What is a Vulnerability Scan?A vulnerability scan does as it states on the tin. It scans for vulnerabilities. Vulnerability scans can take place on any desktop, laptop, server, virtual machine, container, firewall, printer, and switch, so long as they are connected. The scans can identify operational details. Such as the operating system being used and any software installed. They can also identify other attributes such as user/host accounts and open/closed ports. This allows organisations to see the vulnerabilities in their networks, systems and software. Vulnerability scans provide insights into the severity of each vulnerability and recommendations on how to mitigate the vulnerability. There are many different types of scans to choose from including:
A wireless scan identifies rogue access points to validate that a company’s network is securely configured.
A network-based vulnerability scan identifies vulnerable systems on networks, unauthorised devices, unauthorised remote access servers, connections to insecure networks and possible security attacks. This type of scan can be conducted both wireless and wired.
A host-based vulnerability scan identifies vulnerabilities in servers, workstations and other network hosts. Whilst providing greater visibility into configuration settings and previous patch history of scanned systems. Host-based scans can also provide insight into the potential damage done by outsiders and insiders depending on the level of access granted or taken on a system.
A database scan identifies the vulnerabilities in a database to help prevent malicious attacks.
An application scan identifies previously known software vulnerabilities and mis-configures in network or web applications including websites etc.
Authenticated and Unauthenticated Scans.
An authenticated vulnerability scan allows the tester to log in to a system as a user and see the vulnerabilities as a trusted user.
An unauthenticated vulnerability scan does the opposite of an authenticated scan. An Unauthenticated scan puts the tester in the perspective of an intruder.
External and Internal Scans.
An external vulnerability scan is conducted from outside an organisation’s network, targeting IT infrastructure that is exposed to the internet including, web applications, ports etc.
An internal vulnerability scan is conducted from within an organisation. These scans allow the tester to scan systems that are mainly not covered in the external scan. An internal scan can detect issues such as: Threats posed by malware and identify “insider threats” posed by contractors and disgruntled employees.
What is a Pen-test?
A penetration test (or pen-test) can also be conducted to find known and unknown vulnerabilities in a system. Pen-tests are more hands-on and require very talented people to conduct them. A pen-tester will first try and find vulnerabilities within a system and safely try to exploit these vulnerabilities to see what data could be stolen. Pen-testers use everything from social engineering and phishing attacks to brute-force attack. This is to give a realistic example of how good an organisation’s security is. Examples of pen tests are web application tests, network security tests, internet of things security tests, cloud security tests and social engineering.
At Defence Logic, we use risk ratings to classify the risk of the vulnerabilities found inside an organisation. This is based on a CVSS score. (This stands for the common vulnerability scoring system.) This provides a numerical representation of the severity of the vulnerability found within the organisation. As you can see below, numbers range from 0-to 10. 0 – 0.9 represents a vulnerability that is extremely difficult to exploit and no action is needed to make it secure; and 9.0 – 10.0 represents a vulnerability that needs to be resolved as soon as possible due to it being easy to exploit. It should be noted that risks are classified according to technical severity, which does not evaluate any compensating controls that may be present.