Vulnerability Scanning - CompTIA Security+ SY0-401: 3.8

Professor Messer

13 Sept 201408:18

Summary

TLDRThis script discusses vulnerability scanning, a crucial cybersecurity practice that involves non-intrusive, passive tests to identify potential weaknesses in a network. It explains the process, including port scanning and the use of tools like Nessus Home for home networks. The script highlights the importance of updating scanner signatures to ensure accuracy and the need for manual verification of scan results to address false positives and negatives.

Takeaways

🔍 **Vulnerability Scanning is Passive**: It involves observing from outside without actively exploiting vulnerabilities.
🔌 **Port Scanning Example**: A simple method of checking device accessibility without logging in or using applications.
🌐 **Network Understanding**: Scanning helps identify devices on a network and assess security measures between different points.
👁️ **External and Internal Perspectives**: Running scans from both outside and inside a network provides different insights into security.
💾 **Data Collection**: Vulnerability scans gather extensive information, which should be stored for detailed analysis.
🛠️ **Powerful Scanning Tools**: Modern scanners use various techniques to assess what's happening on a system.
🔒 **Non-intrusive vs. Intrusive Scanning**: While non-intrusive scans gather info, intrusive scans may use credentials to log in and check system vulnerabilities.
🏠 **Nessus Home Usage**: The script demonstrates using Nessus Home for home network scans, highlighting its ease of use.
📊 **Scan Results Analysis**: After a scan, analyzing results can reveal potential security issues like untrusted SSL certificates.
🆚 **False Positives and Negatives**: Understanding the difference between false positives and negatives is crucial for accurate scanning and security assessment.

Q & A

What is vulnerability scanning and how does it differ from intrusive testing?
-Vulnerability scanning is a passive test that involves assessing a system for security weaknesses without actively exploiting them. It differs from intrusive testing in that it does not involve logging into the device or attempting to exploit vulnerabilities, but rather gathers information about the system's security posture.
What is an example of a non-intrusive vulnerability scan technique?
-An example of a non-intrusive vulnerability scan technique is a port scan, where the scanner sends messages to a device to see if it can receive a response, without logging into the device or using any particular application.
Why is it important to perform vulnerability scans from both inside and outside a network?
-Performing vulnerability scans from both inside and outside a network helps to understand the security posture from different perspectives. External scans can reveal what ports and services are exposed to the public internet, while internal scans can show the security posture and openness of devices to internal users.
What kind of information can vulnerability scans gather about a network?
-Vulnerability scans can gather information about accessible ports, services, devices on the network, security devices, and any associated vulnerabilities. They can also provide insights into the configuration of devices, such as SSL certificates.
How does the Nessus Home tool mentioned in the script assist in vulnerability scanning?
-Nessus Home is a free tool used for vulnerability scanning. It can perform scans on specified IP address ranges and identify various vulnerabilities, including informational, low, medium, and high severity issues, providing a detailed report on the security status of the network.
What is the significance of storing logs during a vulnerability scan?
-Storing logs during a vulnerability scan is significant because it allows for detailed analysis after the scan is complete. This can help in understanding exactly what was observed during the scan and aids in further investigation and remediation of identified vulnerabilities.
What are the differences between non-intrusive and intrusive scans as mentioned in the script?
-Non-intrusive scans are passive and gather information without attempting to log in or exploit vulnerabilities. Intrusive scans, on the other hand, may involve using credentials to log into an operating system or actively trying to exploit known vulnerabilities to assess susceptibility.
Why is it crucial to update the signature database of a vulnerability scanner?
-Updating the signature database of a vulnerability scanner is crucial because it ensures the scanner is aware of the latest known vulnerabilities and can accurately identify potential security issues in the scanned systems.
How can one verify the accuracy of a vulnerability scanner's findings?
-One can verify the accuracy of a vulnerability scanner's findings by cross-referencing the results with databases like the National Institute of Standards and Technology's NVD or Microsoft Security bulletins, and by conducting manual checks to confirm the presence of identified vulnerabilities.
What is a false positive in the context of vulnerability scanning?
-A false positive in vulnerability scanning is when the scanner identifies a vulnerability that does not actually exist on the device. It can lead to unnecessary investigation and remediation efforts.
What is a false negative and why is it a concern in vulnerability scanning?
-A false negative occurs when a vulnerability scanner fails to identify an actual vulnerability present on a device. It is a concern because it can lead to a false sense of security, potentially leaving the system exposed to threats that were not detected during the scan.