Scanning the Horizon
by Ronald van Geijn - Director of Product Marketing at Symantec - Monday, 3 May 2004.
A comprehensive vulnerability scan begins by "discovering" all of the active devices on the network. This is followed by a port scan, which identifies ports in listening mode as well as those that may have exploitable active services. Full scans check for open TCP and UDP ports and examine network services (such as DNS and FTP). These scans will also check operating systems and application software for unauthorized modifications and for known problems that can be fixed by patches.

Next, the scanner analyzes the data and generates a report detailing potential vulnerabilities and fixes. A scanner should display data in real time as it scans, then provide appropriate reports so administrators don't have to search through volumes of data. Beware of scanners that flood you with hundreds of pages of potential problematic symptoms (or too many "false positive" reports). A scanner should illustrate the cause of a problem, the risk it poses, and make recommendations on how to eliminate it. As for the reports themselves, you should be able to tailor them for a range of audiences, both technical and executive, and be able to export them to a variety of formats, such as Word, Excel, and HTML.

In or out?

Several factors must be considered if you plan to undertake vulnerability assessment scanning, including whether to do the job in-house. Today companies are increasingly considering turning to a managed security services provider (MSSP) to handle the task. Any organization considering partnering with an MSSP should first ask the following questions:
  • Does the MSSP under consideration have sufficient consultants to assist onsite and to assist in implementing any recommendations?
  • Does the provider or its partners have the national or global reach required by your company?
  • Does the provider have sufficient financial wherewithal to survive varying economic climates?
Timeliness is key

Regardless of whether the job is done in-house or through a partnership, security experts agree that once a vulnerability assessment has been performed, it's important to take corrective action promptly. If too much time passes between when the scanning occurs and when corrective action is taken, network connections might change, rendering your report out of date.

Remember, too, that vulnerability assessment scanning is not a one-time fix. A security edifice that is rock-solid today can crumble tomorrow under the assault of newly discovered exploits. (And that's all the more reason to make sure that the scanner you select keeps current with the latest vulnerabilities.) Security experts recommend that you run penetration tests against critical sites every three months. It is also suggested that you change penetration testers every six months to provide a breadth of vulnerability analysis.

It should also be emphasized that vulnerability assessment scanning does not replace in-person security audits. Your company's enterprise security policies and procedures need to be regularly reviewed by actual persons to guarantee that they are in place and being followed. The bottom line: effective security is a combination of people, policies, procedures, and technologies.

Conclusion

Protecting today's dynamic networks against ever-changing security threats requires vigilance as well as action. A vulnerability assessment scanner, frequently updated to reflect the latest attacks, can be an essential weapon in your information security arsenal. The recent Blaster worm was just the latest reminder that corporations need to move swiftly to prevent attack. It won't be the last.

Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Dec 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //