How to check the vulnerability of solarwinds application in terms of security.
How to check the vulnerability of solarwinds application in terms of security.
We use Rapid7 to continually check all our Apps against vulnerabilities. Use that, or something like it (e.g.: MetaSploit, W3GF, Nipper, Nexpose, Nessus, etc.) to test all devices and applications BEFORE they are put on your network.
When problems are discovered, identify they are not false positives and then correct the issues--or take the application or device off the network entirely until it can be made safe again. Use a "No Exceptions" policy for this.
Is there any report or document that will showcase the latest details of security, that you can share.
rschroeder do you remember if you had to deal with any false positives for java jre? We use the same tools and we keep getting told that we have a java jre vulnerability. Solarwinds has confirmed that the Job Engine v2 does leverage java and there's no way around it.
Thankfully, our Security Team was tasked with the testing & distributing the results and required/recommended corrections. I don't recall receiving anything from about JAVA JRE, but that doesn't mean a concern wasn't found and corrected.
Your best bet is to run a security scanner on the incoming systems before they are put on the network, and then correct any problems before the devices are put online.
Then run the scans against all existing networked devices and create a remediation program to correct their shortcomings, weaknesses, and vulnerabilities. Such a scan and program must include ALL networked devices, including-but-not-limited to:
After you have the right scanning tool(s), a great policy for using them, and great practices for preventing vulnerable devices from being attached to the network, and for discovering legacy devices with problems that are already on the network, then you need to up your game and start scanning everything again. We used to do repeated scans of everything on the network on a monthly basis until most problems were identified and corrected. Then we dropped the "monthly" part and continually scan every address on the network. That helps reduce real-time vulnerabilities from growing over thirty days, and keeps everything running smoothly.
Good luck to you!
Rick
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.