The network is the lifeblood of a business. It is what keeps the information flowing and ensures workers can do their jobs. So making sure it is secure is a very important task, and one that should be scheduled regularly.
One of the key elements of that is testing the network for vulnerabilities, whether they are open ports, unpatched software or something else. A full network scan is also a good way to ensure a business can inventory everything connected to it, as even devices can and do provide security weak points.
Ensuring the prolonged security of the network is a multi-step process. First, companies should look into a vulnerability scanner. There are many options available, both free and paid-for. However, as is so often the case, the paid-for versions tend to have more features and offer better support.
The vulnerability scanner will identify open ports and IP addresses in use, as well as operating systems and software. It will then compare what it has discovered against its database of known vulnerabilities and report back. Generally, vulnerabilities will be presented on a risk scale, from low risk to high risk.
It is up to the business to then verify whether the vulnerabilities are in fact dangerous, rather than a false positive or a port that has been intentionally left open, for example.
It is crucial to assess the potential risk to the business from each vulnerability and the likelihood of that vulnerability being used as an attack vector. It is also important to look at how easy it would be to fix. Some will be as easy as patching software, but others may require a more in-depth and time-consuming fix.
Most modern vulnerability scanners will be updated as and when new threats emerge. The recent Heartbleed vulnerability, for example, would be picked up if a business was at risk from it.
The next step for some businesses is to look at penetration testing. This is when existing vulnerabilities are exploited to see how much of a threat they are to the network, looking at how much damage an attacker cloud do if they used a certain vulnerability to access an organisation’s systems.
A pen test differs from a vulnerability scan as specifically targets the exploits to learn how much of a risk they present, rather than just discovering any vulnerabilities and reporting back the findings. Pen tests are much closer to what a hacker would do to gain access to a company’s network, which is why people carrying out pen tests are often referred to as white hat hackers.
It is important to ensure the vulnerability testing targets both the network from within and any public-facing elements of the network. This will give a business an indication of the potential threats from inside its network and any weaknesses in the public-facing network that hackers could look to exploit.
Some modern network vulnerability scanners are offered as-a-service and delivered over the cloud. These scanners can offer always-on monitoring of the network, reducing the amount of manual involvement needed to run a scan. The scanners can also be updated in real time as new threats are discovered. This method is one potential way of reducing false positives, as the threat database should, in theory, be more up-to-date than an on-premise scanner.
Source: Computer Weekly