Network Security Audit & Vulnerability Assessment Services
About Vulnerability Scanning
Vulnerability Scanning analyzes the security of your network using the largest and most up-to-date Knowledge Base of vulnerability checks in the industry. When you launch or schedule vulnerability scans, the service safely and accurately detects vulnerabilities using its Inference-Based Scanning Engine, an adaptive process that intelligently runs only tests applicable to each host scanned.
The service first gathers information about each host, such as its operating system and version, ports and services, and then selects the appropriate test modules. The impact of scans on your network load is minimal because the service samples your available bandwidth and then uses a fixed amount of resources that you specify.
The Knowledge base of vulnerabilities is constantly updated as vulnerabilities are added and updated. For this reason, it is best practice to schedule network security audits regularly to minimize potential risk and ensure constant security. We recommend scheduling routine external, Internet based scans at least quarterly. Internal scans are typically performed semi-annually unless you have a requirement to perform them more frequently (such as quarterly for PCI compliance).
How Does Vulnerability Scanning Work?
There are several events that take place during the vulnerability scanning process. The standard behavior for each of these events is described below.
| Scanning Event | Description |
|---|---|
| Host Discovery | The service checks availability of target hosts. For each host, the service checks whether the host is connected to the Internet, whether it has been shut down and whether it forbids all Internet connections. The service pings each target host using ICMP, TCP, and UDP probes. The TCP and UDP probes are sent to default ports for common services on each host, such as DNS, TELNET, SMTP, HTTP and SNMP. If these probes trigger at least one response from the host, the host is considered "alive." The types of probes sent and the list of ports scanned during host discovery are configurable through your additional options. If the host is not "alive" then the scan process will not proceed. You may choose to scan dead hosts through your scan options, but that option may increase scan time and is not suggested for Class C or larger networks. After host discovery, these events occur dynamically: port scanning, operating system detection, service discovery and authentication to hosts when the authentication feature is enabled. |
| Port Scanning | The service finds all open TCP and UDP ports on target hosts. The list of TCP and UDP ports scanned is configurable through your scan options. |
| OS Detection | The service attempts to identify the operating system installed on target hosts. This is accomplished through TCP/IP stack fingerprinting, OS fingerprinting on redirected ports, and is enhanced by additional information gathered during the scan process, such as NetBIOS information gathering. |
| Service Discovery | When a TCP or UDP port is reported as open, the scanning service uses several discovery methods to identify which service is running on the port, and confirms the type of service running to obtain the most accurate data. |
| Authentication | Authentication to hosts is optional for a vulnerability scan. For a vulnerability scan with authentication enabled, the service authenticates to target hosts based on the selected authentication types in the option profile and the authentication records in the user account. The service uses the credentials for target hosts as defined in authentication records. If authentication to a host is not successful, the service performs vulnerability assessment without authentication. |
| Vulnerability Assessment | Using the information gathered about each target host in the previous scanning steps, the service begins vulnerability assessment. The service scans for all vulnerabilities in the Knowledge Base or a selected list of vulnerabilities, based on the user's scan settings. The service runs vulnerability tests that are applicable to each target host based on the information gathered for the host. |
The Case for Authenticated Scans
Authenticated Vulnerability Assessments
An authenticated vulnerability assessment is a type of security testing that involves using valid credentials and access to the system to identify vulnerabilities that may exist within the system. In this type of assessment, the tester performs a thorough evaluation of the system's security posture, including analyzing system configurations, application settings, and user permissions to identify vulnerabilities that may not be detectable from the outside.
During an authenticated vulnerability assessment, the tester uses a variety of techniques and tools to probe the system for vulnerabilities. This may include performing manual testing, automated scanning, and analyzing system logs and network traffic. The tester will attempt to simulate a real-world attack scenario by assuming the role of an authorized user and attempting to escalate privileges or access sensitive information.
The goal of an authenticated vulnerability assessment is to identify vulnerabilities that could be exploited by an attacker who has already gained access to the system. By identifying these vulnerabilities, you can better prioritize remediation efforts and improve your overall security posture.
It's important to note that authenticated vulnerability assessments should only be performed by authorized personnel who have the necessary permissions and access to conduct this type of testing. It is also recommended to have proper documentation and consent in place before conducting an authenticated vulnerability assessment.
The Benefits of Using Authentication
Performing an authenticated vulnerability assessment is important because it provides a more comprehensive and accurate evaluation of your system's security posture.
In an unauthenticated assessment, the tester attempts to identify vulnerabilities without providing any valid credentials or access to the system. This approach is limited in scope and can only identify vulnerabilities that can be detected externally. It does not provide a full picture of the vulnerabilities that may exist within the system.
In contrast, an authenticated assessment involves providing the tester with valid credentials and access to the system, allowing them to perform a more thorough evaluation of the system's security posture. This approach allows the tester to identify vulnerabilities that can only be detected from within the system, such as misconfigured user permissions or weak password policies.
Moreover, an authenticated assessment helps to simulate real-world scenarios in which an attacker has already gained access to the system. By identifying vulnerabilities that could be exploited by an attacker with valid credentials, you can better prioritize remediation efforts and improve your overall security posture.
In summary, performing an authenticated vulnerability assessment provides a more accurate and comprehensive evaluation of your system's security posture, helps simulate real-world attack scenarios, and enables better prioritization of remediation efforts.
Security Assessment Services Comparison
We also offer penetration testing services, which are often confused with vulnerability assessments.
| Process | Description | ||
|---|---|---|---|
| Passive Information Gathering | DNS, publicly accessible services, Internet access points, IP address ranges. | ||
| Active Information Gathering | Identify other IP addresses beyond those reported. Search for other telephone, web, and email resources not reported. Social Engineering | ||
| Network Topology Analysis | Network topology analysis: Integrating multiple sources into a high level architectural understanding. | ||
| Services & System Identification | Port scanning techniques based on network topology to identify hosts, operation systems, and services. | ||
| Firewall & Router Testing | Evaluation of firewall’s capacity to protect network perimeter and inference of configuration, ACL’s, etc. | ||
| Intrusion Detection System Testing | IDS/IPS system(s) tested by inference and by use of information provided. Various alerts triggered in order to assess effectiveness and accuracy of the system. | ||
| Vulnerability Testing | Search engines and vulnerability databases are queried to locate vulnerabilities that affect services running on identified services. | ||
| Vulnerability Validation | Review “clean” and flagged services for false positive and false negative findings. Assign risk level to each. | ||
| Manual Service Analysis | In-depth manual analysis of critical hosts and services revealing additional configuration vulnerabilities. Trusted IP address, sub-system analysis, location of vulnerability vectors thru app and protocol fuzzers. | ||
| Password Testing and Analysis | Dictionary/brute force attacks, control analysis, lockout policy, default passwords, authentication protocols. | ||
| Log-in Page Testing | Session/account management, login page input validation, cross-site scripting, buffer overflows, database command injection, error handling, access control, data cryptography, and remote administration. |