how la manufacturers and distributors use vulnerability testing to protect company assets...
TRANSCRIPT
How LA Manufacturers and Distributors
Use Vulnerability Testing
to Protect Company Assets
Courtesy of FPA Technology Services, Inc.
http://www.TechGuideforLADistributors.com
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
The right vulnerability testing,
security assessment, and
ongoing management
of your IT resources
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
can help bring your
stress level down and
ensure your company
will have many more
working days ahead
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Vulnerability
Compared to Risk
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Vulnerability can be defined
as a weakness or openness
to attack or damage
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Testing is often done together
with a vulnerability assessment
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
This may sound similar
to a risk assessment,
but there are differences:
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
• Risk focuses on the
likelihood of a cause and
its impact (i.e. cost) on an
item or resource.
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Risk can also be positive
or negative
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
• Vulnerability is focused on
the opportunity or specific
exposure points or resources
and its implication on other
resources.
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Vulnerability is only negative
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Following up on possible
chains of events is therefore
an important part of
vulnerability testing
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
What Should Be Tested
for Vulnerability?
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Although every major
resource needed to keep
a manufacturer, distributor,
or wholesaler operational
should be checked,
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
IT resources get the lion’s
share of the testing
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Sometimes companies
fall short and only think of
vulnerability of IT equipment
and its immediate impact
on operations
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
rather than the valuable
information it contains and
the overall value impacted
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
How Should the Testing
Be Done?
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Tools exist to automate testing
to identify vulnerabilities
at a technical level
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
They should however be
supplemented with checks
on IT staff and employee
security procedures
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Chains and Fuzzing
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
The following two aspects
of vulnerability testing
of IT resources are of
particular interest:
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
1. Identifying chains of effects
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
A user login for a print server
might not seem like a big
deal, but that print server
might also be connected
to a network
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
that also links to a database
with SQL injection vulnerability
and potential exposure of
administrator login credentials
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
2. Fuzzing
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
The idea is to stumble upon
unknown vulnerabilities by
using random input,
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
rather than continually
retesting the standard paths
through a system that have
already been shown to be
well-protected
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Is your LA manufacturing
or distribution company
using vulnerability testing?
Sponsored by http://www.TechGuideforLADistributors.com
Craig PollackFounder & CEO
Give us your point of view
in the Comments box below
Copyright © FPA Technology Services, Inc.
Learn How to Boost Your Company’s
Productivity with the Right Technology
Download Your Free Guide
How COOs at Los Angeles Distributors
and Manufacturers Get More Done
Now at http://www.TechGuideforLADistributors.com