1.5 Explain vulnerability scanning concepts.

Question 1

Vulnerability scanning

Answer 1

Usually minimally invasive, unlike a penetration test
• Port scan - Poke around and see what’s open
• Identify systems and security devices
• Test from the outside and inside
• Don’t dismiss insider threats
• Gather as much information as possible
• We’ll separate wheat from chaff later

Question 2

Scan types

Answer 2

Scanners are very powerful
• Use many different techniques
to identify vulnerabilities

Question 3

• Non-intrusive scans

Answer 3

Gather information, don’t try to

exploit a vulnerability

Question 4

• Intrusive scans

Answer 4

• You’ll try out the vulnerability to see if it works

Question 5

• Non-credentialed scans

Answer 5

• The scanner can’t login to the remote device

Question 6

• Credentialed scan

Answer 6

• You’re a normal user,

emulates an insider attack

Question 7

Identify vulnerability

Answer 7

The scanner looks for everything
• Well, not everything
• The signatures are the key

Question 8

Vulnerability scan results

Answer 8

Lack of security controls
• No firewall, no anti-virus, no anti-spyware
• Misconfigurations - Open shares, guest access
• Real vulnerabilities
• Especially newer ones, occasionally the old ones

Question 9

Dealing with false positives

Answer 9

A vulnerability is identified that

doesn’t really exist

Question 10

False negatives

Answer 10

A vulnerability exists, but you didn’t detect it

Question 11

• Update to the latest signatures

Answer 11

If you don’t know about it, you can’t see it
• Work with the vulnerability
detection manufacturer
• They may need to update their signatures
for your environment