In our last post we discussed how cyber attacks such as DOS attacks and data theft result from the exploitation of configuration loopholes and how you can prevent them. The bigger question is what to do when you can’t do it on your own. The most effective method is to implement a configuration audit using a dedicated software solution such as Paladion’s RisqVu SCM, the choice of several leading enterprises for configuration audit automation.
Why a Software Solution?
Although it is possible to manually log into a system to perform scans and configuration audits, each system contains a different way to read and set configurations and requires expertise in multiple subject matters. Likewise, when dealing with 500+ servers, performing a manual configuration audit is not justifiable.
Risqvu SCM: Paladion’s Solution
Paladion has developed a software solution called RisqVu SCM. It is a web based configuration audit tool that can “harden” a configuration and perform an audit. Because RisqVu SCM has a large database of ready-to-use policies, it can be used on most common:
Operating systems (Windows, AIX, HP, Unix, Linux, Solaris and ESX)
Data base servers (Oracle, SQL Server)
Web Servers (IIS, Apache)
Network Servers (Cisco)
How Risqvu SCM Works
RisqVu SCM implements the following steps in order to do a configuration audit:
1) DEFINE POLICIES: A policy is defined as what it is you want to check and the process of organizing a set of similar policies is considered a policy profile. In RisqVu SCM, security profiles are created using an easy to use, scripted security programming language.
2) CREATE PROFILES: Policies are selected depending on the roles or functions of the system you are using. When various servers are being used for similar purposes, these policies can be grouped together for multiple uses into profiles. For example, TCP/IP Stack Settings, Session Time Limit Settings and Disabling Web Processing are three key policy profiles that can be grouped together into the Web Server profile. RisqVu SCM comes with a large, easily searchable repository of pre-established profiles.
3) SCAN ASSETS: The scan lifecycle is to 1) Select an asset. In this case, an operating system, database or device; 2) Select a profile or set of policies; 3) Scan; 4) Analyze or check the findings; 5) Rescan if necessary 6) Prepare by manually adjusting the findings; and 6) Finish by gathering responses. In RisqVu SCM you can use dropdown menus to create scans, download results with suggested solutions and view compliance levels.
4) ANALYZE FINDINGS: Once the policies are run and scans are conducted, each policy is checked to determine if the scan was classified as safe or unsafe. Once you have determined the noncompliances, RisqVu SCM prepares the audit and makes the necessary adjustments. These noncompliances are then converted to findings and you can move on to remediation.
5) REMEDIATE: RisqVu SCM is equipped with solutions for remediation and has a built-in ticketing system. Once you have discovered an instance of non-compliance, you can simply click on the “mitigate” option and assign remediation responsibilities to a designated party. Whoever receives the remediation assignment will find that RisqVu SCM provides an easy to follow step-by-step process necessary to remediate the noncompliance.
6) RESCAN ASSETS: Once you have finished you can rescan the assets to determine if they were properly remediated. The audit trend report compares the previous audit and current audit and shows whether the remediation was successful.
When dealing with configuration hardening, it is too large and too important of a job to do on your own. Relying on an automated system like RisqVu SCM makes more sense and will provide you all of the tools you need to successfully prevent and mitigate attacks protecting your business from creative cyber attacks and ultimately keeping your customers’ data safe.