Vulnerability Testing: How Vulnerability Scanning Works
Vulnerability scanning programs are designed for the purpose of identifying network holes and weaknesses. The scanners include features that assist with repairing the vulnerability before hackers have the chance to exploit them.
There hundreds of vulnerability scanners on the market from free versions to commercial versions. They scan your network from the outside like a hacker would do when trying to identify network vulnerabilities. The only difference is vulnerability scanners will not only identify the vulnerability but often offer advice on how to repair the vulnerability.
How Vulnerability Scanning Works
Vulnerability scanners work in the same manner as antivirus programs do by using databases that store descriptions of different types of vulnerabilities. One problem with this method is that the scanner will only scan for the vulnerabilities that are known by the database. Although the database is constantly updated, there is still a small chance of a vulnerability being overlooked.
With that said, vulnerability scanning begins with scanning the network and identifying pertinent information such as the type of operating system and applications that are installed. It collects all of this information from the network and organizes it into a report for prioritizing the information.
It uses this information as criteria for scanning all of the network system ports, identifying any password breaches, detecting any suspicious applications or services, and determines if there are any missing service packs or security fixes. A vulnerability scanner also identifies malware, monitors remote access, and identifies any coding flaws which may have occurred.
Why Use a Vulnerability Scanner
The use of a vulnerability scanner often gets confused with other network security tools such as a firewall or intrusion detection system. It is important to note that these other security tools are still necessary when employing a vulnerability scanner.
Functions that a vulnerability scanner performs are different from those that a firewall or intrusion detection system will perform. For example, when compared to an intrusion detection system, the vulnerability scanner identifies possibilities for attacks where an intrusion detection system identifies the actual attack after it has occurred. When compared to a firewall, a vulnerability scanner will simply identify the holes in the network where a firewall will prevent exploitation.
Vulnerability scanning only contributes one component to a good network security plan. It is important to use the other components discussed to reinforce network security. Many organizations that do not employ a vulnerability scanner, fail to identify the weak parts of the network before they are exploited.
Meanwhile hackers are diligently working to scan the network for vulnerabilities and inevitability end up exploiting the hole before the organization realizes it was there. This is why it is essential for IT administrators to employ an effective security strategy which includes all of security components described here.