How to find your security holes

Check your network for CVEs

It is crucial today to prevent vulnerabilities across the enterprise and remove security holes in your desktops, laptops and servers. Knowing what they are, where they are on your network, and how to remove them is more important than sniffing packets and listening for burglars.

Exploiters on the Internet have caused billions of dollars in damages. These exploiters are intelligent cyber terrorists, criminals and hackers who have a plethora of tools available in their war chests ranging from spyware, rootkits, Trojans, viruses, worms, bots, and zombies to various other blended threats.

Exploits can be grown and harvested the same day a security hole is announced - in so-called "zero-day attacks" - so they are getting much harder to stop. Open source malware code, freely available on the Internet, is enabling this phenomenon and cannot be reversed. Although the number and types of exploits "in the wild" continues to rise exponentially, there are fewer than a dozen core methodologies used for their execution and proliferation. Most exploits can be removed, but some exist indefinitely and can only be destroyed or removed by loss of data - you've probably heard of these "rootkits." Most exploits will re-infect a host if a security hole, also known as the Common Vulnerability and Exposure (CVE), is not removed.

Many exploiters are doing it for profit. Just take a look here and you'll see where the $10 billion in identity theft last year occurred the most.

Not all exploits are created equal. Most are evolutionary improvements on existing exploits. What’s very interesting is that the average exploit currently has a dozen names. With the advent of the Common Malware Enumeration (CME) standard, there will be one shared, neutral indexing capability for malware but that will take years - probably more than five years, like the CVE standard which is still just starting to catch on, since its inception in 1999 by Mitre, now funded by the U.S. Department of Homeland Security.

It is crucial today to prevent vulnerabilities across the enterprise and remove these CVEs - these security holes in your desktops, laptops and servers. Knowing what they are, where they are on your network, and how to remove them is more important than sniffing packets and listening for burglars.

According to USCERT, 95% of downtime and IT related compliance issues are a direct result of an exploit against a CVE. Your firewall, IDS, IPS, anti-virus software and other countermeasures don’t look for or show you how to remove your CVEs. So you are really only 5% secure.

You probably never heard of a CVE, but you do know about Blaster, Msblast, LovSAN and the Nachi and Welchia worms which caused massive downtime and financial losses. They all exploited one CVE - one minor hole. It was a software flaw known as a buffer overflow in a certain service called the “DCOM interface for RPC” running in most Microsoft Windows operating systems which allowed hackers to send these exploits out and take advantage of most of the Windows systems that had this flaw.

Just take a look at the U.S. National Vulnerability Database powered by CVE and you can search for CVEs that you might have in your own systems. If you just purchased a Cisco router or a Linksys wireless router or Solaris version 9 running Netscape Enterprise, or anything else that plugs into a network, type in the name of the system in the NVD and see how many CVEs (vulnerabilities) you find.

Want to see the top 20 exploited vulnerabilities? Visit SANS and you’ll see 10 vulnerabilities in Windows and 10 in Unix/Linux systems. If you have one of these holes, close it as quick as you can or you can expect to be taken advantage of when you least expect it.

Hackers, viruses and worms cause billions in damages by using CVEs against us, and the damages are growing annually. How many CVEs do you have in your network? Is your computer network taking you out of compliance? Knowing if you have any CVEs is the only way to find out and is considered due diligence. Removing critical CVEs is considered due care. Frequent and consistently scheduled security audits for CVEs and their removal is the only prudent thing to do as a proactive information security manager.

Now is the time to find and fix your CVEs so you can be more productive and suffer less downtime and successful hacker attacks. If you remove all of your CVEs you’ll be as close to 100% secure as possible. This will make the exploiters less successful in breaking into or taking control of your computers, and they’ll have to start looking elsewhere. Remember, if you harden your network assets before an attack, you'll most likely reduce your risk of downtime and data theft dramatically. Go here today and start working on removing your CVEs before the next attack.

Gary Miliefsky is founder and CTO of NetClarity, Inc. He servers as an advisor to MITRE Corp. and is a member of the National Information Security Group’s Board of Directors. He received his undergraduate degree from UMASS Lowell in Computer Science and subsequently earned certification as a CISSP. Miliefsky holds more than a dozen published and pending patents on information security.

Learn more about this topic



1) PoliciesAwareness and trainingInformation security self-assessmentsRegulatory compliance self-assessmentsCorporate-wide encryptionManage all corporate assetsTest BCP and DRP







Miliefsky video interviewVideo interview

See our video interview with Miliefsky, where he discusses his company's security technology.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.