{"id":719,"date":"2023-10-10T12:18:00","date_gmt":"2023-10-10T19:18:00","guid":{"rendered":"http:\/\/updown\/?p=719"},"modified":"2023-10-11T00:38:55","modified_gmt":"2023-10-11T07:38:55","slug":"remediation-best-practices","status":"publish","type":"post","link":"https:\/\/updown\/remediation-best-practices\/","title":{"rendered":"Remediation Best Practices"},"content":{"rendered":"\n

Conducting a network vulnerability scan is a critical step in the identification of security weaknesses within your network infrastructure. However, your real work begins after the scan \u2013 the remediation phase. Armed with a comprehensive report generated by a reliable scanning engine, your next move is to strategically mitigate the vulnerabilities uncovered. Effective remediation is a nuanced process, requiring a blend of technical expertise, risk assessment, and operational know-how. In this article, we’ll delve into best practices for remediation, aiming to provide you with a systematic approach to secure your network assets efficiently and effectively.<\/p>\n\n\n\n

1) Keep It Simple<\/h2>\n\n\n\n

Simplicity is key to effective remediation. Over-complicating the process may lead to errors or inefficiencies. A simple approach can offer both robust security and operational efficiency.<\/p>\n\n\n\n

Follow the Prescribed Steps
<\/strong>A good vulnerability scan report will include clear and reliable remediation instructions. These are often straightforward procedures vetted by security researchers. Stick to these guidelines as they are the quickest and safest routes to fix vulnerabilities.<\/p>\n\n\n\n

Don\u2019t Use a Bulldozer When a Shovel Will Do
<\/strong>Overly elaborate solutions can introduce new complexities, risks, and points of failure into your system. Keeping your fixes as simple as possible ensures that the process can be managed better, and work can be performed and verified more easily, reducing both time-to-fix and the potential for introducing new vulnerabilities.<\/p>\n\n\n\n

It\u2019s Sometimes OK to Not Fix It Directly
<\/strong>If a vulnerability is truly unexploitable due to specific configurations or conditions, apply the workaround. For example, reducing access to a vulnerable service could serve as a temporary measure, or perhaps even a long term solution. These situations require a unique risk calculus that is specific to your environment. And sometimes it\u2019s worth a conversation around shutting down a service completely if the risk is high, remediation is costly, and the service isn\u2019t critical. Conversations like this can help improve your operations even beyond security.<\/p>\n\n\n\n

It\u2019s Sometimes OK to Let a Vulnerability Exist
<\/strong>Some vulnerabilities may be acceptable depending on your unique business operations, like using self-signed certificates in a development environment. If you’re not completely confident, consult a trusted source<\/a> for a second opinion.<\/p>\n\n\n\n

2) Prioritize Based on Risk<\/h2>\n\n\n\n

Every vulnerability comes with its own set of risks and complexities, making prioritization crucial. The ultimate goal should be efficiency \u2013 the number of fixes per time \u2013 guided by overall risk.<\/p>\n\n\n\n

The Important Scoring Ratio
<\/strong>When it comes to prioritization, weigh the potential for harm against the ease of fixing. The precise definitions of these terms are best determined by someone who understands your operations intimately. Outside consultants should take the time to learn your business, processes, and people, to help make a well-informed decision.<\/p>\n\n\n\n

Three-Bucket Strategy
<\/strong>Divide the vulnerabilities into just three categories: 1) fix ASAP, 2) fix soon, 3) fix when convenient. Work your way through these buckets in order of (1) to (3). Within each bucket, aim to fix the items as quickly as possible, in whatever way works for you: optimize your agile velocity, fill in empty time between existing tasks\/projects, throw darts to assign fixes, etc.<\/p>\n\n\n\n

3) Test and Verify<\/h2>\n\n\n\n

You can\u2019t assume a fix is effective until you’ve tested it, and have confidence the fix hasn\u2019t introduced other problems.. There are multiple ways to do this:<\/p>\n\n\n\n

Option 1: Re-Scan
<\/strong>After implementing your fixes, run another scan. If you re-scan only a subset of hosts, be sure that your fix won’t inadvertently impact other parts of the infrastructure.<\/p>\n\n\n\n

Option 2: Test Manually
<\/strong>Use other tools along with data from the scan report to test the fixes manually. For instance, after updating SSL\/TLS configurations, you can use an app like testssl.sh to ensure that deprecated protocols and ciphers are now disabled.<\/p>\n\n\n\n

$ testssl.sh --quiet -p scanmy.cloud:443\n\nTesting all IPv4 addresses (port 443): 50.18.215.94 52.9.166.110\n---------------------------------------------------------------------------\n Start 2023-10-09 23:52:07        -->> 50.18.215.94:443 (scanmy.cloud) <<--\n\n Further IP addresses:   52.9.166.110\n rDNS (50.18.215.94):    ec2-50-18-215-94.us-west-1.compute.amazonaws.com.\n Service detected:       HTTP\n\n Testing protocols via sockets except NPN+ALPN \n\n SSLv2      not offered (OK)<\/strong><\/mark>\n SSLv3      not offered (OK)<\/mark><\/strong>\n TLS 1      not offered\n TLS 1.1    not offered\n TLS 1.2    offered (OK)\n TLS 1.3    offered (OK): final\n NPN\/SPDY   not offered\n ALPN\/HTTP2 h2, http\/1.1 (offered)<\/pre>\n\n\n\n

4) Ask for Help<\/h2>\n\n\n\n

Even seasoned professionals seek advice. If you\u2019re stuck at any stage of the remediation process, ask your scan engine vendor or security consultant for help.<\/p>\n\n\n\n

ScanMy.Cloud offers unlimited support to help you understand your report and guide you through the best fixes in your unique environment. Reach out to us<\/a> for more information or specialized assistance.<\/p>\n","protected":false},"excerpt":{"rendered":"

Fix more with greater confidence and easier logistics.<\/p>\n","protected":false},"author":1,"featured_media":722,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[23],"tags":[22,14],"yoast_head":"\nRemediation Best Practices - Scan My Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/updown\/remediation-best-practices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Remediation Best Practices - Scan My Cloud\" \/>\n<meta property=\"og:description\" content=\"Fix more with greater confidence and easier logistics.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/updown\/remediation-best-practices\/\" \/>\n<meta property=\"og:site_name\" content=\"Scan My Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-10T19:18:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-11T07:38:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1067\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"brian.lovrin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"brian.lovrin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t \"@context\": \"https:\/\/schema.org\",\n\t \"@graph\": [\n\t {\n\t \"@type\": \"Article\",\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/#article\",\n\t \"isPartOf\": {\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/\"\n\t },\n\t \"author\": {\n\t \"name\": \"brian.lovrin\",\n\t \"@id\": \"https:\/\/updown\/#\/schema\/person\/d94c434fcc5df4a8406b96ea42074374\"\n\t },\n\t \"headline\": \"Remediation Best Practices\",\n\t \"datePublished\": \"2023-10-10T19:18:00+00:00\",\n\t \"dateModified\": \"2023-10-11T07:38:55+00:00\",\n\t \"mainEntityOfPage\": {\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/\"\n\t },\n\t \"wordCount\": 682,\n\t \"publisher\": {\n\t \"@id\": \"https:\/\/updown\/#organization\"\n\t },\n\t \"image\": {\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/#primaryimage\"\n\t },\n\t \"thumbnailUrl\": \"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg\",\n\t \"keywords\": [\n\t \"remediation\",\n\t \"tips\"\n\t ],\n\t \"articleSection\": [\n\t \"Remediation\"\n\t ],\n\t \"inLanguage\": \"en-US\"\n\t },\n\t {\n\t \"@type\": \"WebPage\",\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/\",\n\t \"url\": \"https:\/\/updown\/remediation-best-practices\/\",\n\t \"name\": \"Remediation Best Practices - Scan My Cloud\",\n\t \"isPartOf\": {\n\t \"@id\": \"https:\/\/updown\/#website\"\n\t },\n\t \"primaryImageOfPage\": {\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/#primaryimage\"\n\t },\n\t \"image\": {\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/#primaryimage\"\n\t },\n\t \"thumbnailUrl\": \"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg\",\n\t \"datePublished\": \"2023-10-10T19:18:00+00:00\",\n\t \"dateModified\": \"2023-10-11T07:38:55+00:00\",\n\t \"breadcrumb\": {\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/#breadcrumb\"\n\t },\n\t \"inLanguage\": \"en-US\",\n\t \"potentialAction\": [\n\t {\n\t \"@type\": \"ReadAction\",\n\t \"target\": [\n\t \"https:\/\/updown\/remediation-best-practices\/\"\n\t ]\n\t }\n\t ]\n\t },\n\t {\n\t \"@type\": \"ImageObject\",\n\t \"inLanguage\": \"en-US\",\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/#primaryimage\",\n\t \"url\": \"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg\",\n\t \"contentUrl\": \"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg\",\n\t \"width\": 1600,\n\t \"height\": 1067,\n\t \"caption\": \"woman placing sticky notes on wall\"\n\t },\n\t {\n\t \"@type\": \"BreadcrumbList\",\n\t \"@id\": \"https:\/\/updown\/remediation-best-practices\/#breadcrumb\",\n\t \"itemListElement\": [\n\t {\n\t \"@type\": \"ListItem\",\n\t \"position\": 1,\n\t \"name\": \"Home\",\n\t \"item\": \"https:\/\/updown\/\"\n\t },\n\t {\n\t \"@type\": \"ListItem\",\n\t \"position\": 2,\n\t \"name\": \"Remediation Best Practices\"\n\t }\n\t ]\n\t },\n\t {\n\t \"@type\": \"WebSite\",\n\t \"@id\": \"https:\/\/updown\/#website\",\n\t \"url\": \"https:\/\/updown\/\",\n\t \"name\": \"Scan My Cloud\",\n\t \"description\": \"Cost-effective Enterprise Vulnerability Scanning\",\n\t \"publisher\": {\n\t \"@id\": \"https:\/\/updown\/#organization\"\n\t },\n\t \"potentialAction\": [\n\t {\n\t \"@type\": \"SearchAction\",\n\t \"target\": {\n\t \"@type\": \"EntryPoint\",\n\t \"urlTemplate\": \"https:\/\/updown\/?s={search_term_string}\"\n\t },\n\t \"query-input\": \"required name=search_term_string\"\n\t }\n\t ],\n\t \"inLanguage\": \"en-US\"\n\t },\n\t {\n\t \"@type\": \"Organization\",\n\t \"@id\": \"https:\/\/updown\/#organization\",\n\t \"name\": \"Jazz Noon LLC\",\n\t \"url\": \"https:\/\/updown\/\",\n\t \"logo\": {\n\t \"@type\": \"ImageObject\",\n\t \"inLanguage\": \"en-US\",\n\t \"@id\": \"https:\/\/updown\/#\/schema\/logo\/image\/\",\n\t \"url\": \"https:\/\/updown\/wp-content\/uploads\/2023\/06\/scanmycloud-new-logo-medium-2.png\",\n\t \"contentUrl\": \"https:\/\/updown\/wp-content\/uploads\/2023\/06\/scanmycloud-new-logo-medium-2.png\",\n\t \"width\": 800,\n\t \"height\": 192,\n\t \"caption\": \"Jazz Noon LLC\"\n\t },\n\t \"image\": {\n\t \"@id\": \"https:\/\/updown\/#\/schema\/logo\/image\/\"\n\t }\n\t },\n\t {\n\t \"@type\": \"Person\",\n\t \"@id\": \"https:\/\/updown\/#\/schema\/person\/d94c434fcc5df4a8406b96ea42074374\",\n\t \"name\": \"brian.lovrin\",\n\t \"sameAs\": [\n\t \"http:\/\/updown\"\n\t ],\n\t \"url\": \"https:\/\/updown\/author\/brian\/\"\n\t }\n\t ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Remediation Best Practices - Scan My Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/updown\/remediation-best-practices\/","og_locale":"en_US","og_type":"article","og_title":"Remediation Best Practices - Scan My Cloud","og_description":"Fix more with greater confidence and easier logistics.","og_url":"https:\/\/updown\/remediation-best-practices\/","og_site_name":"Scan My Cloud","article_published_time":"2023-10-10T19:18:00+00:00","article_modified_time":"2023-10-11T07:38:55+00:00","og_image":[{"width":1600,"height":1067,"url":"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg","type":"image\/jpeg"}],"author":"brian.lovrin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"brian.lovrin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/updown\/remediation-best-practices\/#article","isPartOf":{"@id":"https:\/\/updown\/remediation-best-practices\/"},"author":{"name":"brian.lovrin","@id":"https:\/\/updown\/#\/schema\/person\/d94c434fcc5df4a8406b96ea42074374"},"headline":"Remediation Best Practices","datePublished":"2023-10-10T19:18:00+00:00","dateModified":"2023-10-11T07:38:55+00:00","mainEntityOfPage":{"@id":"https:\/\/updown\/remediation-best-practices\/"},"wordCount":682,"publisher":{"@id":"https:\/\/updown\/#organization"},"image":{"@id":"https:\/\/updown\/remediation-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg","keywords":["remediation","tips"],"articleSection":["Remediation"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/updown\/remediation-best-practices\/","url":"https:\/\/updown\/remediation-best-practices\/","name":"Remediation Best Practices - Scan My Cloud","isPartOf":{"@id":"https:\/\/updown\/#website"},"primaryImageOfPage":{"@id":"https:\/\/updown\/remediation-best-practices\/#primaryimage"},"image":{"@id":"https:\/\/updown\/remediation-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg","datePublished":"2023-10-10T19:18:00+00:00","dateModified":"2023-10-11T07:38:55+00:00","breadcrumb":{"@id":"https:\/\/updown\/remediation-best-practices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/updown\/remediation-best-practices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/updown\/remediation-best-practices\/#primaryimage","url":"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg","contentUrl":"https:\/\/updown\/wp-content\/uploads\/2023\/10\/oalh2mojuuk.jpg","width":1600,"height":1067,"caption":"woman placing sticky notes on wall"},{"@type":"BreadcrumbList","@id":"https:\/\/updown\/remediation-best-practices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/updown\/"},{"@type":"ListItem","position":2,"name":"Remediation Best Practices"}]},{"@type":"WebSite","@id":"https:\/\/updown\/#website","url":"https:\/\/updown\/","name":"Scan My Cloud","description":"Cost-effective Enterprise Vulnerability Scanning","publisher":{"@id":"https:\/\/updown\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/updown\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/updown\/#organization","name":"Jazz Noon LLC","url":"https:\/\/updown\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/updown\/#\/schema\/logo\/image\/","url":"https:\/\/updown\/wp-content\/uploads\/2023\/06\/scanmycloud-new-logo-medium-2.png","contentUrl":"https:\/\/updown\/wp-content\/uploads\/2023\/06\/scanmycloud-new-logo-medium-2.png","width":800,"height":192,"caption":"Jazz Noon LLC"},"image":{"@id":"https:\/\/updown\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/updown\/#\/schema\/person\/d94c434fcc5df4a8406b96ea42074374","name":"brian.lovrin","sameAs":["http:\/\/updown"],"url":"https:\/\/updown\/author\/brian\/"}]}},"_links":{"self":[{"href":"https:\/\/updown\/wp-json\/wp\/v2\/posts\/719"}],"collection":[{"href":"https:\/\/updown\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/updown\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/updown\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/updown\/wp-json\/wp\/v2\/comments?post=719"}],"version-history":[{"count":15,"href":"https:\/\/updown\/wp-json\/wp\/v2\/posts\/719\/revisions"}],"predecessor-version":[{"id":737,"href":"https:\/\/updown\/wp-json\/wp\/v2\/posts\/719\/revisions\/737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/updown\/wp-json\/wp\/v2\/media\/722"}],"wp:attachment":[{"href":"https:\/\/updown\/wp-json\/wp\/v2\/media?parent=719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/updown\/wp-json\/wp\/v2\/categories?post=719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/updown\/wp-json\/wp\/v2\/tags?post=719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}