Repair the Vulnerability

Logically, repairing the problem should be the first step in responding to a security incident. However, due to the cost of having the system or data unavailable and due to the time and effort involved, this step is often postponed until services and data are restored. Restoring data and services prior to understanding the cause of the problem can result in the recurrence of the problem. This may turn into a lengthy process of repeatedly restoring the system until the problem is isolated.

Once a vulnerability is discovered, it must be repaired; to do otherwise is negligent. Most of the time, vulnerabilities will be discovered by others who will report them to industry emergency response teams or to the vendor of the systems with the vulnerabilities. Then fixes to the vulnerabilities can be distributed to eliminate the problem everywhere. There is no reason that a system should be compromised because of a known vulnerability that should have been repaired. However, most successful attacks are against known vulnerabilities. Every system should apply all appropriate security patches from the appropriate vendors and keep abreast of new patches as they become available. If you have suffered a security incident the vulnerabilities that were exploited must be identified and repaired to avoid recurrence.

For many system administrators, this is the most interesting part of the problem. It can take a considerable amount of time and resources. Quite often the exact cause cannot be determined; a list of possible causes will develop instead. All of these possible causes need to be addressed and all the related problems repaired.

Repairing a vulnerability entails getting the correct resources. Process vulnerabilities can be addressed by the management responsible for the process. Administration vulnerabilities require that new administration procedures be defined and implemented. Software vulnerabilities must be repaired by those responsible, whether they are in-house or external software suppliers. These suppliers may issue a patch until the fix can be integrated into the software development cycle. If a patch is not rapidly forthcoming, then other methods of eliminating the vulnerability must be investigated. Evaluate how the vulnerability was exploited to determine if it will represent a class problem that could affect other areas of the system. Repairing the vulnerability is always the preferred methods of eliminating recurrence. Vulnerabilities can be repaired in a number of ways.

Apply a Patch

A patch is a piece of software that addresses the specific vulnerability. Generally , it is a small piece of code that has minimal impact on the software system. Patches are used because they can be quickly written, tested , and applied. However, they are usually focused on a very specific issue. They may not address other related vulnerabilities or the same vulnerability in other related software systems.

Disable the Service

Disabling the service that has a vulnerability will effectively remove the ability to exploit that vulnerability. If the service is not needed, then its software should be removed from the system so that it is not inadvertently restarted.

Change the Procedure

Changes to procedures may be able to eliminate a vulnerability if the changes in how the system is used affect how the system is misused, or if the vulnerability is a vulnerability in the procedure itself.

Security procedures require continuous review. Changes in technology, business conditions, the law, etc., all relate to the effectiveness of procedures.

Redesign

Redesigning the system indicates an acceptance of the fact that security really must be designed into the system and not bolted on after the fact. This is the most expensive way to fix a security vulnerability. However, if done correctly, it is the most likely to fix it on a long- term basis. Redesign is not generally considered until all other options are exhausted.

Redesign does become a viable alternative when new systems are being implemented. Designing a security architecture requires that all new systems and major renovations of existing systems adhere to the architecture. In time, this will increase the level of security of the information systems.