Workstation Vulnerability Management
A zero-day vulnerability is an unknown exploit for which there is no patch or fix available. At the heart of it, you may be one of the first to encounter the exploit. Consequently, zero-day vulnerability can create complicated problems well before anyone realizes something is wrong. There is no opportunity for detection because the vulnerability is unknown. An attack happens once that flaw, or software/hardware vulnerability, is exploited and attackers release malware before the vendor can create a patch or fix.
Once a patch is released, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes months and potentially years before the vendor learns of the vulnerability. Monitoring for anomalies within the workstation logs and help desk reports is an important part of workstation vulnerability management.
Because Workstation Domain computers and devices are commonplace and plentiful, they make good attack targets. Workstations generally are not located in areas that are as secure as devices in some other domains. They also exist in sufficient numbers that there is a high probability of finding vulnerable computers.
Although you can’t make every computer and device totally secure, you can make them secure enough to frustrate all but the most determined attackers. In general, your computer environment doesn’t have to be totally secure—just more secure than the attacker’s next target. If you can get an attacker to give up and go on to another target, you have been successful.
Operating System Patch Management
One of the first attack activities is to identify a target machine’s operating system and look for any known vulnerabilities. There are multiple methods attackers use to identify, or fingerprint, a target machine. Fingerprinting a computer means identifying the operating system and general configuration of a computer. Attackers will fingerprint a computer and use that information to identify known vulnerabilities for that operating system version.
It is important to keep your operating system up to date and patched. Applying the latest security patches eliminates many of the vulnerabilities attackers are looking for when planning attacks.
Application Software Patch Management
After fingerprinting, a computer attacker scans target computers for information on resident applications. Just like operating systems, applications may contain security vulnerabilities and provide attackers with an opportunity to compromise a computer. It is important to keep your applications as well as your operating system up-to-date.
Develop a plan to keep all applications up-to-date. Each application’s provider may approach the update process differently. Some vendors provide automatic update notifications, and others report updates only when directly queried. Know the update policy for each of your vendors. Create procedures to ensure you update all applications with the latest security patches. Keeping applications current will reduce the number of vulnerabilities on your computers and make it harder for attackers to succeed.