Vulnerability nomenclature

Vulnerability scanning employs automated processes and applications to identify vulnerabilities in a network, system, operating system, or application that may be exploitable.

When performed correctly, a vulnerability scan delivers an inventory of devices (both authorized and rogue devices), known vulnerabilities that have been actively scanned for, and usually a confirmation of how compliant the devices are with various policies and regulations.

Unfortunately, vulnerability scans are loud; they deliver multiple packets that are easily detected by most network controls and make stealth almost impossible to achieve. They also suffer from the following additional limitations:

  • For the most part, vulnerability scanners are signature-based; they can only detect known vulnerabilities, and only if there is an existing recognition signature that the scanner can apply to the target. To a penetration tester, the most effective scanners are open source and they allow the tester to rapidly modify code to detect new vulnerabilities.
  • Scanners produce large volumes of output, frequently containing false-positive results that can lead a tester astray; in particular, networks with different operating systems can produce false-positives with a rate as high as 70 percent.
  • Scanners may have a negative impact on the network; they can create network latency or cause the failure of some devices, It is recommended to tweak the scan by removing denial of service type plugins during initial scans. 
  • In certain jurisdictions, scanning is considered hacking, and may constitute an illegal act.

There are multiple commercial and open source products that perform vulnerability scans.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
54.198.154.234