Selecting and Implemeting Vulnerability Scannner for Fun and ...

Selecting and Implemeting Vulnerability Scannner for Fun and ...

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes Conducting Vulnerability Assessments Without Disrupting Your Network Notice: The views and opinions expressed in this presentation are those of the presenters and do not necessarily represent any organization or company they will be associated with in the future.

May the force be with you! WHY VULNERABILITY MANAGEMENT? Ensure protection of critical data Meet compliance regulations Reduce risk or minimize impact by addressing vulnerabilities in a timely

manner Prepare to meet future security What is a Vulnerability Scanner A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems - or by

black hat attackers looking to gain unauthorized access. Types of Vulnerability Scanners Agent verses Agentless Active verses Passive Vulnerability Scanners - Benefits

Very good at checking for hundreds (or thousands) of potential problems quickly Automated Regularly Can help identify rogue machines Helpful in inventory devices on the network What Vulnerability Scanner Do Well

Provide a generic risk level Explain why the item is a risk Provide detailed information on how to remediate The differences of how your scanner does the above items are some of the key differences between the scanners. How Vulnerability Scanners Work

Similar to virus scanning software: Contain a database of vulnerability signatures that the tool searches for on a target system Cannot find vulnerabilities not in the database New vulnerabilities are discovered often Vulnerability database must be updated

regularly Challenges Security resources are often decentralized The security organization often doesnt own the network or system Always playing catch-up to changing threats

Determining if the fix was actually made Ignoring it accepting it Decisions for your First Scan Full Scan Verses Known Segment

Time and bandwidth verses Unknown devices Is Your Network Ready for This? Poor Network Configuration can lead to Security getting blamed for bandwidth issues (what to look for how to resolve) Dream Vs. Reality

Dream of vulnerability scanner Plug in Get data Network/Endpoint Teams Act on Information Network Secured You Emerge as Security Hero!

Dream Vs. Reality Proper planning : Policies and Procedures for the Scanning Process Track Inventory and Categorize Assets Identify and Understand your business

processes To the network team it looks like an attack So You Scanned Now What Cant expect folks to act on 1,000 page

reports. Need to provide some prioritization What are the biggest risks in your environment What is the level of risk that is acceptable in your environment What is the threat level that exists in your industry. What Vulnerability Scanners Cant Do

Scan items not connect to the network Tell you how bad a vulnerability is in your environment. (ratings are universal) Tell you exactly where a device is Major Players Tenable (Nessus) Rapid 7 Qualys

Tripwire (nCircle) OPenVAS Questions? Game Over

Recently Viewed Presentations

  • Dhtml - Knu

    Dhtml - Knu

    Menu 1. Menu 2. Menu 3. Original & MouseOut. a0.gif. a1.gif. a2.gif. MouseOver & OnClick. a0b.gif. a1b.gif. a2b.gif
  • Essential Question How can we determine the types

    Essential Question How can we determine the types

    Basically anything external EXCEPT people. Man vs. Environment Examples People struggling with a flood A tornado hits your house Stranded in the wilderness After Reading Ch 3 and 4 What is meant by in the passage, "he was gone, gone...
  • Suffixes

    Suffixes

    Suffixes Suffixes are endings that are added to root words. They can change adjectives into nouns They can change verbs into nouns Root word and add -ness Fair fairness Kind kindness Fit fitness Wicked wickedness Willing willingness Childish childishness Foolish...
  • Electron Configuration Chemistry Mrs. Coyle Electron Configuration  The

    Electron Configuration Chemistry Mrs. Coyle Electron Configuration The

    Electron Configuration Chemistry Mrs. Coyle Electron Configuration The way electrons are arranged around the nucleus. Three rules are used to build the electron configuration: Aufbau principle Pauli Exclusion Principle Hund's Rule Aufbau Principle Electrons occupy orbitals of lower energy first.
  • 先生 Xian sheng

    先生 Xian sheng

    Your travel agent told you that someone from your Chinese family, whom you have seen before, will come to the airport to pick you up. When you arrive at the China airport, you see a young lady who looks like...
  • The Twelve Concepts

    The Twelve Concepts

    Concepts apply the steps and the. traditions to our service work. ... democracy . is the best method . for serving OA. Delegates. From. Intergroups, service boards worldwide. region chairpersons ... Concept Five. Consideration.
  • Principals of General Zoology (Zoo-103)

    Principals of General Zoology (Zoo-103)

    تتنفس الأسماك عادة بالخياشـيم أما ما يسمى بالمثانة الهـوائية air-bladder أو المثانة الغـازية gas-bladder أو كيس العوم swim-bladder والتي غالباً ما توجـد في الأسماك العظمية فـإنها لا تؤدي وظيفة تنفسـية إلا ...
  • The Conjugation Challenge

    The Conjugation Challenge

    * Can you conjugate these verbs in the imperfect? caminar - to walk llamar - to call mirar - to look at visitar - to visit saludar - to greet escuchar - to listen to contestar - to answer comprar...