Vulnerability scanning got its start as a tool for the Hackers (Bad guys); now it's helping companies to do penetrate test thier systems.
For something that can be such an effective weapon against "Hackers", it’s ironic that vulnerability scanning got its start as a tool for the Them (Hackers). Before they can get into networks, hackers need to know where the most vulnerable spots are in an enterprise’s security. That means using scanning tools to trawl for such things as open network ports or poorly secured applications and operating systems.
In the past few years these intentions have been turned around, to where scanning tools now give the guys in the white hats (ethical* hackers) a good idea of where the vulnerabilities are and a chance to repair them before the crackers get there. At least they provide the potential for that. The fact is, many companies don’t seem to be taking advantage of these tools or if they do have them, they are not making much use of them. Gartner Research believes as many as 85% of the network attacks that successfully penetrate network defenses are made through vulnerabilities for which patches and fixes have already been released.
Now there is the rapidly expanding universe of Web based applications for hackers to exploit. A recent study by security vendor Acunetix claimed that as many as 70% of the 3,200 corporate and non-commercial organization Web sites its free Web based scanner has examined since January 2006, contained serious vulnerabilities and were at immediate risk of being hacked. A total of 210,000 vulnerabilities were found, the company said, for an average of some 66 vulnerabilities per web site ranging from potentially serious ones such as SQL injections and cross-site scripting, to relatively minor ones such as easily available directory listings. “Companies, governments and universities are bound by law to protect our data,” said Kevin Vella, vice president of sales and operations at Acunetix. “Yet web application security is, at best, overlooked as a fad.”
Vulnerability scanners seek out known weaknesses, using databases that are constantly updated by vendors to track down devices and systems on the network that are open to attack. They look for such things as unsafe code, misconfigured systems, malware and patches and updates that should be there but aren’t.
They also have several plus factors. They can be used to do a “pre-scan” scan, for example, to determine what devices and systems there are on the network. There’s nothing so vulnerable as something no-one knew was there in the first place, and it’s surprising how often those turn up in large and sprawling enterprises.
Many scanners can also be set to scan the network after patches have been installed to make sure they do what they are supposed to do. What vulnerability scanners can’t do is the kind of active blocking defense carried out by such things as firewalls, intrusion prevention systems and anti-malware products though, by working in combination with them, vulnerability scanners can make what they do more accurate and precise.
Please stay and complete your reading in the second part above.
*: Ethical Hackers or White Hat Hackers are people who are indeed Hackers but they give thier abilities for good causes (e.g : helping other companies, ...etc).
For something that can be such an effective weapon against "Hackers", it’s ironic that vulnerability scanning got its start as a tool for the Them (Hackers). Before they can get into networks, hackers need to know where the most vulnerable spots are in an enterprise’s security. That means using scanning tools to trawl for such things as open network ports or poorly secured applications and operating systems.
In the past few years these intentions have been turned around, to where scanning tools now give the guys in the white hats (ethical* hackers) a good idea of where the vulnerabilities are and a chance to repair them before the crackers get there. At least they provide the potential for that. The fact is, many companies don’t seem to be taking advantage of these tools or if they do have them, they are not making much use of them. Gartner Research believes as many as 85% of the network attacks that successfully penetrate network defenses are made through vulnerabilities for which patches and fixes have already been released.
Illimite Exploits :
Now there is the rapidly expanding universe of Web based applications for hackers to exploit. A recent study by security vendor Acunetix claimed that as many as 70% of the 3,200 corporate and non-commercial organization Web sites its free Web based scanner has examined since January 2006, contained serious vulnerabilities and were at immediate risk of being hacked. A total of 210,000 vulnerabilities were found, the company said, for an average of some 66 vulnerabilities per web site ranging from potentially serious ones such as SQL injections and cross-site scripting, to relatively minor ones such as easily available directory listings. “Companies, governments and universities are bound by law to protect our data,” said Kevin Vella, vice president of sales and operations at Acunetix. “Yet web application security is, at best, overlooked as a fad.”
Patch Patrol :
Vulnerability scanners seek out known weaknesses, using databases that are constantly updated by vendors to track down devices and systems on the network that are open to attack. They look for such things as unsafe code, misconfigured systems, malware and patches and updates that should be there but aren’t.
They also have several plus factors. They can be used to do a “pre-scan” scan, for example, to determine what devices and systems there are on the network. There’s nothing so vulnerable as something no-one knew was there in the first place, and it’s surprising how often those turn up in large and sprawling enterprises.
Many scanners can also be set to scan the network after patches have been installed to make sure they do what they are supposed to do. What vulnerability scanners can’t do is the kind of active blocking defense carried out by such things as firewalls, intrusion prevention systems and anti-malware products though, by working in combination with them, vulnerability scanners can make what they do more accurate and precise.
Please stay and complete your reading in the second part above.
*: Ethical Hackers or White Hat Hackers are people who are indeed Hackers but they give thier abilities for good causes (e.g : helping other companies, ...etc).
No comments:
Post a Comment