Scanning the Horizon
by Ronald van Geijn - Director of Product Marketing at Symantec - Monday, 3 May 2004.
How secure is your enterprise network? Today that's a harder question to answer than ever, especially as enterprise networks continue to grow in size and complexity.

Just consider: the number of security incidents is mushrooming each year, "critical" software patches are issued every month, and attacks move with such speed that companies scarcely have time to respond to them. This summer's Blaster worm, for example, arrived just 26 days after Microsoft disclosed an RPC DCOM Windows flaw and released a patch. That's why knowing the ins and outs of your network infrastructure has never been more mission-critical than it is now.

For many enterprises, providing a "deep look" into the network is the job of a vulnerability assessment scanner. This tool can root out possible weak points in a network before attackers do. For example, a scanner can probe networks for known vulnerabilities in operating systems, applications, and passwords, to name just a few areas. A scanner can also use sophisticated path analysis to illustrate the exact sequence of steps an intruder might take to discover and exploit a vulnerability in the network.

Let's look at the key features of a vulnerability assessment scanner and how to get the most out of this essential tool.

'What can a hacker see?'

Until a few years ago, many businesses were generally safe from Internet intrusions because they relied on dial-up connections. (Dial-up connections via phone lines receive a different Internet address on every call and are open too briefly to give hackers reliable access.) But today's broadband connections have Internet addresses that remain the same either permanently or for hours at a time. Once hackers find their way into a vulnerable network, they can explore or damage it at their leisure. Keep in mind, too, that your network may not be the real object of a hacker's plans. Distributed denial of service attacks have been launched from innocent third-party networks that were hijacked by hackers using clandestine intrusion attacks.

A vulnerability assessment scanner takes a hacker's view of the network. It automatically scans systems and services on the network and simulates common intrusion or attack scenarios. In essence, it answers the question, "What can a hacker see and exploit on the network?" (In contrast, so-called host-based scanners assess system-level vulnerabilities such as file permissions, user account properties, and registry settings.) Therefore, a vulnerability assessment scanner should be capable of:
  • Safely testing the entire network for security vulnerabilities and providing recommendations on how to fix them
  • Scanning multiple operating systems, including Unix, Linux, Windows 2000, and NetWare
  • Staying current with the very latest vulnerability signatures and alerts
  • Displaying scan progress with a real-time graphic view, revealing the root cause of vulnerabilities
  • Providing customizable management reports for a range of audiences
The importance of a scanner keeping current with the latest vulnerabilities cannot be underestimated. Successful defense against the new generation of blended threats - such as Slammer and Code Red -- requires a combination of steps and security functions. This includes use of an antivirus product, firewall technology, a security policy compliance tool (for identifying inadequate patch levels, finding unneeded services, and discovering weak passwords), intrusion protection solutions, as well as a vulnerability assessment scanner. Blended threats are expected to appear with increased regularity and growing complexity, and an integrated strategy represents an enterprise's best bet to address security at each tier of the network (i.e., client, server, and gateway).

Scanning and reporting

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //