One aspect of network security that is often overlooked is checking a network for issues using a vulnerability scanner. Vulnerabilities are issues, weaknesses or misconfiguration in software that an attacker can exploit to gain unauthorized access to his victim’s system. Through the use of a vulnerability scanner, these issues are pinpointed and reported to the administrator.
Perhaps the primary reason why vulnerability scanning is taken for granted is because vulnerabilities are considered to be issues which are fixed through patch management. It is a common misconception that with a patch management strategy, the vulnerabilities found on the network are also being taken care of. This is partially true when considering how a chunk of vulnerabilities are in fact software issues that are fixed by patching, however it is not always the case. Vulnerabilities can be caused by mis-configurations, software that is inherently problematic or even software issues for which the vendor has not yet released a patch.
What can we do about vulnerabilities?
The first step is to see if your system does in fact have any vulnerability. For this you need to use a vulnerability scanner or, although not recommended if your budget is limited, you can run a vulnerability scan manually.
Running a vulnerability scan manually:
It is possible to do a vulnerability assessment without the use of any software, although this will have an intrinsic amount of inaccuracy and will be very time consuming. In order to determine if there are vulnerabilities on your network through a manual vulnerability scan, you should first get a list of applications / services installed on your network. Once the list is available, check each software’s official site to see if there are any issues / insecurities reported by the vendor. Some vendors will also offer guides on how their application should be configured securely. Generally, such guides will also contain information on what configuration options to avoid. This information is very useful and it is definitely a good idea to read them. The next step is to check vulnerability database sites for the latest lists. Sites like the National Vulnerability Database and Bugtraq are a central location for known vulnerabilities – checking these sites regularly in relation to what software is running on your network is highly important.
Running a vulnerability scan using a vulnerability scanner:
A more effective way to do vulnerability scanning is through the use of a vulnerability scanner. These scanners will have a database of vulnerabilities that is automatically updated by the vulnerability scanner vendor whenever a new vulnerability is discovered. An administrator can set up the scanner to automatically scan the network periodically and issue reports when a new vulnerability is detected. It might also offer remediation options or a detailed description of what is causing the vulnerability and what should be done to fix that vulnerability.
Regardless of whether you run a vulnerability scan manually or using a vulnerability scanner, your network should be monitored for vulnerabilities. Most vulnerabilities will lead to a system compromise of some degree which in turn can result in serious consequences for the business. Vulnerability scanning is a preventive measure that can potentially save your business’s reputation and assets.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI vulnerability scanner
*All product and company names herein may be trademarks of their respective owners.