Vulnerable software. Vulnerability management

Services

At startup intelligent scanning Avast software will check your PC for the following types of problems, and then offer options to fix them.

  • Viruses: files containing malicious code that can affect the security and performance of your PC.
  • Vulnerable software: Programs that need to be updated and can be used by attackers to gain access to your system.
  • Browser extensions with a bad reputation: Browser extensions that are usually installed without your knowledge and affect system performance.
  • Weak passwords: passwords that are used to access more than one online account and can be easily hacked or compromised.
  • Network Threats: Vulnerabilities in your network that could allow attacks on your network devices and router.
  • Performance Issues: objects ( junk files and applications, settings related issues) that may prevent your PC from working.
  • Conflicting antiviruses: antivirus software installed on the PC with Avast. Multiple antivirus programs slows down the PC and reduces the effectiveness of anti-virus protection.

Note. Certain issues detected by Smart Scan may require a separate license to resolve. Detection of unnecessary problem types can be disabled in .

Solving problems found

A green check next to the scan area indicates that no issues were found related to it. A red cross means that the scan has identified one or more related issues.

To view specific details about the issues found, click solve everything. Smart Scan shows details of each issue and offers the option to fix it immediately by clicking on an item Decide, or do it later by clicking Skip this step.

Note. Antivirus scan logs can be seen in the scan history , which can be accessed by selecting Protection Antivirus.

Managing Smart Scan Settings

To change the Smart Scan settings, select Settings General Smart Scan and specify which of the listed types of problems you want to run a Smart Scan for.

  • Viruses
  • Outdated Software
  • Browser add-ons
  • Network Threats
  • Compatibility Issues
  • Performance Issues
  • Weak passwords

By default, all types of issues are enabled. To stop checking for a specific problem when performing a smart scan, click the slider Included next to the issue type so that it changes the status to Turned off.

Click Settings next to the inscription Scanning for viruses to change scan settings.

Vulnerability management is the identification, evaluation, classification and selection of a solution to eliminate vulnerabilities. Vulnerability management is based on vulnerability information repositories, one of which is the Advanced Monitoring Vulnerability Management System.

Our solution controls the appearance of information about vulnerabilities in operating systems(Windows, Linux/Unix-based), office and application software, hardware software, information security tools.

Data sources

Vulnerability Management System database software"Prospective monitoring" is automatically replenished from the following sources:

  • Information Security Threat Data Bank (BDU BI) FSTEC of Russia.
  • National Vulnerability Database (NVD) NIST.
  • Red Hat Bugzilla.
  • Debian Security Bug Tracker.
  • CentOS Mailing List.

We also use an automated method to replenish our database of vulnerabilities. We have developed a web crawler and unstructured data parser that analyzes more than a hundred different foreign and Russian sources every day for a number of keywords- groups in social networks, blogs, microblogs, media dedicated to information technology and information security. If these tools find something that satisfies the search criteria, the analyst manually checks the information and enters it into the vulnerability database.

Software Vulnerability Control

Using the Vulnerability Management System, developers can control the presence and status of discovered vulnerabilities in third-party components of their software.

For example, in Hewlett Packard Enterprise's Secure Software Developer Life Cycle (SSDLC) model, control of third-party libraries is central.

Our system monitors the presence of vulnerabilities in parallel versions / builds of the same software product.

It works like this:

1. The developer sends us a list of third-party libraries and components that are used in the product.

2. We check daily:

b. whether there are methods to eliminate previously discovered vulnerabilities.

3. We notify the developer if the status or scoring of the vulnerability has changed, in accordance with the specified role model. It means that different groups developers of one company will only be notified and see the status of vulnerabilities for the product they are working on.

Vulnerability Management System alert frequency is arbitrarily configurable, but when a vulnerability is found with a CVSS score greater than 7.5, developers will receive an immediate alert.

Integration with ViPNet TIAS

ViPNet Threat Intelligence Analytics System software and hardware automatically detects computer attacks and identifies incidents based on events coming from various sources information security. The main source of events for ViPNet TIAS is ViPNet IDS, which analyzes incoming and outgoing network traffic using the bases of decision rules AM Rules developed by Perspective Monitoring. Some signatures are written to detect the exploitation of vulnerabilities.

If ViPNet TIAS detects an information security incident in which a vulnerability was exploited, then all information related to the vulnerability, including methods for eliminating or compensating for the negative impact, is automatically entered into the incident card from the SMS.

The incident management system also helps in the investigation of information security incidents by providing analysts with information about indicators of compromise and potential information infrastructure nodes affected by the incident.

Monitoring the presence of vulnerabilities in information systems

Another scenario for using a vulnerability management system is on-demand scanning.

The customer independently generates a list of system and application software and components installed on the node (workstation, server, DBMS, SZI SZI, network equipment) using built-in tools or a script developed by us, transfers this list to the SMS and receives a report on detected vulnerabilities and periodic notifications about them status.

Differences between the System and common vulnerability scanners:

  • Does not require installation of monitoring agents on hosts.
  • It does not create a load on the network, since the solution architecture itself does not provide for agents and scanning servers.
  • Does not create a load on the hardware, since the list of components is created by system commands or a lightweight open source script.
  • Eliminates the possibility of information leakage. "Forward monitoring" cannot reliably learn anything about the physical and logical location or functional purpose node in the information system. The only information that leaves the controlled perimeter of the customer is a txt file with a list software components. This file is checked for content and uploaded to the SMS by the customer himself.
  • For the system to work, we do not need Accounts on controlled nodes. Information is collected by the node administrator on his own behalf.
  • Secure information exchange via ViPNet VPN, IPsec or https.

Connecting to the vulnerability management service "Prospective Monitoring" helps the customer to fulfill the requirement of ANZ.1 "Identification, analysis of vulnerabilities information system and prompt elimination of newly identified vulnerabilities ”orders of the FSTEC of Russia No. 17 and 21. Our company is a licensee of the FSTEC of Russia for activities to technical protection confidential information.

Price

The minimum cost is 25,000 rubles per year for 50 nodes connected to the system with a valid contract for connection to

Another way to look at this problem is that companies need to respond quickly when an application has a vulnerability. This requires that the IT department be able to definitively track installed applications, components and patches using automation tools and standard tools. There is an industry effort to standardize software tags (19770-2), which are XML files installed with an application, component, and/or patch that identify the installed software, and in the case of a component or patch, which application they are part of. The tags have publisher authority information, version information, a list of files with a filename, a secure file hash, and a size that can be used to confirm that the installed application is on the system and that the binaries have not been modified by a third party. These labels are signed digital signature publisher.

When a vulnerability is known, IT departments can use their asset management software to immediately identify systems with vulnerable software and can take steps to update systems. Tags can be part of a patch or update that can be used to verify that a patch has been installed. In this way, IT departments can use resources such as the NIST National Vulnerability Database as a means of managing their asset management tools so that once a vulnerability is submitted by a company to NVD, IT can immediately compare new vulnerabilities with theirs. by now.

There is a group of companies working through a non-profit IEEE/ISTO called TagVault.org (www.tagvault.org) with the US government on a standard implementation of ISO 19770-2 that will enable this level of automation. At some point these tags corresponding to this implementation will most likely be mandatory for software sold to the US government at some point in the next couple of years.

So in the end, it's good practice not to post what apps and specific software versions you're using, but that can be difficult, as previously stated. You want to make sure you have an accurate, up-to-date software inventory that is regularly compared against a list of known vulnerabilities such as NVD's NVID, and that the IT department can take immediate action to remediate the threat. This along with the latest discovery invasions, antivirus scanning and other methods of locking the environment, at the very least, it will be very difficult to compromise your environment, and if/when it does, then it will not be detected for a long period of time.

Currently developed a large number of tools designed to automate the search for software vulnerabilities. This article will discuss some of them.

Introduction

Static code analysis is a software analysis that is performed on the source code of programs and is implemented without actually executing the program under study.

The software often contains various vulnerabilities due to errors in the program code. Errors made during the development of programs, in some situations, lead to a crash of the program, and therefore, the normal operation of the program is disrupted: in this case, data is often changed and corrupted, the program or even the system stops. Most of the vulnerabilities are related to incorrect processing of data received from the outside, or insufficiently strict verification of them.

To identify vulnerabilities, various tools are used, for example, static analyzers of the source code of the program, an overview of which is given in this article.

Classification of security vulnerabilities

When the requirement for the correct operation of the program on all possible input data is violated, the emergence of so-called security vulnerabilities (security vulnerability) becomes possible. Security vulnerabilities can cause one program to be used to overcome the security limitations of the entire system as a whole.

Classification of security vulnerabilities depending on software errors:

  • Buffer overflow. This vulnerability occurs due to the lack of control over the out-of-bounds array in memory during program execution. When a data packet that is too large overflows the limited buffer, the contents of extraneous memory cells are overwritten, and the program crashes and crashes. By the location of the buffer in the process memory, buffer overflows are distinguished on the stack (stack buffer overflow), heap (heap buffer overflow) and static data area (bss buffer overflow).
  • Vulnerabilities "tainted input" (tainted input vulnerability). Corrupted input vulnerabilities can occur when user input is passed without sufficient control to an interpreter of some external language (usually a Unix shell or SQL language). In this case, the user can specify input data in such a way that the launched interpreter will execute a completely different command than that intended by the authors of the vulnerable program.
  • Format string vulnerability. This type The security vulnerability is a subclass of the "corrupted input" vulnerability. It occurs due to insufficient parameter control when using the format I/O functions printf, fprintf, scanf, etc. standard library C language. These functions take as one of the parameters a character string that specifies the input or output format for subsequent function arguments. If the user can set the formatting type himself, then this vulnerability could result from a failed application of string formatting functions.
  • Vulnerabilities as a result of synchronization errors (race conditions). Problems associated with multitasking lead to situations called "race conditions": a program not designed to run in a multitasking environment may believe that, for example, the files it uses when running can not be changed by another program. As a result, an attacker who replaces the contents of these working files in time can force the program to perform certain actions.

Of course, in addition to those listed, there are other classes of security vulnerabilities.

Overview of existing analyzers

The following tools are used to detect security vulnerabilities in programs:

  • Dynamic debuggers. Tools that allow you to debug a program while it is running.
  • Static analyzers (static debuggers). Tools that use the information accumulated during the static analysis of the program.

Static analyzers indicate those places in the program where an error might be found. These suspicious code snippets can either contain a bug or be completely harmless.

This article provides an overview of several existing static analyzers. Let's take a closer look at each of them.

Recommended
Windows startup manager - free program Startup Delayer Program to disable autorun applications in android - Autorun Manager
How to set your ID for connection by ID Litemanager cannot map a network drive
Installing an operating system from a USB flash drive: Step by step instructions
How to configure the BIOS to boot from a disk or flash drive Formatting a bootable USB flash drive with Windows