1.5 Explain vulnerability scanning concepts. Flashcards
Vulnerability scanning
Usually minimally invasive, unlike a penetration test
• Port scan - Poke around and see what’s open
• Identify systems and security devices
• Test from the outside and inside
• Don’t dismiss insider threats
• Gather as much information as possible
• We’ll separate wheat from chaff later
Scan types
Scanners are very powerful
• Use many different techniques
to identify vulnerabilities
• Non-intrusive scans
Gather information, don’t try to
exploit a vulnerability
• Intrusive scans
• You’ll try out the vulnerability to see if it works
• Non-credentialed scans
• The scanner can’t login to the remote device
• Credentialed scan
• You’re a normal user,
emulates an insider attack
Identify vulnerability
The scanner looks for everything
• Well, not everything
• The signatures are the key
Vulnerability scan results
Lack of security controls
• No firewall, no anti-virus, no anti-spyware
• Misconfigurations - Open shares, guest access
• Real vulnerabilities
• Especially newer ones, occasionally the old ones
Dealing with false positives
A vulnerability is identified that
doesn’t really exist
False negatives
A vulnerability exists, but you didn’t detect it
• Update to the latest signatures
If you don’t know about it, you can’t see it
• Work with the vulnerability
detection manufacturer
• They may need to update their signatures
for your environment