Performing a Vulnerability Assessment

The objective of performing a Vulnerability Assessment is to create an overview of the security risks to a network and then use that overview as a guideline to resolve those threats. Performing regular assessments and routinely resolving all security risks provides a baseline security for the network. Administrators and users can feel confident that potential attackers will be unable to exploit vulnerabilities on their network.

Features and Benefits of Vulnerability Assessment

Vulnerability Assessment identifies security risks based on vulnerabilities it finds on any given computer. If a vulnerability exists on one computer, then it threatens the entire network to which that computer is attached. A vulnerability is defined as a defect in a computer�s software that makes it prone to attacks by viruses and other malicious code. This includes defects that are due to unapplied security patches. Finding and resolving these vulnerabilities is the primary goal of Vulnerability Assessment.

Example: Internet Explorer 5.5 has a vulnerability MS01-020. This vulnerability exists because Internet Explorer doesn�t correctly handle unusual MIME types. An attacker could create an email message and specify it was one of these MIME types. The NIMDA.A worm exploits this vulnerability. It spreads via an attachment embedded in an email. NIMDA can compromise network security and overwrite files in the system directory.

Four Main Stages of the Vulnerability Assessment Process

  1. Planning an assessment and configuring Vulnerability Assessment.

    What you need before you can perform a Vulnerability Assessment:

    • Administrator or Root access privileges for Control Manager

    • The activation code for Vulnerability Assessment

    • The name or IP address of all the computers on your network that you want to include in your task. The name can be either the domain name for every computer or the individual computer name. You need to have access privileges to all the computers.

    To perform a Vulnerability Assessment

    1. Activate the product

    2. Download the latest Vulnerability Assessment engine and Vulnerability Assessment pattern file.

    3. Use the Account Management Tool to enter the name of all the computers you want to include in your Assessment Tasks.

    You are now ready to set up and run Vulnerability Assessment tasks and collect data about the vulnerabilities on your network.

  2. Setting up, running tasks, and generating reports.

    The process of assessing the vulnerabilities is centered on the assessment task. System administrators or other network security professionals use tasks to protect their networks in the following ways:

    • They create and run tasks. Tasks can include any or all the computers on the network. They can be set up to run manually or according to a schedule and they can search for single known vulnerabilities or a complete list of known vulnerabilities.

    • The assessment tasks log the results and store them on the Control Manager server. Administrators can view these results immediately or make queries and generate reports at a later date. Reports give information about the tasks or about the security risks that individual computers present to the network. Based on these reports the administrator can take appropriate actions to resolve the vulnerabilities and secure the network.

    Perform the following actions to manage your tasks:

    Create tasks

    Select machines to include in tasks

    Edit tasks

    Delete tasks

    Run tasks

  3. Resolving vulnerabilities to provide a baseline security for the network.

    When Vulnerability Assessment runs a task, it creates results that provide you with valuable information for resolving vulnerability-based security risks. You can view specific vulnerability risks according to individual computers from the Task Details, Result Summary or Machine Status screen.

    The Results Summary and the Machine Status screen display the Vulnerability Name for each computer at risk. The name is linked to the Trend Micro Web site (see below).You can use this information to learn more about the vulnerability and how to eliminate it.

    Click the link to open the Trend Micro Web site:

    http://www.trendmicro.com/advisory/.

     

    Example: You run a task and the result is 3 critical security risks. You click on the number next to Critical in the Assessment Results table. The Task Detail screen opens. You see three computers and their associated critical vulnerabilities.  All of them have the MS03-026 vulnerability which is associated with the potential threat, WORM_NACHI.A. You click MS03-025 and your browser displays the Security Information from Trend Micro which advises you to download and apply a patch. The Web site provides a link to the patch.

  4. Maintaining a baseline security on your network.

    Typically, you use Vulnerability Assessment to quickly identify the security risks to your network and eliminate the identified vulnerabilities. After this procedure, you have established a baseline security for the network. Now your major concern is how to maintain the baseline network security.

    Use the following features to maintain a baseline security:

    • Scheduled tasks: Create and run scheduled tasks to regularly check for new vulnerabilities.

    • Task histories: View task histories to discover new vulnerabilities as they occur and measure the progress of your countermeasures.

    • Queries and reports: Create custom queries and generate reports to better understand security risks on your network.