Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.7  Auditing

Previous Topic/Section
System/Network Scanning
Previous Page
Pages in Current Topic/Section
Next Page
1.8  Summary
Next Topic/Section

More on Scanning Tools

You can learn more about scanners in the paper, “Network Scanning Techniques” by Ofir Arkin120.

Nmap121 (for *nix and Windows), Nessus122 (for Unix) and Sara123 (also for Unix) are popular free network scanners. Many other commercial solutions exist, such as eEye Digital Security’s Retina124 (for Windows), Internet Security System’s RealSecure Protection System125 (management platform for Windows and sensors for Windows and UNIX) and WWDSI’s SAINT126 (an updated version of the freely available SATAN scanner for UNIX). Many have said that for CEO-impressing reports, eEye’s award-winning Retina scanner is tops.127

Historically, scanners have searched for vulnerabilities at the network layer and defective server software. A new frontier for scanners is that of web applications. Web application scanners (sometimes called CGI scanners, if used to scan for CGI script vulnerabilities) work at the application layer, and look for exploitable web pages (such as CGI scripts or JSP or ASP pages). This area of scanning is still relatively new, but tools written to specifically address it include Web Scarab128 (a new open-source tool written in java, with preliminary alpha test release expected in September, 2002) and SPI Dynamics’ WebInspect129.

In addition to running system scanners, another way you can check for vulnerabilities in your current system and network configuration is via penetration tests.

[spacer]Running a Pen(etration) Test

There are a variety of “pen test” scenarios, including:

1. Attempting to access the organization’s machines from outside the network, with no background knowledge about the network.

2. Attempting to access the organization’s machines from outside, with some amount of background knowledge, possibly including the locations of email, DNS and other servers, dial-in telephone numbers, etc.

3. Attempting to access the organization’s machines from inside the network, with detailed background knowledge about the network and installed software, and perhaps normal user-level access to services customarily available to all employees

Definition of a Pen Test

A penetration test is an exercise in which one or more people attempt to gain access to system/network resources. It may be conducted from inside or outside the organization’s network, and by using or not using certain internally known information, depending on what security is being evaluated by the test.

Network scanners and penetration exercises (not tests – the real thing) are two tools in the cracker’s arsenal. Employing these tools on your own network – before the crackers do – allow you to find and address weaknesses in your network’s security before they are exploited.


Check your network’s logging configuration. Are all of the important events like user logons and logoffs, incorrect logon attempts, user account and security settings administration, system startup and shutdown, etc. being logged? If not, enable logging for those types of information..


120. Arkin, Ofir, “Network Scanning Techniques”, 1999,







127. Peikari, Cyrus and Seth Fogie, Windows .NET Server Security Handbook, Prentice-Hall, April, 2002,



Previous Topic/Section
System/Network Scanning
Previous Page
Pages in Current Topic/Section
Next Page
1.8  Summary
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.