25 July 2011

Where do vulnerabilities come from?

Programming mistakes cause most vulnerabilities in software. A common mistake is failing to check the size of data buffers – a kind of storage bin of memory where a computer process executes its functions. When a buffer overflows, it overwrites data in adjacent memory buffers. This corrupts the stack or heap areas of memory, which may allow the execution of an attacker’s code on that machine via a virus, worm, or other unpleasant exploit.
Computer scientists estimate that about 5 to 20 bugs are present in every thousand lines of software code, so it’s no surprise to see regular announcements of new vulnerabilities with related patches and workarounds. Your risk of vulnerabilities grows with use of General Public License software, particularly because implementers plug in untested modules of objectoriented programming code. When the quality of code is marginal, bad, or just plain wrong, experts call it ‘non-robust’. Modules of code placed in the public domain may include nonrobust implementations of Internet protocol standards, making them easy targets for attack when used in a real-world network.

Vulnerabilities must be identified and eliminated on a regular basis because new vulnerabilities are discovered every day. For example, Microsoft releases advisories and patches on the second Tuesday of each month – commonly called ‘Patch Tuesday’.

Careless programmers aren’t the only source of vulnerabilities. For example, improperly configuring security applications such as a firewall may allow attackers to slip through  ports that should be closed. People using mobile devices may use an unauthorized or even a malware-infested website without going through the corporate virtual private network (VPN), perhaps because the official VPN is a bother when people want to surf MySpace, eBay, or the local online personal ads.

Letting your security guard down like this exposes devices and the network to attacks. You can even trigger an attack just by clicking on an email attachment infected with malware.The exploitation of vulnerabilities via the Internet is a huge problem requiring immediate proactive control and management. That’s why companies need to use VM – to detect and eliminate vulnerabilities in order to reduce overall security risk and prevent exposure.
Related Post