An outline of some ways by which computer vulnerabilities can be found and compared
How would you compare the different vulnerabilities and threats to your computer?
There are numerous ways in which a user can go about comparing the different vulnerabilities and threats to their computer. Doing so is essential to protecting one’s information against a range of malicious activities, as prevention is always more desirable than cure. An effective strategy might be for a user to stay up-to-date on current threats, while also identifying potential inadequacies in their security, hardening their system where necessary. To identify current and future threats, there are a range of resources available, including the McAfee Labs’ quarterly Threats Report and annual Threat Predictions. Between these two documents, users will have an account of current threats, including the collusion that McAfee Labs has identified in more than 5,000 mobile applications (Cheng, 2016, p.2), as well as potential vulnerabilities, outlined in the organisation’s five-year cybersecurity forecast (Beek, 2016, p.2).
Armed with a greater understanding of current and potential threats, users can then utilise vulnerability scanners to identify precisely where their system’s defences could be improved. Vulnerability scanners are “automated tools that are used to identify vulnerabilities and misconfigurations of hosts” (Scarfone, 2009, p.69), identifying, for example, software that requires updating, essential patches, and compliance issues. While vulnerability scanners can produce a high volume of false positives, they are nonetheless a valuable tool in system hardening. There are several vulnerability scanners available to users (Tittel, 2016), both proprietary and open source.
Beek, C. (2016) Threats Predictions. [Online]. Available from: http://www.mcafee.com/uk/resources/reports/rp-threats-predictions-2016.pdf [Accessed: 11 November 2016].
Cheng, W. (2016) Threat Report. [Online]. Available from: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threats-may-2016.pdf [Accessed: 11 November 2016].
Scarfone, K. (2009) Guide to General Server Security: Recommendations of the National Institute of Standards and Technology. Collingdale, PA, DIANE Publishing.
Tittel, E. (2016) Comparing the top vulnerability management tools. [Online]. February 2016. SearchSecurity. Available from: http://searchsecurity.techtarget.com/feature/Comparing-the-top-vulnerability-management-tools [Accessed: 11 November 2016].