SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
-
Upload
mervin-hamilton -
Category
Documents
-
view
214 -
download
0
Transcript of SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Conducting Vulnerability Assessments Without Disrupting Your Network
Notice: The views and opinions expressed in this
presentation are those of the presenters and do not necessarily represent any organization or company they will be associated with in the future.
May the force be with you!
WHY VULNERABILITY MANAGEMENT?
Ensure protection of critical data Meet compliance regulations Reduce risk or minimize impact by
addressing vulnerabilities in a timely manner
Prepare to meet future security
What is a Vulnerability Scanner
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.
Vulnerability Scanners - Benefits
• Very good at checking for hundreds (or thousands) of potential problems quickly– Automated– Regularly
• Can help identify rogue machines• Helpful in inventory devices on the network
What Vulnerability Scanner Do Well
Provide a generic risk level Explain why the item is a risk Provide detailed information on how to
remediate
The differences of how your scanner does the above items are some of the key differences between the scanners.
How Vulnerability Scanners Work Similar to virus scanning software:– Contain a database of vulnerability
signatures that the tool searches for on a target system
– Cannot find vulnerabilities not in the database• New vulnerabilities are discovered often• Vulnerability database must be updated
regularly
Challenges
Security resources are often decentralized
The security organization often doesn’t own the network or system
Always playing catch-up to changing threats
Determining if the fix was actually made
Ignoring it – accepting it
Decisions for your First Scan
Full Scan Verses Known Segment Time and bandwidth verses Unknown
devices
Is Your Network Ready for This? Poor Network Configuration can lead to
Security getting blamed for bandwidth issues (what to look for – how to resolve)
Dream Vs. Reality
Dream of vulnerability scanner Plug in Get data Network/Endpoint Teams Act on
Information Network Secured You Emerge as Security Hero!
Dream Vs. Reality
Proper planning : Policies and Procedures for the Scanning
Process Track Inventory and Categorize Assets Identify and Understand your business
processes To the network team it looks like an
attack
So You Scanned – Now What
Can’t expect folks to act on 1,000 page reports.
Need to provide some prioritization What are the biggest risks in your
environment What is the level of risk that is
acceptable in your environment What is the threat level that exists in
your industry.
What Vulnerability Scanners Can’t Do
Scan items not connect to the network Tell you how bad a vulnerability is in your
environment. (ratings are universal) Tell you exactly where a device is