ICT Best Practises - Scan computers for security vulnerabilities using available technical tools

Crackers use readily available automated scanners to scan entire networks for vulnerable systems and services. These scans, often referred to as probes, occur daily and originate from network addresses throughout the world. It is a fact that your IT systems are probed several times a day by these crackers. To ensure that you know as much about your systems as these miscreants, technicians should:

scan systems using the Sophos Scanner

• regularly, at least every 30 days to ensure new vulnerabilities are identified promptly
• immediately after installation/configuration of a new system is completed
• immediately after introduction of a new operating system or an upgrade to a current operating system
• immediately after installation or upgrade of networking or other system software

Repairs of identified vulnerabilities must be handled commensurate with the level of risk involved:

• For problems that pose a high risk for intrusion or compromise, repairs should be accomplished with 24 hours.
• For problems that pose a medium risk for intrusion or compromise, should be accomplished with 48 hours.
• For problems that pose a low risk for intrusion or compromise, repairs should be accomplished with 72 hours.

Where identified vulnerabilities cannot be repaired because they will negatively affect critical operations, mitigating controls (either at host-level or at network component-level) must be installed in order to minimize the risk caused by the particular flaw.

Consider scanning and securing a single machine and then using a disk imaging utility (like Norton's Ghost product) to copy that secure image to other machines. This process is extremely helpful when deploying similarly configured machines that are purchased as part of the equipment life-cycle replacement process.