Network Security Scanning and Vulnerability Assessments
Vulnerability scan tools have become a security requirement for every organization to prevent serious data loss or security breeches. Vulnerability scan tools can strengthen an organization’s security posture by combing the company network to collect information about devices (e.g., computers, servers, routers, and hubs), operating systems and applications installed on the network.
The data collected by a vulnerability assessment scan tool often includes:
- Identifying IP addresses and open ports
- Analyzing network and system activities
- Analyzing system configurations and vulnerabilities
- Recognizing typical attack patterns
- Analyzing abnormal network activity patterns
- Assessing system and file integrity
- Analyzing abnormal user activity patterns
- Tracking user policy violations
After the scan tool collects the data, it compares its findings to a database of known weaknesses, signature patterns and anomalous behaviors. These and other techniques detect and prioritize the vulnerabilities of the scanned network.
Vulnerability analysis consists of several steps:
- Defining and classifying network or system resources
- Assigning relative levels of importance to the resources
- Identifying potential threats to each resource
- Developing a strategy to deal with the most serious potential problems first
- Defining and implementing ways to minimize the consequences if an attack occurs.
If security holes are found as a result of vulnerability analysis, a vulnerability disclosure may be required. The person or organization that discovers the vulnerability, or a responsible industry body such as the Computer Emergency Readiness Team (CERT), may make the disclosure. If the vulnerability is not classified as a high level threat, the vendor may be given a certain amount of time to fix the problem before the vulnerability is disclosed publicly.
The third stage of vulnerability analysis (identifying potential threats) is sometimes performed by a white hat using ethical hacking techniques. Using this method to assess vulnerabilities, security experts deliberately probe a network or system to discover its weaknesses. This process provides guidelines for the development of countermeasures to prevent a genuine attack.