Three steps to calmly deal with Bash Vulnerabilities

Three steps to calmly deal with Bash Vulnerabilities

Although the bash vulnerability has caused an uproar in the industry, it has not collapsed. This is not the first and not the last one that has a huge destructive power. The problem is inevitable, but the key is what to do after the problem occurs.

Step 1: understand what happened.

Do not rush to take action first. Take some time to understand the severity, possible consequences and impacts of bash, and make up for the difficulties of the vulnerability. With the development of vulnerability analysis in the industry, the vulnerability details become clearer. Therefore, in the initial stage of a vulnerability, you must collect relevant information to learn more about the vulnerability. Note the following three aspects:

1. Obtain the actual information to confirm the understanding of the vulnerability. When a vulnerability outbreak occurs, various analysis reports are overwhelming. What is needed at this time is calm analysis and clear judgment.

2. Explain the vulnerability to others. Includes your team, colleagues, and management.

3. Consider how to take measures. What resources are required? What is the processing process? What is the scope of impact? How fast is the response speed?

Step 2: quickly evaluate the system environment.

Different vulnerabilities cause different risks. In addition to automatic scanning tools, you must perform manual checks. If necessary, you must also use the help of the vendor to determine the specific risks. Focus on potential risks, assess response capabilities, and mobilize all resources as much as possible. With the participation of personnel from other departments related to the system, these persons can assess the possible risks and impacts, including time, cost, and impact, based on their work experience, potential difficulties and complex factors lead to more accurate assessment conclusions.

Third, conduct detection at the same time when determining the emergency work sequence.

When a new vulnerability is exposed, it is very likely that the attacker has intruded into the system by exploiting the vulnerability. Therefore, it is necessary to detect and troubleshoot the system conditions, and discover and remedy the problem as quickly as possible. Emergency response includes systems with vulnerabilities, infected devices, security policies, system tests, and patch management. First, ensure the most important system, and then handle other problems in a tight and orderly manner.

Remember: "Slow is fast ". It may take several hours or even one or two days to form an action plan. Using this period of time to smoothly plan the links between various parts, reduce conflict and friction, and ultimately form faster remedial measures.