WHAT IS AN ANALYSIS OF COMPUTER VULNERABILITIES?
By definition a computer vulnerability can be considered as a weakness of any kind that affects or compromises the security of a computer component.
Computer vulnerabilities can be grouped according to:
- Perimeter Security Design
- Weakness in the design of protocols used in networks.
- Poor and non-existent security policies.
- Programming Errors.
- Existence of "back doors" in computer systems.
- Manufacturers' negligence.
- Inadequate configuration of computer systems.
- Lack of awareness and lack of awareness of users and IT managers.
- Availability of tools that facilitate attacks.
- Government limitation of security technologies.
- Zero Day Vulnerability
In view of all these factors, vulnerability analysis is a service through which software weaknesses or strengths are checked through software tools and consulting services in the face of the known threats on the day of the evaluation for both external elements (SAAS Services , Cloud Computing Services, BYOD Services, Unauthorized Users, Sniffers, Robots, etc.) and internal elements (Users, deployed systems, workstations, mobile devices, operating systems, etc.)
Correct vulnerability analysis not only detects areas for improvement, but also proposes the correct architecture needed to protect the infrastructure of an organization and the different security policy changes that need to be implemented to ensure continuity of operation, assistance that Should be provided when IT security and disaster recovery are threatened and threatened.
The steps required for vulnerability analysis can be summarized below:
1.- Scanning of external vulnerabilities.
2.- Scanning of internal vulnerabilities.
- Security Policy Review
- Review of processes, support policies and configurations that compromise computer security.
- Reinforcement of the network topology.
- Generation of recommendations document of good practices of computer security, architecture ideal for the organization.
- Planning for events that compromise security.
- Review of backup policies, redundancy systems, disaster recovery plans.
- Generation of document recommendations to security events.