Page 672 - StudyBook.pdf
P. 672

656    Chapter 11 • Operational and Organizational Security: Incident Response

             company may have broadband Internet connectivity through a T1 line for
             employees working from computers inside the company, and live with the risk that
             they may download malicious programs.While this is only one possible situation
             where a company lives with a potential threat, it shows that in some situations it is
             preferable to have the threat rather than to lose a particular service.

             Vulnerabilities

             After identifying what threats a company must deal with, it is important to analyze
             where vulnerabilities exist in a system.Vulnerabilities are weaknesses that leave a
             system exposed to probable threats. For example, a damaged door lock to a server
             room would leave the assets inside vulnerable to break-ins. Identifying the vulnera-
             bilities that exist can lessen the possibility that a threat will occur by taking mea-
             sures to remove the weakness from a system.
                 Vulnerabilities can exist in a variety of forms. Earlier in this chapter, a number
             of physical security issues and how their vulnerabilities could be addressed were
             discussed. Software also has a variety of vulnerabilities, requiring that service packs,
             patches, fixes, and upgrades be installed to repair any weaknesses that could be
             exploited. In addition, the OS may have services running that are not actually
             required. If unneeded services are left running, a hacker can use them to gain entry.
             As such, they should be removed.



              EXAM WARNING

                  When a vulnerability exists, the threat associated with it remains until
                  the vulnerability is removed. This means the vulnerability can actually
                  contribute to the likelihood of a threat occurring. The only way to
                  remove the threat associated with it is to ensure that the vulnerability is
                  removed from the system.




                 As mentioned earlier, there may be situations where a company decides to live
             with a potential threat, rather than do anything about it. Even though a known
             vulnerability exists in a system, the company may decide that the need for a service
             exceeds any potential problems. For example, a company with a dial-in connection
             for remote access provides a possible route for hackers.Without the remote access,
             employees would not be able to dial into the computer and access network
             resources from home.Thus, the company may decide to live with the risk, rather




          www.syngress.com
   667   668   669   670   671   672   673   674   675   676   677