- Network (firewalls, routers, switches, etc)
- Systems (Servers, Operating System services)
- Applications (Configuration errors, design flaws)
Why conduct vulnerability scans?
- Obviously--to find vulnerabilities!!
- Test your intrusion detection system
- Test incident response (would your company be able to detect an attack?)
- Test managed security provider (if you're paying for managed security, you should test them)
How often should you scan?
- If you're in charge of network, do this at least monthly!
Vulnerability Targets
- All access points (wireless, vpns, modems, etc.)
There are multiple scanners for different targets
- firewalls
- web servers
- wireless network
- lotus notes
- novell netware
- several others
Attack signature database
- Must be updatable and kept up to date (otherwise you may miss something)
Once you've found a problem, what should you do?
- Search the National Vulnerability Database or CVE at (http://nvd.nist.gov/) for ways to protect against or eliminate the vulnerability.
- Beware of false positives
Scanner characteristics to look for when purchasing
- Specialization for specific targets requiring protection
- Ability to perform multiple tests against multiple targets (ip ranges)
- Reporting mechanism
- How to fix problems (refers you to CVE or other references)
- Reasoning for false positives
Open Source Characteristics
- (Pros) Free!, frequent updates, more vulnerabilites, customizable
- (Cons) Limited support, many false positives, expertise needed
- Examples: Nessus, Sara, Nmap
Commercial Characteristics
- (Pros) User -friendly, enhanced report generation
- (Cons) Cost of software and support can be high
- Examples: Cybercop, ISS
Conducting Scan
- Arrange a time (especially if planning a DoS attack)
- Make sure you have an authorization agreement with system owner that details what/how you will be targeting, etc.
- Look at things germaine to customer's business case
- Look at threats and their probabilities (high vs. low vulnerability)
- Focus on finding vulnerabilities against those things that would most affect the customer
Data Analysis Challenges
- Lots of false positives to sift through
- Important data results are not always obvious from scanning tools (Try putting a few low vulnerabilities together to come up with something potentially more severe)
- Compare results with the vulnerability database
1 comment:
Completely agree... vulnerability scanner is very important tool and this blog nicely explain work and importance of vulnerability scanner. Thanks for sharing
Post a Comment