How To Manage A System Vulnerability Management Program



Similar documents
System Security Policy Management: Advanced Audit Tasks

Key Considerations for Vulnerability Management: Audit and Compliance

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

ALTIRIS Deployment Solution 6.8 PXE Overview

Release Notes. Audit Integration Component 6.1. Notice. September 13, 2006

Nine Steps to FISMA Compliance

WHITE PAPER. Altiris Recovery Products for DELL Customers. Produced By Product Management Altiris. August 6, 2003.

Proven LANDesk Solutions

Automated Server Provisioning Benefits and Practices

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

ALTIRIS CONNECTOR 6.0 FOR ACTIVE DIRECTORY HELP

Endpoint Security Management

Industrial Security for Process Automation

ALTIRIS Patch Management Solution 6.2 for Windows Help

Reducing the cost and complexity of endpoint management

The Altiris CMDB BECAUSE YOU HAVE A BUSINESS TO RUN, NOT JUST AN OPERATING SYSTEM

ALTIRIS Notification Connector Configuration Guide

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn

Cisco Advanced Services for Network Security

IPLocks Vulnerability Assessment: A Database Assessment Solution

TECHNICAL VULNERABILITY & PATCH MANAGEMENT

Lanke HIPS Security Suite

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

PCI Data Security Standards (DSS)

Agilent Technologies Electronic Measurements Group Computer Virus Control Program

GFI White Paper PCI-DSS compliance and GFI Software products

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Did you know your security solution can help with PCI compliance too?

Asset Tracking Inventory use case

WHITE PAPER W H I T E P A P E R. by Gregory Toto, Vice President, Product Management, BigFix, Inc.

Endpoint Security More secure. Less complex. Less costs... More control.

How To Protect Data From Attack On A Computer System

LANDESK SOLUTION BRIEF. Patch Management

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Patch and Vulnerability Management Program

for businesses with more than 25 seats

Introduction to the HP Server Automation system security architecture

Best Practices for DanPac Express Cyber Security

How To Monitor Your Entire It Environment

ManageEngine Desktop Central Training

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

IBM Tivoli Endpoint Manager for Security and Compliance

For Businesses with more than 25 seats.

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Microsoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support

Course: Information Security Management in e-governance

Ovation Security Center Data Sheet

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Solution Recipe: Improve Networked PC Security with Intel vpro Technology

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

IBM Tivoli Provisioning Manager V 7.1

NETWORK INFRASTRUCTURE USE

PII Compliance Guidelines

Kaseya IT Automation Framework

8 Steps to Holistic Database Security

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Building A Secure Microsoft Exchange Continuity Appliance

Ovation Security Center Data Sheet

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

Dell Client. Take Control of Your Environment. Powered by Intel Core 2 processor with vpro technology

Zone Labs Integrity Smarter Enterprise Security

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

V1.4. Spambrella Continuity SaaS. August 2

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

8 Key Requirements of an IT Governance, Risk and Compliance Solution

The Leading Provider of Endpoint Security Solutions

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

Running A Fully Controlled Windows Desktop Environment with Application Whitelisting

What Do You Mean My Cloud Data Isn t Secure?

Managing Security Risks in Modern IT Networks

How To Secure Your System From Cyber Attacks

Addressing the United States CIO Office s Cybersecurity Sprint Directives

IBM Tivoli Endpoint Manager for Security and Compliance

System Management. What are my options for deploying System Management on remote computers?

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Patch Management SoftwareTechnical Specs

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Computer Security Maintenance Information and Self-Check Activities

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Stable and Secure Network Infrastructure Benchmarks

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010

Securing the University Network

Best Practices For Department Server and Enterprise System Checklist

Guardium Change Auditing System (CAS)

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Symantec Endpoint Protection

Guide to Effective Remediation of Network Vulnerabilities

Top tips for improved network security

Managed Services Agreement. Hilliard Office Solutions, Ltd. PO Box Phone: Midland, Texas Fax:

Features Business Perspective.

Mobile Network Access Control

Altiris Managed Virtualization. Standardized Configuration Management for Virtual Physical Environments. White Paper

SANS Top 20 Critical Controls for Effective Cyber Defense

AVeS Cloud Security powered by SYMANTEC TM

Data Management Policies. Sage ERP Online

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Transcription:

System Vulnerability Management Definitions White Paper October 12, 2005 2005 Altiris Inc. All rights reserved.

ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that allows IT organizations to easily manage desktops, notebooks, thin clients, handhelds, industry-standard servers, and heterogeneous software including Windows, Linux, and UNIX. Altiris automates and simplifies IT projects throughout the life of an asset to reduce the cost and complexity of management. Altiris client and mobile, server, and asset management solutions natively integrate via a common Web-based console and repository. For more information, visit www.altiris.com. NOTICE The content in this document represents the current view of Altiris as of the date of publication. Because Altiris responds continually to changing market conditions, this document should not be interpreted as a commitment on the part of Altiris. Altiris cannot guarantee the accuracy of any information presented after the date of publication. Copyright 2005, Altiris, Inc. All rights reserved. Altiris, Inc. 588 West 400 South Lindon, UT 84042 Phone: (801) 226-8500 Fax: (801) 226-8506 BootWorks U.S. Patent No. 5,764,593. RapiDeploy U.S. Patent No. 6,144,992. Altiris, BootWorks, Inventory Solution, PC Transplant, RapiDeploy, and RapidInstall are registered trademarks of Altiris, Inc. in the United States. Carbon Copy is a registered trademark licensed to Altiris, Inc. in the United States and a registered trademark of Altiris, Inc. in other countries. Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other brands and names are the property of their respective owners. Information in this document is subject to change without notice. For the latest documentation, visit www.altiris.com. www.altiris.com

CONTENTS System Vulnerability Management... 1 Patching 1 Vulnerability Scanner 1 Vulnerability Remediation 1 System Security Audit and Compliance 2 Antivirus status 2 Proactive policy checking against a modified or customized NSA, NIST, CIS policy 2 Security patches 2 Authorized software 2 Authorized hardware 2 Personal firewalls 3 Network Access Control 3 Summary... 4 www.altiris.com

www.altiris.com

SYSTEM VULNERABILITY MANAGEMENT The category of System Vulnerability Management is a broad category that contains both proactive and reactive system security components, each of which solves a particular problem. These components include: Patching Vulnerability scanning Vulnerability remediation System security audit and compliance Network access control Patching Patching products are typically used by IT operations staff to identify and apply key missing patches for operational and security issues. Operational issues could be considered memory leaks, bugs that crash systems, and so on. Security patches usually eliminate a defect in an operating system or an application that could allow a hacker or unauthorized user to tamper with or steal valuable information or data. They often do this by either planting a worm or another such element that can affect an entire network or allow an outsider to take control of a system in order to gain access to the network. Vulnerability Scanner Vulnerability scanners attack all IP addresses, mostly at the network layer, in order to find industry known vulnerabilities. Industry known vulnerabilities are collected in public depositories such as BUGTAQ, CVE, and so on. Vulnerability scanners can be intrusive as they try to exploit the vulnerabilities. Some vulnerability scanners can also look at lower-level system configuration settings. Vulnerability Remediation Most industry known vulnerabilities are eliminated either by applying the appropriate patch or by changing a system configuration. However, vulnerability scanners do not remediate. Most remediation occurs by using a patching product that applies the appropriate patch that eliminates key vulnerabilities. Some products will take in the results of a vulnerability scanner and tie the vulnerability to the appropriate patch or configuration setting. They will then apply the patch or make the appropriate configuration change. Vulnerability remediation is typically owned by IT operations. www.altiris.com System Vulnerability Management Definitions > 1

System Security Audit and Compliance The security teams, under varying regulations, are required to determine a proactive system security stance. This includes a policy of how all systems should be configured from a security stand point. A complete audit and compliance program has the security team auditing the systems against the proactive system security policy and then reporting to operations where systems are out of compliance. The operations team then brings these systems into compliance. Most security teams begin with an industry best-practices policy from leading organizations such as the National Security Agency (NSA), National Institute of Standards (NIST), Center for Internet Security (CIS), SANS, Microsoft, IBM, and many others. Audit and compliance tools are also used to audit against DISA, the U.S. Army, and other DOD STIGS as outlined in the Security Technical Information Guide. Many of these policies include hundreds of system configuration settings such as: user and group setup, system audit settings, privileges, rights, password lengths, password aging, registry settings, registry keys, and hundreds of others. Audit and compliance tools audit the seven key audit areas: Antivirus status Check if antivirus software is on, if the latest version is installed with the latest definitions, and so on. Proactive policy checking against a modified or customized NSA, NIST, CIS policy Check for all system settings against the proactive system security policy. Security patches Check to verify that the operations teams have deployed all major security patches as a check and balance to the patch product used to deploy the software patch. Authorized software Check that only authorized software is present and that unauthorized software such as public instant messenger, Kazaa, MP3 players, keyboard access products, and so on are not present. Authorized hardware Check that only authorized hardware is present and that unauthorized hardware such as modems with auto answer on, enabled USB hard drives, wireless NIC cards, and so on are not present. 2 < System Vulnerability Management Definitions www.altiris.com

Personal firewalls Check to see if personal firewalls are operational. Network Access Control Many notebook computer users are ad hoc users who periodically gain access to the network. These users consist of a mobile workforce, partners, suppliers, contractors, and so on. If their systems are infected with a worm or a virus, then once they are connected to the network it takes merely seconds for the infection to spread. Therefore, new generation network edge audit tools place systems in quarantine or a safe zone, audit for the presence of updated antivirus and security patches, and either allow or not allow systems onto the network based on the audit results. This is also called scan and block or enforcement. www.altiris.com System Vulnerability Management Definitions > 3

SUMMARY 4 < System Vulnerability Management Definitions www.altiris.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information