Vulnerability scanning is a method of identifying vulnerabilities, or weaknesses, in the configuration of information technology systems. It is often performed by software that scans networks and computers for known vulnerabilities or exploits without attempting to exploit them. Show
This type of scanning can be done manually with the help of various tools, such as:
Vulnerability scanning vs penetration testingVulnerability scanning is the process of identifying vulnerabilities or weaknesses on a target system. Penetration testing goes one step further by attempting to exploit any identified vulnerabilities that were discovered during vulnerability scanning. Key differences between vulnerability scanning and penetration testing
It is important to be aware that both methods can locate vulnerabilities which could lead to data breaches if left unchecked – the difference between them lies in how each method approaches their task. How vulnerability scanning worksVulnerability scanning software is installed on the system to be scanned and configured according to your needs. It will then crawl through a preconfigured list of vulnerabilities, looking for them in places such as databases, websites, scanners running on local ports (e.g., FTP or SSH), etc., where it finds one that matches what you are looking for. Next, it reports back with more information about its findings. If these tests turn up any vulnerabilities – e.g., outdated packages which could contain known security flaws – they are reported so that an IT administrator can take remedial action. This usually involves installing updates or patching vulnerable areas until security patches become available. Vulnerability management processAfter the vulnerability scans are completed, it is important to take action. Vulnerabilities found by vulnerability scanning software will need to be addressed for security purposes. A few ways that this might happen include updating packages or configuring firewalls. The result of these steps could mean a company has less exposure and risk from potential attacks because the weaknesses have been fixed. Why you should consider using a vulnerability scanIt’s an affordable and efficient way to find out if your system is secure, or what security gaps you may have. Scanners are easy to use; they can be accessed remotely by the vendor while still allowing full control over the user environment. Types of vulnerability scansThere are many types of vulnerability scans that a company can conduct, and each type has its own strengths and weaknesses. Network-based scannersNetwork-based scanners scan a network or computer for vulnerabilities, and they can identify the type of vulnerability by looking at data packets. However, network-based scanners cannot detect vulnerabilities that are not in data packets. Another limitation is the inability to scan wireless networks and computers without a physical connection (such as with Bluetooth) or if access credentials have been changed. Host-based scannersHost-based scanners scan individual computers on a given network to determine if any are running outdated software with known security flaws that might leave them vulnerable. They may also be able to detect hidden devices connected to the company’s networks which could compromise their system defenses against malicious attacks. It is important not only to have an up-to-date antivirus program but also firewall protection as well in place when conducting this kind of scanning because it will help prevent unauthorized access into your systems from outside connections. Wireless scannersWireless vulnerability scanners identify rogue access points and verify that a company’s network is securely configured. Wireless scanners are used to detect any wireless networks that exist on the same frequency as an organization’s network. If no unauthorized networks are detected during the vulnerability scan, it means that all systems inside of your company’s network are using encrypted connections and cannot be accessed by someone on the outside. However, if unauthorized wireless signals are detected, it means that someone was able to wirelessly connect their computer or device to your network. A vulnerability scan will then identify the IP address that these signals are coming from and see if they match any other devices inside of the company’s firewall. If not, this means that an outside hacker may be trying to access one of your company’s devices. Application scannersThere are two types of application scanners: passive and active. Passive Application ScanningPassive application scanning means that it will not interact with the web server or device, instead it will monitor its performance, logging information such as success rates for logins and file downloads. Active application scanningActive application scanning is when a scanner sends queries to test against vulnerabilities in an application or system’s configuration by using automated scripts written to look for specific aspects of vulnerability. Database scannersDatabase scanners, like application scanners, come in two types: passive and active. Passive database scanningPassive database scanning is when a scanner monitors the performance of databases to look for any signs that unauthorized access attempts are being made or data has been tampered with. Active database scanningActive database scanning will interact directly with an application’s software by using automated scripts written to use various techniques such as injecting SQL queries (code) into input fields on web pages and comparing results between servers. Active searches may also monitor for other attacks, like buffer overflows and injection flaws in processing code used by applications. External vs internal vulnerability scansExternal scans are conducted by scanning the outside of a system, and looking for exploitable vulnerabilities. External vulnerability scans often look at:
from the outside to find any exploitable weaknesses on an organization’s perimeter. An internal scan is one that looks within a network or computer environment – typically using automated scripts like those used in active database scanning. A lot of organizations opt for both internal and external vulnerability testing because each type has distinct advantages and disadvantages. Internal tests offer continuous monitoring without affecting performance but may be hampered if there are no other systems available to test against (a third-party). On the other hand, external tests provide some level of assurance as they will be able to identify vulnerabilities that an organization may not be aware of. Authenticated vs unauthenticated vulnerability scansAn authenticated scan is one that requires a username and password to access the network. This type of vulnerability analysis provides an in-depth view into more than just device vulnerabilities but also gives information about the organization’s security posture (e.g. what types of protections it has). An unauthenticated scan only tests for devices on the perimeter, which may not be as detailed or accurate. Complementary security measuresMost organizations use a range of complementary security measures to eliminate vulnerabilities and ensure comprehensive coverage. These may include such things as:
The most important thing is that these different types of protection should be carefully mapped out in order to create an effective defense plan for the organization. How often to scan your systemsIt is recommended that regular vulnerability scans be conducted on systems at least annually, with more frequent scanning being required in industries such as healthcare and finance. Integration into your overall it strategyThe cybersecurity landscape continues to see dramatic changes and it’s important for organizations of all sizes to integrate a comprehensive security program into their overall IT strategy in order to protect themselves from cybersecurity threats. Company profileIf an organization is only worried about data breaches or system crashes then a smaller amount of scanning may be appropriate for them. If on the other hand, an organization wants protection against targeted cyberattacks by highly sophisticated actors as well as insider threats then they will need more frequent vulnerability scans. HygieneSome organizations choose to use vulnerability scanning as a hygiene-based system. This is when they will only run scans periodically and not proactively because the organization does not want to pay for ongoing security services, but would like some level of protection against external cyberattacks or data breaches. ComplianceAnother way organizations might use vulnerability scanning is as a compliance-based system. This is when an organization scans their environment to ensure they are compliant with industry regulations like PCI-DSS or ISO 27001. Common vulnerabilities detected by automated scanningThere are many types of vulnerabilities that can be detected by automated scanning. Some examples include:
Things to consider before running your own scan
How to prepare for running a vulnerability scanThe following steps should be followed to conduct a vulnerability assessment: Identify the systems that are going to be assessedThese can include Windows, Unix/Linux, network devices and more. It’s important that these hosts meet specific criteria in order for them to produce accurate results during scanning including having an open TCP port (usually 80) or they must have SNMP enabled on their system. Perform preliminary research before starting your scanReview event logs from previous days/weeks to review potential problems that may have occurred in the recent past. Next, check for known vulnerabilities associated with software installed on the system. You should also check for necessary permissions and whether remote login is enabled – if so, change passwords before scanning begins. Select your host and configure authentication informationSelect the host you want to scan and configure any necessary settings. This could include selecting a network range or adding an IP address and port to scan. You should also configure authentication information for your scanning tool if you are using one. This may entail setting up X11 forwarding as well so that the tool can authenticate on behalf of another user. Choose the type of vulnerability scanning to performYou’ll want to choose a specific type of scan and make sure that all systems meet the criteria necessary for them to produce accurate results during vulnerability assessment before performing any assessments with each system at risk if possible. This includes having an open TCP port or SNMP enabled on their system as mentioned earlier. Advantages of vulnerability scanning
Disadvantages of vulnerability scanning
Frequently asked questions about vulnerability scanningWhich areas does vulnerability scanning cover?Vulnerability scans are typically designed to analyze the following areas:
Why vulnerability scanning is important?Vulnerability scanning is important because companies are releasing software and mobile apps to the public without properly testing them for security vulnerabilities. These products may not have malicious code, but they will be vulnerable to hacking or intrusion from third parties looking to steal data or take control of a system. Vulnerability scans will help you:
How to prevent malicious vulnerability scanning?
What is a false positive and a false negative in vulnerability scanning?A false positive is when a system administrator believes there is an intrusion or virus on the machine but it really isn’t. A false negative happens when a vulnerability scanner doesn’t detect any vulnerabilities but there actually are some. Simply put: False positives mean you’re safe; while false negatives mean your risks go up. What types of compliance require vulnerability scanning?Vulnerability scanning is often required for compliance with the Payment Card Industry Data Security Standards (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA). The number of other compliance requirements that require vulnerability scans can vary from organization to organization. What types of vulnerabilities are scanned?The primary types of vulnerabilities include:
The more specific type will depend on what industry you work in as well as your company guidelines. For example: In healthcare, a key focus may be ensuring systems comply with HIPAA standards by not storing any personal health identifiers such as social security numbers in electronic media. A web application may also be scanned for common configuration issues such as missing security headers and SSL certificates. What are the two different types of vulnerability scans?Credentialed and non-Credentialed scans (also respectively referred to as authenticated and non-authenticated scans) are the two main categories of vulnerability scanning. Non-credentialed scans, as the name suggests, do not require credentials and do not get trusted access to the systems they are scanning.
What is vulnerability scanning and its types?Types of Vulnerability Scanning
Network vulnerability scanning: Vital scanning of an organization's network infrastructure to find vulnerabilities if any. Database vulnerability scanning: Scanning of databases where all confidential and application-related data is stored to detect any security risks.
What is vulnerability scanning and why is IT important?A vulnerability scan is a high-level automated test that searches for known vulnerabilities within your system and reports them. Some vulnerability scans can identify as many as 50,000 known weaknesses that can be exploited by attackers.
What are the different types of vulnerabilities?The different types of vulnerability
According to the different types of losses, the vulnerability can be defined as physical vulnerability, economic vulnerability, social vulnerability and environmental vulnerability.
|