This is a guest post by Emmanuel Carabott. If you are interested to guest post in this blog, just head over to the Guest Post Guidelines.
When securing your network there are a variety of things that you will need to do. You should ensure that all of your operating systems and software across your entire network is fully patched. In addition, your software, especially your servers, should be configured securely. Your users must be educated to follow your policies and not to make unauthorized changes to their systems or the network. You need to prevent users from adding new unsecure systems to your network, be it through virtual machines or private laptops. If this wasn’t enough hard work you also need to ensure that every single piece of software being used on your network does not have any vulnerability issues that can be exploited by an attacker.
To make it even more intimidating, each of the above tasks needs to be performed periodically. And the more often you complete this checklist, the more secure your network will be.
This is all well and good, but how can you go about accomplishing all of this? That’s where a good vulnerability scanner comes into play. A vulnerability scanner will help you to:
Create a baseline:
The first step is to use your vulnerability scanner to give you a clear picture of your network’s current security status. This includes creating a software inventory, a report on the configuration of every computer, a patch status report and a listing of any detected vulnerabilities.
What you are trying to achieve through this process is a clean baseline. This means you will need to ensure every single system is fully patched, that every single machine on your network has only the necessary services running, that only the required ports are open, that there are no unauthorized users, that there are no unnecessary file shares, as well as no unnecessary software installed.
You also need to review any vulnerability that might be reported. Each of the vulnerabilities detected must be reviewed, evaluated and fixed where applicable. While this is a lot of work, once completed you will have a clean baseline so that your vulnerability scanner can periodically scan your network and have something to compare against.
Set up periodic scans:
Once you have ensured that your network is secure, you need to configure your vulnerability scanner to periodically scan your network and report on any changes detected. These might take the form of new patches required, configuration changes or the detection of new vulnerabilities.
Configuring the frequency of scans offers you several choices. A complete vulnerability scan comes with a performance cost. Depending on whether the circumstances allow it, scans should be scheduled after business hours to have a minimal impact on your organization’s productivity. Failing that, you will need to establish the best balance between security and usability.
Once your vulnerability scanner starts to run periodic scans you will occasionally be presented with issues that require addressing. Bear in mind that remediation has its own considerations. It is recommended that, even if your vulnerability scanner allows for automatic remediation, you don’t configure it to operate in this way. It is always essential to examine any potential remediation action in a test environment before you employ it on your live system. A failed remediation action can actually cause the same downtime you’re trying to avoid.
By following these three simple steps when using your vulnerability scanner, you can save a considerable amount of time in the long term. Setting up a network baseline can help automate the detection phase of you vulnerability scanner, requiring administrator intervention only when issues actually require remedial action.
About the Author: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.
All product and company names herein may be trademarks of their respective owners.