Monday 3 December 2012

Important Vulnerability Basics

Use the vulnerability assessment tools to identify the vulnerabilities you need to repair. This will help protect your website or network against security breaches.

Vulnerabilities
Critical versus informational
Vulnerability assessment
Best practices

A vulnerability is a weakness or flaw in your website or network. Vulnerabilities can be exploited to damage or compromise customer and other sensitive data, or your site. If your site were a house, a vulnerability would be an open window or door. To protect your house, you'd lock that window or door. Websites and networks have analogous entry points, as well as ways to seal off those entry points for greater protection.
  
While not inherently dangerous, a critical vulnerability leaves your site exposed to serious breaches. For example, someone could gain access to sensitive data, alter your site's appearance or function, or infect your visitors' systems. How critical a particular vulnerability is depends on two things:
 
1) How commonly exploited the entry point is, and
2) How much damage a breach to that area could cause.

For example, in a house, doors and windows are more commonly exploited than floorboards and chimneys. Similarly, some parts of a website or network are more commonly exploited than others. Some areas also may contain especially confidential or valuable data, so a breach of those parts would be more critical than a breach of other parts.

When you activate vulnerability assessment, we scan your website or network or both each week for common entry points which, if breached, could threaten your online security. You receive the results of the scan in a downloadable PDF report highlighting the most critical vulnerabilities. Non-critical vulnerabilities are listed in the section labeled "Informational."

You can activate or deactivate vulnerability assessment from within your account. Once you activate vulnerability assessment, your first PDF report should be available for you to download within about 24 hours. After that, we'll run the scan weekly, and generate each new report within about 24 hours of the scan.

Note: Only the presence of critical vulnerabilities (not informational) will trigger an alert in your console. Your report will be available for download each week whether or not you have critical vulnerabilities.

When you are logged into your account, you can set or change your email notification preferences for vulnerability assessment. For example, you can choose to receive notification emails only for critical vulnerabilities, each time a new report is generated, or when we are unable to scan your site.  You can also choose email recipients.
 
To help protect against security breaches, it's recommend that you:
·         Activate the vulnerability assessment service.
·         If you already have a vulnerability scanning service, use vulnerability assessment as a cross-check for your other scan's results. Scan results can differ from company to company.
·         Designate someone in your organization to review each report, and to have any critical vulnerabilities repaired as soon as possible. Set your email preferences to notify your designated person when new reports are available.
·         After making repairs, rescan your site to verify the repairs.
·         Read and follow the suggestions in the Malware Prevention article below—they also apply to vulnerability.

0 comments: