Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Network Scanning Cookbook

You're reading from   Network Scanning Cookbook Practical network security using Nmap and Nessus 7

Arrow left icon
Product type Paperback
Published in Sep 2018
Publisher Packt
ISBN-13 9781789346480
Length 304 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Sairam Jetty Sairam Jetty
Author Profile Icon Sairam Jetty
Sairam Jetty
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Introduction to Network Vulnerability Scanning FREE CHAPTER 2. Understanding Network Scanning Tools 3. Port Scanning 4. Vulnerability Scanning 5. Configuration Audits 6. Report Analysis and Confirmation 7. Understanding the Customization and Optimization of Nessus and Nmap 8. Network Scanning for IoT, SCADA/ICS 9. Other Books You May Enjoy

Uses

As mentioned in the earlier sections of the chapter, the major advantage of performing a Network Vulnerability Scan is to understand the security posture of the network. The result of a Network Vulnerability Scan provides a bundle of information useful to both administrators and penetration testers, such as the following:

  • Unwanted ports are open and services running
  • Default user account and password information
  • Missing patches, updates, and upgrades
  • Vulnerable version of software installed
  • Vulnerable protocols in use
  • Vulnerable algorithms in use
  • Exploit information for all the preceding vulnerabilities

The Network Vulnerability Scan allows the identification of unnecessary ports that are open and the services running on these ports. For example, an application/web server in a demilitarized zone does not require TCP port 22 to be open and exposed to the internet. These unwanted ports make the host/device susceptible to attacks. Most of the scanners, when identifying a login interface to any of the hosted services, try to log in using a preexisting database of usernames and passwords, and provide a report of all the default usernames and passwords, the use of which can compromise the service.

A credentialed patch scan can reveal details about missing patches and updates for a variety of supported platforms. This information is critical as most of these missing patches have exploits available over the internet, which can be made use of to reproduce similar attacks on the network. This might also reveal various missing patches in the third-party tools installed on the machines of the network. This information helps an attacker to target these tools to exploit and obtain access to the nodes or, sometimes, even the entire network.

A Network Vulnerability Scan also highlights various vulnerable protocols used within the network or on the nodes. For example, if a server is running an SMB share supporting the SMBv1 protocol, it will be highlighted as vulnerability with an above moderate risk rating as SMBv1 is vulnerable to various known malware attacks. Also, a scan highlights the vulnerable ciphers and authentication methods used by the services running which are susceptible to known Man-in-the-Middle attacks. For example, if a web server is using basic authentication over HTTP protocol, it is vulnerable to expose user credentials when a Man-in-the-Middle attack is performed on the network.

Most of the vulnerability scanners, both open source and paid software, provide attack-related exploit information as a part of the description of the vulnerability. This will make the life of the attacker and the penetration tester easy by providing direct links either to the method of exploitation or the exploit code itself.

The following screenshot provides links to documents providing information about the vulnerability reported by the scanner:

Along with the previous technical use cases, a network vulnerability also has various uses from an organization's perspective, such as the following:

  • Giving importance and bringing focus to information security
  • Helping to find potential risks proactively
  • Resulting in network update
  • Advancing development in the administrative knowledge
  • Preventing financial loss in critical infrastructures
  • Prioritizing the vulnerabilities that require escalated patching versus delayed patching
You have been reading a chapter from
Network Scanning Cookbook
Published in: Sep 2018
Publisher: Packt
ISBN-13: 9781789346480
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image