Keep abreast of the latest vulnerabilities that affect your network.
One of the key steps toward keeping any network secure is making sure all of the systems and devices connected to it are patched against the latest vulnerabilities that have been discovered. After all, if you spend all of your time implementing some “gee whiz” security architecture but are compromised due to unpatched vulnerabilities, you’ve been wasting your time.
Keeping track of all of the latest vulnerabilities that affect your systems and the patches and workarounds for them can be quite time-consuming, especially in highly heterogeneous environments. The most devastating vulnerabilities might make it to commonly read computer news sites, but most are rarely reported on. It’s possible that the vendor of a program in which a security hole is discovered will notify you if you have a support contract, but where does that leave you if you don’t have such a contract, or if you use open source software? This hack provides a few resources that can be of help for not only open source projects, but commercial products as well.
Mailing lists are some of easiest-to-use resources available. Many vendors and open source projects report
security advisories and patch notifications to BugTraq (http://www.securityfocus.com/archive/1/description) and the Full-Disclosure (http://lists.grok.org.uk/full-disclosure-charter.html) mailing lists.
At BugTraq, vendors publicly announce vulnerabilities that have been reported to them by security researchers or have been discovered internally. Vulnerabilities posted there usually have patches or workarounds available at the time of announcement as well, since the vendors themselves are often the ones disclosing them.
On the other hand, Full-Disclosure often includes vulnerabilities posted by independent researchers who haven’t been able to get the vendors to cooperate with them in fixing the flaws they’ve found.
Many open source projects also offer mailing lists to announce security issues. Check the project pages for your favorite open source software packages to see if they have security-related lists, and subscribe to them.
Finally, the
United States Computer Emergency Response Team (US CERT) offers several security-related mailing lists (https://forms.us-cert.gov/maillists/). However, usually only the most wide-reaching vulnerabilities are posted there.
In addition to mailing lists, many resources that track vulnerabilities provide RSS feeds. SecurityFocus (http://www.securityfocus.com), the site that hosts the BugTraq list, also offers an RSS feed (http://www.securityfocus.com/rss/vulnerabilities.xml) that features selected postings from the list, and Secunia offers an RSS feed (http://secunia.com/information_partner/anonymous/o.rss) that distills information from various sources into a consistent format.
Another great resource is the
Open Source Vulnerability Database (http://www.osvdb.org), which offers an RSS feed of the most recent vulnerabilities added to the database (http://www.osvdb.org/backend/rss.php?n=10). However, since the OSVDB seeks to catalog historical vulnerabilities as well as the most current ones, vulnerabilities that are several years old will often show up in the feed.
If you’re interested in wireless-network-specific vulnerabilities, you can subscribe to the Wireless Vulnerabilities and Exploits project’s RSS feed (http://www.wirelessve.org/entries/rss2/). As the name suggests, this site seeks to catalog wireless device- and application-specific vulnerabilities along with the tools used to exploit them. There is often overlap with other vulnerability databases, but the site also focuses on vulnerabilities that affect the various wireless protocols themselves.
Subscribing to all of the available resources might seem like drinking from a fire hose of information. One tool that can help stem the flood is Cassandra (https://cassandra.cerias.purdue.edu), from Purdue University’s CERIAS project (http://www.cerias.purdue.edu).
The beauty of Cassandra is that it monitors Secunia’s database as well as the National Vulnerability Database (http://nvd.nist.gov), which also offers an RSS feed (http://nvd.nist.gov/download.cfm#RSS), and figures out what new vulnerabilities were added each day. You can register an account with Cassandra and input what vendors and products you’re interested in, and Cassandra will email you when any relevant vulnerabilities are reported.
Whatever information sources you decide to use, it’s of the utmost importance that you keep your systems and any devices attached to your network up-to-date and free of known vulnerabilities. Failing to do so only makes it easier for attackers to compromise your enterprise. After all, if they determine a certain software package or device is on your network, all they have to do is look up what vulnerabilities have been published for it and attempt to exploit them.