Vulnerability Assessment IV

Reading Time: 10  min

Scan Types: Central Scan or Individual Scan?

It is always the question which type of scan is more effective? Both scans have pros and cons. For example Central Scan is comparatively slow while as individual scan is fast. Central scan can be invoked and monitored form one location while as individual scan should be done on each system.

But major advantage of central scan is database update. If we miss out database update on any of the system then it may lead us to wrong results, but in the case of centralized scan we need to update only one database and invoke the scan.

Defense in Depth:

Defense in depth plays major role in information security. One layered security can be cracked but if we have multiple layer of security then it will become very difficult for any attacker to hack in your system. For example at Physical Security level we can have locks and secured area. We can have some authentication mechanism at hardware and software. Antivirus should be available at network and host level. Firewalls should be in place at hardware and software both layer to prevent system from attacks,

DMZ (De-militarized Zone) should be properly configured. IDS and IPS with proper logging mechanisms. Packet filters and routers and Switches with proper ACLS. Proprietary Hardware or Software should not be available to public access.

Network Scanners:

Nessus : Premier UNIX vulnerability assessment tool

Nessus was a popular free and open source vulnerability scanner until they closed the source code in 2005 and removed the free “registered feed” version in 2008. A limited “Home Feed” is still available, though it is only licensed for home network use. Some people avoid paying by violating the “Home Feed” license, or by avoiding feeds entirely and using just the plugins included with each release. But for most users, the cost has increased from free to $1200/year. Despite this, Nessus is still the best UNIX vulnerability scanner available and among the best to run on Windows. Nessus is constantly updated, with more than 20,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones

GFI LANguard : A commercial network security scanner for Windows

GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. It also tries to collect Windows machine’s service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches. A free trial version is available, though it only works for up to 30 days.

Retina : Commercial vulnerability assessment scanner by eEye

Like Nessus, Retina’s function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research.

Core Impact : An automated, comprehensive penetration testing product

Core Impact isn’t cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. If you can’t afford Impact, take a look at the cheaper Canvas or the excellent and free Metasploit Framework. Your best bet is to use all three.

ISS Internet Scanner : Application-level vulnerability assessment

Internet Scanner started off in ’92 as a tiny open source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products

X-scan : A general scanner for scanning network vulnerabilities

A multi-threaded, plug-in-supported vulnerability scanner. X-Scan includes many features, including full NASL support, detecting service types, remote OS type/version detection, weak user/password pairs, and more

Sara : Security Auditor’s Research Assistant

SARA is a vulnerability assessment tool derived from the infamous (at least in 1995) SATAN scanner. They ceased development after releasing version 7.9.1 in June 2009.

QualysGuard : A web-based vulnerability scanner

Delivered as a service over the Web, QualysGuard eliminates the burden of deploying, maintaining, and updating vulnerability management software or implementing ad-hoc security applications. Clients securely access QualysGuard through an easy-to-use Web interface. QualysGuard features 5,000+ unique vulnerability checks, an Inference-based scanning engine, and automated daily updates to the QualysGuard vulnerability KnowledgeBase.

SAINT : Security Administrator’s Integrated Network Tool

SAINT is another commercial vulnerability assessment tool (like Nessus, ISS Internet Scanner, or Retina). It runs on UNIX and used to be free and open source, but is now a commercial product.

MBSA : Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week.

(Tools list taken form http://sectools.org/vuln-scanners.html)

Stay Updated
Please enable JavaScript in your browser to complete this form.
LinkedIn
Share
Copy link
URL has been copied successfully!

Other stories you may enjoy...

The Internet: Then and Now

It has been a big week in tech. Not only did we have the Google I/O keynote yesterday (last week’s blog covered that in more detail), but also Kleiner Perkins Caufield &...

Secure Your WordPress | Tool Explained wpscan

WordPress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to...

Information Gathering — Web Application Analysis

Till now we have seen theory part of web application security. Now I will try to include various ethical hacking/ penetration testing aspects with visual / video. At initial level...