(6) Conducting Vulnerability Scans Flashcards
What questions do orgs ask when they get ready to do a vulnerability scan?
What systems and networks should be scanned?
What tech measures will be used to test if systems are presents on the network?
What tests will be performed against systems that are found by the scan?
What do admins have to do as they determine what scans to perform/how to perform them?
They need to talk to other technical staff on their team to get a consensus of what needs to be done and once they have a consensus, move on to the next step of the scan process
What do vulnerability management solutions allow admins to do?
Vulnerability management solutions allow admins to configure many different parameters related to scans.
Scheduling automated scans and producing reports, admins can customize the types of checks that are performed by the scanner, provide credentials to access
servers, conduct scans from different perspectives, and install scanning agents on target servers as well.
What tools are available for admins to consider when it comes to scan sensitivity?
The tools that admins have available involve templates using security scanning tools.
Admins need to remember to properly set the scan sensitivity in order to avoid having a negative affect on legitimate corporate systems during productive business time
What can admins do and what must they consider when it comes to scanning for specific vulnerabilities?
Admins will need to configure specific plug ins that will run to check for specific vulnerabilities.
Admins can turn off or overall configure specific plug ins to help avoid false positives
How are plug ins configured within vulnerability scanning systems?
Vulnerabilities are grouped based off operating system family. They can be enabled or disabled
Compared to an uncredentialed scan, where firewalls and other devices can block the scan, what are the benefits of a credentialed scan?
With a credentialed scan, a vulnerability scanner provides valid credentials that allow the scanner to connect to servers and other devices freely to fully scan systems, OSs, and other important data points.
What is an agent based scanning approach to vulnerability scans?
An agent based scanning approach is where admins install small software agents on the servers to be scanned.
The agents scan the server, and the configuration, providing a complete scan that reports information back to the management platform for analysis and reports
In terms of scan perspectives, what is an external scan?
An external scan is conducted from the Internet, providing administrators the chance to view what an attacker outside the organizations would see.
In terms of scan perspectives, what is an internal scan?
An internal scan might run from a scanner on the network directly, giving the view of what a malicious insider might see.
When it comes to scan perspectives, what controls might affect the scan results include?
Firewall settings
Network segmentation
Intrusion detection systems (IDs)
Intrusion prevention systems (IPs)
Discuss the different viewpoints provided by vulnerability management platforms
Vulnerability management platforms can provide a varied viewpoint of scan results, producing data from different sources.
This lets sysadmins see scans from various points on the network
What maintenance is needed with vulnerability management systems?
Vulnerability management systems need to be kept up to date as well as the vulnerability feed.
Scanner software also needs to be regularly updated with security patches
