Chapter 5. Vulnerability Scanners
Now that you have secured your perimeter with a firewall and port-scanned your interior and exterior networks, what can you do next to make your network more secure? Firewalls prevent people from easily accessing your internal LAN from the outside. Port scanning shows you what services are running and lets you eliminate those that you don't need. However, what about the services you have to keep? You have to run Web and mail servers to communicate to the outside world. You may have to run other applications as well, such as FTP, SSH, Telnet, and custom database applications. How do you know if these services are secure? To understand your risks, you have to understand the threats and how they can be used to gain illicit access to your company's information and resources.
Concepts you will learn:
Typical application-level vulnerabilities Vulnerability scanning setup and configuration How to do safe and ethical vulnerability scanning Sample scan configurations What vulnerability scanning doesn't do
Tools you will use:
Nessus and NessusWX |
What exposes your systems to vulnerability most of the time? Applications. Looking at the OSI Reference Model, you'll see that the application layer is at the top of the network communication stack, which makes it is the most complex and variable layer. You can use a vulnerability scanner to run tests against various applications on your system to see if there are holes that can be exploited. The vulnerability scanner can also use lower-level tools such as a port scanner to identify and analyze potential applications and protocols running on the system.
OSI Layer Number | Layer Name | Sample Protocols |
---|
Layer 7 | Application | DNS, FTP, HTTP, SMTP, SNMP, Telnet | Layer 6 | Presentation | XDR | Layer 5 | Session | Named Pipes, RPC | Layer 4 | Transport | NetBIOS, TCP, UDP | Layer 3 | Network | ARP, IP, IPX, OSPF | Layer 2 | Data Link | Arcnet, Ethernet, Token Ring | Layer 1 | Physical | Coaxial, Fiber Optic, UTP |
|