Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.7  Auditing

Previous Topic/Section
Configuration and Log Analysis
Previous Page
Pages in Current Topic/Section
1
Next Page
More on Scanning Tools
Next Topic/Section

System/Network Scanning

A second type of auditing is vulnerability scanning, which may be accomplished by running system scanner programs from inside the organization, or may be accomplished by a penetration test in which someone attempts to gain access to system/network resources from outside the organization.

Scanning

Scanning is the process of checking a system or network for exploitable (or potentially exploitable) vulnerabilities.


Some things that can be detected by scanners include:

  • Servers running on each host (which might be unnecessary, and thus should be turned off).

  • Vulnerability of services to known attacks (which imply that you should get an updated version of whatever software you’re using to provide that service, or possibly turn the service off until an update is available).

  • Type of OS and service software running on a host (see also: OS Fingerprinting in section 1.4).

  • System architecture (if you want to try a buffer overflow exploit that only works on x86-based Linux systems, you not only need to make sure that the host is running Linux and the appropriate version of the software you want to exploit… you also need to make sure it’s an x86 machine).

  • Rogue hosts set up by users without the IT department’s authorization, whose configuration may or may not be known.

  • Firewall rules in place (by examining TCP/IP replies, a scanner can sometimes differentiate between services that aren’t blocked by the firewall but aren’t running on a host, and services that are blocked by the firewall and may or may not be running on the host).

  • Open file shares.

  • Insecurely coded web pages.

If run against a single system, the scanning software may be run on the system itself (so that it has access to local files which might not be visible to external network connections), or it may run over the network. If run against a network, the software generally doesn’t even need to run on the same network being scanned. Why should you scan your network regularly? Simply, you should do this so that you know what the crackers know about your network, and have a chance to address it (hopefully) before THEY do.


Previous Topic/Section
Configuration and Log Analysis
Previous Page
Pages in Current Topic/Section
1
Next Page
More on Scanning Tools
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.