Regularly Assess Your Network to Determine Risk
The key to discovering your active CVEs is to scan your network with a vulnerability assessment tool. Armed with a CVE report, you can assess risk and begin patching. Your network vendor will recommend software versions that have resolved the CVEs.
Alternatively, bring in a security consultant who can assess the network, rank CVEs by their level of severity and recommend a mitigation strategy.
Prioritize Patching Network Devices with the Most Risk
New CVEs are discovered constantly, so much so that even dedicated security professionals can’t keep up.
However, not all CVEs represent the same level of risk. Some are critical, while others are ranked high, medium or low. Critical CVEs represent serious risk and should be patched immediately. The others should be considered progressively less risky. Judging CVE risk is the job of an IT professional who understands your school’s network well.
Additional Configuration Steps Help Network Gear Survive Attacks
No amount of scanning and patching can replace proper configuration. However, school IT teams should ensure they are using authentication, authorization and accounting schemes to limit and log what administrators do. Vendor security hardening guides can help make a device resistant to attacks.
Monitoring network devices and collecting their logs can help admins detect unusual behavior that might indicate an attack. Periodic auditing of a device’s configuration and operating state can help ensure it is functioning in compliance with school policy.