Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Conducting Vulnerability Assessments



First, write a proposal for upper management. There are serious consequences of, say, crashing old Novell servers on the network with a port scan. Make sure management is knows the risks. Specify the scope: Will you run a one-time scan or a periodic one? Could it dangerous? Will it be run during business hours?

Unfortunately, many vulnerabilities can be tested only by exploiting them. You may not know your ftp server is vulnerable to a buffer overflow unless you try it. Many checks can make educated decisions about vulnerabilities based on banner strings, but there's often no substitute for an actual attack. So clarify up front which exploits you'll be trying on which targets--with input from management and system administrators.

Explain the pros and cons of conducting the scan. It's important to present the risks and benefits so management can make an informed decision. And there's little point in identifying problems if management isn't interested in allocating resources to address them. Getting buy-in from corporate helps ensure that when you blow the whistle, system admins will have the motivation and support to patch the vulnerabilities.

Once you know which networks will be scanned and how intrusive the VA will be, it's time to select your tools. Hundreds are available, both free and commercial. Some are versatile, conducting thousands of scans; others perform a specific function, such as identifying operating systems or trying a single exploit like NetBIOS RPC. Some of the best security tools are open source--the only costs are time and a willingness to learn. As the saying goes, open-source software is free as in beer and free as in speech.

  • 1