The vulnerability management process is one of the most important, most difficult and most badly implemented. This toxic combination provides for a seemingly endless stream of news headlines about data breaches.
Recently, there have been quite a few high-profile vulnerabilities discovered that attracted the attention of mainstream media. The biggest one has been a Shellshock vulnerability.
The Common Vulnerability Scoring System base score for Shellshock is the highest possible – 10 – which indicates its criticality. That is because it is very easy to exploit and allows for remote code execution of arbitrary code.
For CIOs that want to know the extent of the problem, a good documentation of the network and system is rather key. A vulnerability scan of the systems is also very important. This should highlight Shellshock vulnerability.
However, a vulnerability scan that is done without logging into scanned systems can only reveal the partial picture. Hence, it’s strongly suggested to use full potential of the scanning tool and doing an authenticated scan.
When it comes to fixing the Shellshock issue, the patch is very easy and well documented. Yet, applying this in a large network this can be a gigantic task. Big organisations should use a triage process in vulnerability management.
Take vulnerability data, network topology, firewall rules and asset criticality, and place it in a model that will calculate where to prioritise efforts.
For example, a server in a demilitarised zone which has Apache but not computer-generated imagery in use can wait a bit longer for a patch, compared with a secure-shell server used as a management jump server for system admins and third parties.
Moreover, an attempted Shellshock attack can be very easily detected by a host or network intrusion detection system. Set it up to look for an attack and act accordingly.
Vladimir Jirasek is chief technology officer at Knightsbridge Contego
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK
This was first published in November 2014