Educause Security Discussion mailing list archives
Re: Vulnerability Scanning Problem
From: Randy Marchany <marchany () CANDI2 CIRT VT EDU>
Date: Fri, 15 Dec 2006 17:41:25 -0500
I've been lurking long enough so I thought I'd throw in my .02. Forgive the list format but it is Friday afternoon :-). 1. We have a minimum security requirements set for any computer connecting to our campus. This is defined as a University IT policy. This is the basis for our vulnerability scans. The requirements are simple: - host based access control - usually a host based firewall - automated patch updates - Antivirus software if appropriate to the OS Our vulnerability scans primarily check for the host based firewalls. 2. Define the vulnerability scan goals. The debate on whether to allow pings or not depends on the goal of the ping block. If the goal is to prevent network mapping, then the goal fails since there are numerous techniques such as inverse mapping that will allow you to map the network. If the goal is to verify an established firewall policy blocking pings, then the vulnerability scan can achieve the goal. If the goal is to verify only allowed ports are open on hosts, then the vulnerability scan can achieve the goal. Am I looking for www vulnerabilities? Am I looking for unused services/ports? You get the idea. 3. There are a variety of scanning strategies/tools in the freeware world. Tools such as nessus, nmap, Metasploit, hping2, cheops, nxscan (nice), Purdue's VSC package, paros, webscarab provide you with ways to scan your nets. There are certainly a number of good commercial scanners that accomplish the same thing. I suggest using the the freeware tools first in order to get the experience to evaluate a commercial tool properly. 4. If my scan isn't able to access the device (Host firewall block), then that's not a bad thing. If I can't see the system easily with my scanner, chances are a script kiddie scanner won't either. Is this bad? I don't think so. However, if the machine doesn't show on one scan and then shows up on a later scan, there is cause for worry. -Randy Marchany VA Tech IT Security Office
Current thread:
- Re: Vulnerability Scanning Problem, (continued)
- Re: Vulnerability Scanning Problem Wang Cheng (Dec 11)
- Re: Vulnerability Scanning Problem Wyman Miles (Dec 12)
- Re: Vulnerability Scanning Problem Graham Toal (Dec 12)
- Re: Vulnerability Scanning Problem Curt Wilson (Dec 12)
- Re: Vulnerability Scanning Problem Russell Fulton (Dec 12)
- Re: Vulnerability Scanning Problem Curt Wilson (Dec 13)
- Re: Vulnerability Scanning Problem Michael Hornung (Dec 13)
- Re: Vulnerability Scanning Problem Mike Wiseman (Dec 13)
- Re: Vulnerability Scanning Problem Russell Fulton (Dec 13)
- Re: Vulnerability Scanning Problem Curt Wilson (Dec 15)
- Re: Vulnerability Scanning Problem Randy Marchany (Dec 15)