Vulnerability

Vulnerability & Vulnerability Mitigation

• Vulnerability is a flaw or weakness in a system 
• Could be exploited by a threat 
•  Vulnerabilities can allow attackers to gain unauthorized access to resources, steal, modify or destroy data, install malware etc.

Some Attacks : 

1. Inside Attacks : Organizations can use internal firewalls on top of a perimeter firewall to segment the network and provide internal protection.
2. Distributed denial of service (DDos) attacks: A DDoS attack is a malicious attempt to disrupt normal traffic of a targeted network by overwhelming the target or its surrounding infrastructure with a flood of traffic. 
3. Malware: Malware threats are varied, complex, and constantly evolving alongside security technology and the networks it protects.
4. Patching/Configuration: A poorly configured firewall or a missed update from the vendor can be detrimental to network security. IT admins should be proactive in maintaining their security components.

Vulnerability Management ?

• security practice that proactively identifies, evaluates and resolves vulnerabilities in an IT system.

Vulnerability management process : 

1. Vulnerability Identification: Vulnerabilities in a system can be detected through vulnerability scanning (using vulnerability scanner tools), penetration testing or security testing (source code evaluations and testing).

2. Vulnerability Verification: Detected vulnerabilities should be verified to eliminate any false positives

3. Vulnerability Assessment: As part of a risk assessment process, vulnerability assessment is evaluating the probability of a vulnerability being exploited by an attacker and determining the impact should the vulnerability be exploited. According to the findings of vulnerability assessment, a vulnerability resolution strategy is determined at the next step.

4. Vulnerability Resolution: Once a vulnerability has been discovered and evaluated, there remains one last critical step, that is resolution (a.k.a. vulnerability treatment). The solutions that can be applied for vulnerability resolution falls into either the category of mitigation or remediation. 

Vulnerability Mitigation vs. Remediation : 

• Mitigate means to reduce, lessen, or decrease 
• Remediate means  fixing or eliminating it,

Remediation : 

• For this purpose, either a readily available software patch could be applied or the vulnerable software could be updated to a higher version that does not contain a vulnerability any more.

However, sometimes remediation isn’t possible for several reasons.

• First, a fix, patch or an updated version of the software is not available immediately, since it takes time for the vendors to prepare and distribute them.
• Secondly, not all vulnerabilities need to be fixed. This is usually the case when a vulnerability does not pose a threat since it is not directly accessible or exploitable by a threat actor. For instance, the vulnerable software could be disabled on the Internet connected devices while running only on the not connected devices.
• Thirdly, due to managerial issues, you could be hindered from applying a remediation action. This usually happens when a company has strict QoS requirements on customer facing systems and cannot tolerate any downtime required to patch a vulnerability or update a software.
• The last reason that prevents taking a remediation action could be technical. Due to some restrictions, such as compatibility issues with other software being used in a system, a fix or patch cannot be applied at all.

Mitigation :

In these cases, the concept of mitigation comes into play. Actions to mitigate a vulnerability could be one or some of the following.

• Blocking a port on a firewall (on a network or host) that could expose a vulnerability to malicious actors.
• Limiting the use of the vulnerable software to a separated network or a select list of users.
• Disabling the vulnerable software temporarily.