Symantec Global internet Security threat report
Administrators should monitor vulnerability mailing lists and security websites to keep abreast of new vulnerabilities affecting their assets. Where possible, patch deployments should be automated to ensure that vulnerabilities are addressed across the organization in a timely manner.
Symantec recommends that administrators employ vulnerability assessment services, a vulnerability management solution, and vulnerability assessment tools to evaluate the security posture of the enterprise. these measures should be incorporated into infrastructure change management processes. Organizations should employ third-party consulting and penetration testing services to identify security exposures. For any products or applications developed by the organization, code auditing software and services may help to identify and address vulnerabilities at various stages of development.
Unpatched vulnerabilities should be identified by administrators, and assessed and mitigated according to the risk they present. Where possible, problematic applications with many unpatched vulnerabilities should be removed or isolated. ipS systems can aid in detecting known attacks against such applications and provide generic protection against vulnerabilities. Security information and event management should be deployed to assist in data management within the enterprise infrastructure and aid in policy compliance.
in order to protect against successful exploitation of Web browser vulnerabilities, Symantec advises users and administrators to upgrade all browsers to the latest, patched versions. Symantec recommends that organizations educate users to be extremely cautious about visiting unknown or untrusted websites and viewing or following links in unsolicited emails. Administrators should also deploy Web proxies in order to block potentially malicious script code. Administrators and end users should actively maintain a whitelist of trusted sites and disable individual plug-ins and scripting capabilities for all other sites. this will not prevent exploitation attempts from whitelisted sites, but may aid in preventing exploits from all other sites. Organizations can also implement an egress filtering policy at the network perimeter to regulate outgoing access by end users. Antivirus and host-based iDS and ipS solutions at the desktop level also provide a layer of protection against attacks that originate from the Web.
Enterprises should subscribe to a vulnerability alerting service in order to be notified of new vulnerabilities. they should also manage their Web-based assets carefully. if they are developing Web applications in-house, developers should be educated about secure development practices, such as the Security
Development Lifecycle and threat modeling.122
if possible, all Web applications should be audited for
security prior to deployment and only those applications that have been certified should be deployed. Web application security solutions and a number of products and services are available to detect and prevent attacks against these applications.
When deploying applications, administrators should ensure that secure, up-to-date versions are used, and that applications are properly configured to avoid the exploitation of latent vulnerabilities. Symantec recommends the use of secure shared components that have been audited for common Web application vulnerabilities. As much as possible, enterprises are advised to avoid deploying products that are not regularly maintained or that are not supported by the vendor.
the Security Development Lifecycle is a development paradigm that incorporates security at every stage from the initial architecture to programming, and in the quality assurance/testing phases; threat modeling is a security auditing methodology to identify and map out all possible attack vectors for an application.