Vulnerability Assessments vs Penetration Testing

Vulnerability scanning and penetration testing are important tools to secure and protect your IT infrastructure. Often, they get confused with each other but both play very different roles in overall network security.

So, what’s the difference and which should your business be using?

 

Vulnerability Assessments

Vulnerability assessments are automated reports that search for known vulnerabilities within software, such as missing patches and outdated configuration, protocols, certificates and services. The output of this report would show any known vulnerability that exist within the network. Reports can be lengthy as the assessments take quite a comprehensive look at the network and applications.

The assessments can be ran on any number of devices throughout a network and is wide in scope. The results can then be used to remove potential risks before they could be exploited.

It is recommended to perform scans quarterly and every new device once configured, or if a major configuration change has taken place.

 

Penetration Tests

In comparison, penetration testing actively exploits weaknesses within the environment. An experienced person would carry out the testing, acting as an attacker by exploiting weaknesses within the network or applications otherwise known as ‘ethical hacking’. As a tester is needed, this testing cannot be automated.

The main aim of penetration testing is to identify insecure and weak security settings and configuration that a business outsider would be able to use to access the data held behind the defences such as un-encrypted passwords. The tester would probe an open port and see how far it can be exploited. Large networks can take anywhere from days to weeks to complete a full test. It is therefore best practice to have the testing performed by a fully qualified 3rd party; this also ensures a fully unbiased, objective report being developed.

Penetration testing doesn’t need to be performed as regularly as vulnerability assessments, instead only once a year or if internet facing equipment has a large change made.

 

What Should My Business Use?

In summary, a vulnerability assessment is used to detect when an unlocked door could let a burglar enter your business. A penetration test would role play as the burglar and see how far he’s able to get before a locked door stops him in his tracks.

Both tools should be used in conjunction and work together to provide the best outcome. Vulnerability assessments are designed to act as a detective tool; penetration testing is built to be a preventative measure.

Penetration testing is a lot more costly compared to vulnerability by itself, but this is due to the in-depth nature of the scanning as the tester may discover a new vulnerability or a security flaw that is not very well known.

 

IT’s important to know the difference between each test as each are important in their own way. To find out if Netshield can be of assistance, please contact us here

Advertisements

Why do we overlook the importance of patching?

The importance of patching is often forgotten about, with IT teams finding the time to keep user, network and security devices up to date often impossible!

The overall security of an infrastructure should be top priority, and one of the most effective preventive measures against potential threats is patching. Patching is the process of repairing system vulnerabilities which have been discovered applying to operating systems, servers, desktops, software applications, firewalls, mobile devices, the list goes on!

Unpatched systems are an easy target; with new vulnerabilities being discovered constantly, it is common for cyber criminals to exploit, target and gain entry to networks. We only have to look at the fallout from the WannaCry and NotPetya attacks to understand how effective using vulnerabilities on unpatched systems can be. A report from the Online Trust Alliance stated:

There were over 160,000 security incidents impacting businesses in 2017 – almost double the amount reported in 2016!

This is due to cyber criminals becoming more tech savvy in exploiting vulnerbilities, and perhaps businesses becoming too busy to focus on their network security.

Of course, proactively preventing such vulnerabilities causing problems is preferred to reactively attempting to mop up after a security incident. This is where patch management comes into play.

The Benefits

Manually checking for and applying updates is a mammoth task; the sheer number of available updates can be overwhelming especially for some SMB’s who may not have their own onsite technical team. To remove this time consuming job, patch management will automatically control the update process. This can also include devices in remote locations, especially helpful for remote workers that use company phones or laptops. Those devices and applications that are easy to forget about can also be included, removing any surprises later on.

Patch management enables the scheduling of a time and date for patches to be deployed, which is especially useful for devices located across different time zones. Setting updates to install out of hours or outside times of high employee productivity minimises the amount of business disruption faced whilst still maintaining the level of security needed.

Removing the need for IT teams to analyse updates, patch management also helps to free up time allowing other productive tasks to be looked at, or dedicate more time to looking after existing systems.

Effective Patch Management 

What does an effective patch management programme look like? The methods used will obviously vary for each company; there’s no ‘one size fits all’ configuration as each need is different. Typically, an automated patch management system is implemented. This requires the install of an agent which allows the control and management of patches from a web-based interface. Companies with a smaller network may wish to outsource this management to perform the deployments from a remote location.

So, you have the programme in place. A less obvious part of the whole management is a policy. This would dictate how often patches are performed, how quickly they need to be scheduled (especially critical updates) and a plan for rollbacks.

 

In summary, in order to keep your infrastructure safe and secure, regularly applying patches to all software should be prioritised. Cyber security needs to be taken seriously by all to stay ahead of the criminals.

 

Netshield can assist with the automation and management of the patch process, from your entire infrastructure to just a select few network devices. If you’d like further information, please don’t hesitate to get in touch.

 

 

 

 

 

 

 

Countdown to Microsoft Windows Server 2003 End of Support

By Microsoft’s calculations there are still millions of machines running on Windows Server 2003. Over a decade old, the successful server operating system will retire on the 14th July 2015 where, Microsoft will terminate the support for it.

The server will not suddenly stop working, users will still be able to access the resources they require but, staying on the platform can be risky, costly and cause compliance issues for businesses.

See what the Microsoft Windows Server 2003 end of support could mean for your business in our short video:-

If you would like more information or advice on Windows Server 2003 migrations and upgrades, get in touch, we will be happy to help.

Let’s talk about…Windows 10

It feels like Windows 8 was only just released yesterday but it is nearly time for a new operating system to hit our devices – Windows 10. But, why jump from 8 to 10? Microsoft stated the newest version is so significant that it warrants a ‘10’, differentiating it to mark a ‘new chapter in the history of Windows’. However according to other sources, Microsoft decided to skip Windows 9 because of legacy code from third-party applications –

windows 10Cranbourne said that “early testing revealed just how many third party products had code in the form of Windows 9”, referring to benchmark operating systems Windows 95 and Windows 98. He said: “This was the pragmatic solution to avoid that.”

There was also rumours late 2014 that upgrades for Windows 7 and 8 users will be free. Terry Myerson, Microsoft’s Executive Vice President of Operating Systems confirmed at an event in January that for the first year after the launch, customers with devices running on Windows 7, Windows 8.1, or Windows Phone 8.1 will be able to upgrade to the latest version of the operating system – for free. However, those on ‘Enterprise’ versions will not be included in this offer.

Details of how this would work has not been released but, it seems that Microsoft has learnt from the previous release of Window 8 – it is not always the case of if we build it, customers will come! By providing incentives for Windows 10 uptake will help Microsoft create demand for suitable applications for the new OS.

Windows Server 2012: The breakdown

Many may consider Microsoft Windows Server 2012 as the enemy because SBS was axed in the process of releasing it. But, the different editions of Server 2012 (Foundation, Essentials, Standard and Datacentre) will cater for the small, medium and large organisations, it just might be a little more costly in some scenarios.

Simplified Licensing Model

The Foundation version (which is OEM only) is limited to 1 processor and 15 users and once purchase additional processors cannot be added. It will provide a basic infrastructure with active directory, remote access and file and print sharing, ideal for a small businesses.

Essentials would suit SMEs up to 25 users and unlike SBS, it does not include on-premise versions of Exchange, Sharepoint, SQL Server and WSUS – but, they can be purchase separately (which can be costly). A more cost-effective option would be to integrate it with Microsoft online hosted services like Office365, hosted Exchange etc.

When buying the Essentials or Foundation edition CALs (Client Access Licenses) are not required to go with the processor licenses. If the business is looking to grow or virtualise in the future it may be better to go for the other editions because, they both have no virtualisation rights.

The Standard and Datacentre editions both have the same product features and need to be purchased with CALs, for each user or device that connects to the server – the only difference between them is usage rights.

For Standard, each processor license will only allow 2 virtual instances whereas, the Datacentre edition allows unlimited virtual instances. Extra CALs will be needed if you wish to use certain features such as Remote Desktop Services and Active Directory Rights Management.

So before deciding on which to buy, it is the case of working out how many virtual machines you are looking to run in the current environment (if any), whether this will increase in the near future and whether you require the use of the additional features.

Some of the Features of Windows Server 2012

  • Server Manager – the ability to create and manage server groups within the network
  • Hyper-V Replication – the features allow administrators to replicate a virtual machine from one location to another with Hyper-V and a network connection
  • Increased PowerShell Capabilities – remote sessions are resilient, helps to simplify management of workloads and you can also program the secure multi-machine workflow engine.
  • Dynamic Access Control improvements – the ability now to restrict access to sensitive files by enforcing file security policy at domain level i.e. allow users to view but not edit, print or copy protected files.

For more advice on moving away from end of support products and Microsoft licensing contact us today.