As you set up software and hardware for your business, thinking about stopping security threats might be limited to an in-house IT install of a firewall. While a firewall can protect your staff from accessing data, protecting against vulnerabilities from many angles needs to be a focus. Exploring the what, when, where and why of vulnerability scanning in this guide can help you determine your company’s needs.
What is Vulnerability Scanning?
The process of vulnerability scanning (also know as vulnerability assessment) is scanning one or multiple computer systems to identify any security weaknesses. Vulnerability scanning keeps software and hardware vulnerabilities from being an open access point for security breaches. A vulnerability scanning application connects to a company’s network and to each of the company’s computers to scan for any unpatched programs and other security risks.
A scanning program is loaded onto a computer or server, it will contain a list of known vulnerabilities and security risks to check for. The program is then configured to scan a single, list or an entire network of computers to scan against. If you have a large network it is recommended to break up the scanning into sections, this will make the reporting and scanning process easier to handle. The scanner may come with all kinds of options for scanning the computer such as: scan ports, scan for windows patches, weak passwords, running services, accounts with no passwords, out dated software and much more. Each scanning program will be a bit different but in general when have the same scanning options. Once the scan has completed it will provide a detailed report of its finding.
Beyond the scanning process, a good vulnerability scanning program should also come complete with further information on the vulnerability, the threat agents, the attack vector, any overall network or security weaknesses and further; ways to identify, audit, remediate, repair and plan for any similar or unrelated future attacks on the network. A vulnerability scanning program includes network scanning capabilities that can scan a wide range of OS including Windows, Linux, client machines, website scanners, networks databases and third party applications.
Adding a vulnerability scanner to network procedures allows IT staff to know its systems security weakness and provides details on what needs patched. While a service outage may still occur, continually scanning for vulnerabilities brings warnings and an increased ability to mitigate network outages before it destroys crucial network details or takes down all systems. Identifying and patching system vulnerabilities through the use of a network scanner can save company time, money and reduce long-term network vulnerabilities while increasing reliability and continuity of the company’s presence.
In the diagram above you can see the scanning software is loaded onto the server on the left. There is a network switch that has a PC, laptop and another network 172.20.2.0/24 that is connected. You can configure the scanning software to scan each device or network individually or have it scan them all at once. The scanner will make a connection over the network to each device and scan it for known vulnerabilities.
What is a Security Vulnerability – where do they come from?
A security vulnerability is a weakness in a computer system that could allow an attacker to gain access to your systems. A very common place for vulnerabilities to exist is in computer software. When programs are created, there are many lines of code that is written for the program to work. Even though there are professions writing this code, mistakes still happen which could lead to a vulnerability in the program. When the program is released for public use, it is open for people to use it in many ways. This can lead to someone discovering the program does something unexpected and can expose a security risk. Once these risks or vulnerabilities are found in software then they can be exploited for malicious intent.
Below is a list of some common types of software flaws that lead to security risks:
- Buffer overflows
- SQL injection
- Email injection
- Cross-site scripting
- Http header injection
- Privilege escalation
You can see a comprehensive list here
https://en.wikipedia.org/wiki/Vulnerability_(computing)#Software_vulnerabilities
Although software is a very common place for vulnerabilities it is not the only place risks can be found.
- Weak passwords: Using weak passwords can lead to a hacker easily guessing or using a tool to crack your password and gain access to your computer systems. Using weak or universal passwords can also add to network vulnerability because they are easily discoverable as access points.
- Complex networks: A large complex network can open up more physical connections, ports and services that provide entry for an attacker. The larger and more complex the network the more resources it takes to secure it. The network itself can have many security vulnerabilities due to unprotected communication avenues or insecure network architecture. Adding in many points of connectivity may seem like a convenient choice but can be an opening for security attacks because of more physical connections, access privileges, protocols and ports.
- Browsing the internet: Many websites are loading with spyware and malware which can be loading onto the computer without the user even knowing.
- Humans: Humans are considered to be the most vulnerable point in a computer system. Humans can make errors, be tricked by social engineering and have malicious intent such as leaking data, deleting files, etc.Personnel can increase or allow security vulnerabilities if they weren’t adequately recruited, trained in security awareness or allow for organizational issues like a lack of regular audits. However, in addition to physical network vulnerabilities and outside network attacks; the most common point of vulnerability can be human error setting or designing the network in addition to outside human attacks on the network.Employees browsing the Internet open up the network to harmful spy or adware installed on computer systems potentially infecting the entire network. Programmers creating software can leave exploitable bugs in software programs introducing an attack entry point into company software through the bug’s vulnerability location. User input or commands that goes unchecked by the company can result in command execution vulnerabilities. Finally, companies that have had a previous security breach or attack need to learn from the errors or vulnerabilities to increase security and reduce future similar vulnerabilities prone to attacks.
Security vulnerabilities have always existed and have been exploited. When the internet was at its early stages, they were not often used and exploited.
A security vulnerability occurs during a “window of vulnerability”. In that window of time, a security hole occurs or is introduced into the network. That security gap can then be accessed and exploited by network attackers. Networks might have one or more vulnerabilities that can be exploited during a threat action compromising everything from confidential files to the availability of company and external client resources.
The actual attack can be an active threat attempting to alter network systems or their operations while a passive attack tries to intake or make use of network system information without affecting system speed or available resources. Active and passive attacks can both strike at the very core of businesses compromising confidentiality and overall company security.
Vulnerability Scanning – Is it really needed?
You may be saying to yourself.
It wont happen to me, I have a firewall I’m safe.
or
I already do window patches with WSUS or some other patching tool.
Installing windows patches is a great first step but if your not scanning for all vulnerabilities then your increasing the security risk of your systems. Third party software is often loaded with vulnerabilities, Adobe, Java, flash and itunes are some of the most vulnerable software that is out there, it is very common to have some if not all of these on every computer. Even if you are patching these third party applications you should have a way to scan for old versions, when upgrading them the old versions are not always removed.
Besides the windows patches and third party patches there are many other security risks that you should be scanning for, as previously mentioned in this article.
OK…but I have a firewall and an intrusion detection system it will block most threats.
Firewalls and IDS systems are very common and they will block some threats but certainly not all. Firewalls will help you restrict access to certain ports and control which networks or computers can access the internet. You will most likely have some device exposed to the internet allowing access to port 80 and 443. Just having these two ports open and allowing internet access will allow malicious traffic into your network. At this point your security posture is very much dependent on how well the applications are patched.
The post Guide to Vulnerability Scanning appeared first on Network Security Tools.
