices with reference to the threats.
- Scanning for identified Vulnerabilities: The final step of the assessment is to scan the system for the known threats and vulnerabilities that are already present in the network. This is done by using various scanning tools.
- Report Creation: The documentation of the network vulnerability assessment process is very crucial. It should contain all the activities performed from start to the end and the threats found during the testing, along with the process to diminish them.
- Repetitive Testing: One should keep reviewing and analyzing the system for new possible threats and attacks and should take all possible measures to mitigate them.
Note: The vulnerability assessment process acts as the input to the network security policy. It is performed by the software vulnerability assessment tools. For detailed knowledge on the vulnerability assessment tools, you should check the below page.
Recommended Reading => Vulnerability Assessment Tools
The administrator who is performing it will also give his judgment regarding the security policies. Once the assessment gets completed, it will help in improvising the network security policies.
The scanning process discovers and categorizes the weakness in a networking system, PC’s, hardware equipment and the software of the organization and this information is then used to correlate the identified issues with the scanned vulnerabilities.
To carry out this association, the scanners will exploit a vulnerability database which consists of some commonly identified vulnerability. It is accomplished by the organization’s IT department or the service provider. The Vulnerability scan is also used by the attackers to seek the entry surface in the networking system or the computer.
There are different steps involved in the vulnerability scanning process and some of them are listed below:
- The end-points in the system are scanned by sending TCP or UDP packets between the source and destination points by pinging the IP addresses.
- The scan is carried out to locate the open ports and services running on the system
- The scan process runs a program which interacts with the web application to locate the possible vulnerabilities that lie in the architecture of the network.
- The process looks out for unwanted programs installed in the system, missing patches, and validation of the configuration done in the system.
However, carrying out the vulnerability scan process has some risk as well, because sometimes while running a scan on a computer, the system will reboot again and again and even there are chances for some system to get crashed too.
There are two methods for performing the scanning process, i.e. Authenticated Scan and Unauthenticated Scan.
In the authenticated scan process, the scanner will scan the network by authentically logging into the system as a valid user. Hence, it will acquire the trust of the system and will disclose the vulnerabilities that are accessible by an internal user.
On the other hand, in the unauthenticated scan process, the scanner will scan for the vulnerabilities in the network as a guest user, without logging into the network. Therefore it will get only an outsider view on the possible threats and will miss out most of the vulnerabilities.
Challenges to Vulnerability Scanning
Benefits of Vulnerability Scanning
- It provisions a proactive method to shut any type of loopholes in the system and helps in maintaining a healthy security system for the organization, data centers and employees themselves.
- The network scanning helps in taking proactive actions by the organization to protect the system from hackers to exploit any vulnerability.
- The scan helps to guard the crucial and sensitive data of the regulatory systems, defense system and other organizations data from being exposed to vulnerability.
Vulnerability Management Process
Enlisted below are the various factors involved in Vulnerability Management.
#1) Vulnerability Scanning:
The process of vulnerability scanning is already explained above in detail. Now the next step after the scanning process is to evaluate the outcomes of the scanning process.
#2) Evaluation of Vulnerability Outcomes:
The organization needs to validate the results of the scanning process. The outcomes should be analyzed and checked for true and false positive results. If the result shows false vulnerability then it should be eliminated.
The evaluation process also checks as of how the found vulnerability will impact the overall business of the organization. It also ensures whether security measures available are sufficient enough to handle the found issues or not.
#3) Treating Vulnerabilities:
It includes updating the patches which are missing or out-of-date in the network. If the issue is unresolved and not fixed even after patch upgrade then the is done.
If the vulnerability has a very low-risk factor then it is accepted and no actions are taken to remove it. If the risk factor is high, then the software and other upgrades are run to resolve them.
#4) Report Generation:
The outcomes should be documented for future references. The assessment process should take place on a regular interval of time to overcome the risks involved due to the newly introduced vulnerabilities in the network.
The dashboard and reports generated will help in analyzing the clear picture of the outcomes of the scan and thereby help the IT team to fix them by comparing them on the basis of the level of risk involved.
These above steps summarize the overall management of network vulnerability. The main focus is that the process of conducting scanning and managing should take place regularly on a pre-defined set of time intervals.
In this tutorial, we have learned the causes of network vulnerability along with some common type of vulnerabilities that we generally encounter in the networking system.
We also came to know more about vulnerability assessment and vulnerability scanning process. The assessment process will help in gathering data regarding the possible vulnerabilities in the organization.
We explored the benefits and challenges faced by the scanning process and through this process, we can find out the vulnerabilities that are present in the hardware and software of the networking system or organization. The scanning process is conducted at various levels.
Finally, from the vulnerability management process, we have explored more about assessment, scanning, evaluation, reporting and treating of the vulnerability issues.