Software Updates Critical to Thwarting Security Attacks

10/14/2010

Global organizations and small businesses are plagued with many IT Security issues. Companies in every industry are faced with security concerns on servers, workstations, laptops, printers, mobile phones, switches, and other information systems devices. Hackers may try to break into every possible weakness, but they often opt for the easiest and least time-consuming attack on a system.

Whatever a user’s level of comfort with computers, everyone needs to know that keeping your operating system current with updates is imperative. But even if you keep your computer up-to-date, some of today’s top vulnerabilities and exploits are not even a direct attack on the operating system itself. Adobe, Apache, and SQL are all known for vulnerabilities where users often do not take the time to appropriately update such software. One of the most popular software companies, Adobe, is constantly releasing security updates for Adobe Flash Player, Adobe Reader, and Adobe Acrobat. Hackers are finding all sorts of exploitable bugs within Adobe’s Software. Since almost every business user has at least one Adobe application, these security flaws could grant easy access for a hacker to get into a company’s network.

Adobe’s software isn’t the only target amongst hackers. Apache is a popular starting point as well. Apache software is a freeware web-server software solution. The average website today is typically run from Apache’s web server software. Also, almost every printer has Apache installed so that computer-savvy people can change a device’s settings. A printer is basically an operating system running Apache that prints. Because of this, a knowledgeable hacker could do serious damage just by being able to access a network printer. Other devices such as switches and routers usually have Apache installed, and can be configured to route traffic within a network. That makes these devices another vulnerable point of entry into your company’s network – an entry point that could cause serious problems if not properly patched.

Structured Query Language (SQL) databases are another popular pathway for hackers. These databases have been around for decades and often contain sensitive information about companies and customers. Because SQL databases have been around so long, there are many different vendors and versions of SQL making it difficult for people to upgrade and properly patch their database. Unpatched SQL databases can be a haven for a hacker with the proper tools. A simple SQL injection to a server running SQL could give the hacker access to many types of data as well as allow the hacker to possibly change data, steal data, shut the server down or completely highjack the server.

As a final point, there is a growing trend of software applications outside of Microsoft’s patching capabilities. The average home user and IT technician lets the operating system automatically check for updates and install those updates as needed. Because of this, a hacker will probably look for access through exploitable software applications. If users were to take the time to properly maintain current software with relevant patches and updates, they can greatly reduce the risk of an attack on their system. Users should also run a full virus scan (not just a quick scan) on a weekly basis, change passwords at least every 90 days (bank account, email, Facebook, etc.), and make sure to properly remove unused software. One must never assume that all software is updating and scanning properly, so review software logs to confirm the correct settings are in place. It is better to be safe than sorry.