Vulnerability Management and Scanning Tools
➡ There are the more or the less vulnerabilities in system in production network and software service being used by hosts in user network. Especially, servers running on production network, if we haven’t known the weakness of production servers and software running on these servers earlier than the attacker, he will exploit this vulnerability and hack our system.
In today’s article, I would like to discuss about Vulnerability Management and Scanning which should be used when we want to know the vulnerability of system or software running on the whole network.
➡ What is Vulnerability Management?
Vulnerability management is the process of identifying, evaluating, treating and reporting on security vulnerabilities in systems and the software running on them.
Vulnerability Management Procedures. There are 4 steps in Vulnerability Management Cycle.
1️⃣ Identifying Vulnerabilities
Vulnerability scanner is the heart of Vulnerability Management Cycle. There are 4 steps in vulnerability scanning.
✔ Scan network-accessible systems by pinging them or sending them TCP/UDP packets
✔ Identify open ports and services running on scanned systems
✔ If possible, remotely log in to systems to gather detailed system information
✔ Correlate system information with known vulnerabilities
➡ Two Different types of Scanning
In Vulnerability Scanning, there are two types of scanning called External Scanning and Internal Scanning which are also known as Authenticated Scanning and Unauthenticated Scanning respectively.
➡ External Scanning (Unauthenticated Scanning)
External scanning does not require any credentials. Scanning time period is short. So, the details of system information cannot be provided in external scanning process. External scanning should be used when we want to scan a lot of hosts on the whole network in a short time.
➡ Internal Scanning (Authenticated Scanning)
As internal scanning process is an authenticated scanning, it requires host credentials.This scanning can provide the details of system information as scanning results. Vulnerability scanners are able to identify a variety of systems running on a network such as servers, desktops, laptops, virtual machines, containers, firewalls, switches, printers. Identified systems are probed for different attributes: open ports, operating systems, installed software, user accounts, file system structure, system configurations and more. And then, the scanner associates this system information with vulnerability database. Vulnerability scanners aren’t the only way to gather system vulnerability data anymore, though. Endpoint agents allow vulnerability management solutions to continuously gather vulnerability data from systems without performing network scanning. When the scanned host does not exist in organization network, for example it is in home or somewhere, organization can maintain up-to-date vulnerability information via endpoint agents. Vulnerability scanning can disrupt the network performance. Therefore, vulnerability scanner should not be used in office’s peak hours.
2️⃣ Evaluating Vulnerabilities
After vulnerabilities are identified, they need to be evaluated with risk priority. Organizations have to continue their risk management strategy based on the level of risk impact. Vulnerability scanners evaluate risk priority based on CVSS scores (Common Vulnerability Scoring System).
Moreover, vulnerability depends on some
other factors beyond these out-of-the-box risk ratings and scores.
🔹 Is this vulnerability true or false positive?
🔹 Could someone directly exploit this vulnerability from the Internet?
🔹 Is there published exploited code for this vulnerability?
🔹 What would be the impact to business if this vulnerability were exploited?
🔹 Are there any other security controls in place that reduce the likelihood or impact of this vulnerability being exploited?
🔹 How old/long has this vulnerability been on the network?
3️⃣ Treating Vulnerabilities
After risk impacts are evaluated, this vulnerability will have to be fixed one way of the followings-
Remediation – fully fixing or using patch a vulnerability cannot be exploited.
Mitigation – lessening the likelihood or impact of vulnerability being exploited.
Acceptance – Taking no action to fix or otherwise lessen the likelihood/ impact of vulnerability being exploited. This is typically justified when a vulnerability is deemed a low risk or the cost to fix is substantially greater than the cost incurred by an organization.
4️⃣ Reporting Vulnerabilities
Vulnerability Management Solutions provide scanned information results with visualized dashboard to easily take action for reporting.
➡ Vulnerability Management and Scanning Tools
Nessus, Nexpose, Qualys and OpenVas are popular for Vulnerability Management and Scanning Tools. Among them, others are commercial tools except OpenVas. Each commercial vulnerability scanner has trial period. We can take the online courses of vulnerability management and how to effectively use their scanners in Nessus and Qualys websites.
We can protect our own network from the damage of attacker’s exploited code if we know earlier our network vulnerability and fix it than the attacker. So, vulnerability management and scanning has become to take as necessary requirement in organization’s security field.
Don’t forget to share this post!