5.1. Overview of Network Security Threats
Network threats involve many facets of the network and organization. You've seen that your systems and information are susceptible to attacks and disruption based on internal, external, and design factors in the systems you support. Ensuring that your systems and applications are kept up-to-date and making sure your security procedures are in place and followed meticulously can minimize many of these threats. Most of the exploitation attacks that occur to programs such as Outlook, Outlook Express, and Exchange are fixed as soon as they're discovered, if not shortly thereafter. As an administrator, you must apply fixes and patches immediately after they have been thoroughly tested in a lab environment; doing so makes it harder for attackers to learn about your systems and exploit known weaknesses.
One of the organizations that tracks and reports security problems is the CERT Coordination Center (CERT/CC). CERT/CC is a part of the Software Engineering Institute (SEI) at Carnegie-Mellon University. SEI is a federally funded research institution with a strong emphasis on computer security–related topics. CERT/CC (http://www.cert.org/stats/fullstats.html) provides interesting perspectives on the growth of computer-related incidents but stopped making numbers available after 2003 since "attacks against Internet-connected systems have become so commonplace that counts of the number of incidents reported provide little information with regard to assessing the scope and impact of attacks."
NOTE
CERT/CC provides a great deal of current threat analysis and future analysis in the computer security area. The website for CERT/CC is http://www.cert.org.
In the past, the computer industry hasn't taken the issue of computer security as seriously as it should. This attitude has caused a great deal of frustration on the part of users and administrators who are attempting to protect assets. The important thing to remember is that until recently, many software manufacturers have only paid lip service to the problem of operating system and application vulnerabilities.
NOTE
According to the Internet Storm Center (http://isc.sans.org), a computer connected to the Internet has an average of 5 minutes before it falls under some form of attack.
A penetration test is the best way to tell what services are really running on your system. Penetration testing involves trying to get access to your system from an attacker's perspective. Typically, you perform this test from a system on the Internet and try to see if you can break in or, at a minimum, get access to services running on your system.
Just short of penetration testing is vulnerability testing. In a vulnerability test, you typically run a software program that contains a database of known vulnerabilities against your system to identify weaknesses. Two of the most well-known vulnerability scanners are Nessus (http://www.nessus.org/nessus/) and the NMAP port scanner (http://nmap.org/).