Symantec United States
global sites
products and services
purchase
support
security response
downloads
about symantec
search
feedback


© 1995-2007 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
Scanning the Network

Do you know how secure your network is? Today that's a harder question to answer than ever before. Just consider: the number of security incidents continues to mushroom each year, dozens of new software patches are released every month, and attacks looming on the horizon promise to move with such speed that companies will scarcely have time to respond to them. Make no mistake: knowing the ins and outs of your network infrastructure has never been more mission-critical than it is now.

For many companies, obtaining a "deep look" into the network is the job of a vulnerability assessment scanner. This type of software can root out possible weak points in your network before attackers do. For example, a scanner can probe networks for known vulnerabilities in operating systems, applications, and passwords, to name just a few areas. A scanner can also use analysis to illustrate the exact sequence of steps an intruder might take to discover and exploit a vulnerability in your network.

This article focuses on the key features of a vulnerability assessment scanner and how you can get the most out of this essential software.

First things first
Until just a few years ago, small businesses were generally safe from Internet intrusions because they connected to the outside world through phone lines. Phone-line connections receive a different Internet address on every call and are open too briefly to give hackers reliable access. But today's broadband connections have Internet addresses that remain the same either permanently or for hours at a time. Once hackers find their way into a vulnerable network, they can explore or damage it at their leisure.

A vulnerability assessment scanner, such as Symantec NetRecon, takes a hacker's view of your network. It automatically scans systems and services on the network and simulates common intrusion or attack scenarios. In essence, it answers the question, "What can a hacker see and exploit on the network?" (In contrast, so-called host-based scanners assess system-level vulnerabilities such as file permissions, user account properties, and registry settings.) In this regard, the scanner you select should be capable of the following:

  • tests the entire network for security vulnerabilities and provides recommendations on how to fix them
  • scans multiple operating systems, including Unix, Linux, Windows 2000, and NetWare
  • stays current with the latest security updates
  • displays scan progress with a real-time graphic view, revealing the root cause of vulnerabilities
  • provides customizable management reports for a range of audiences Scanning and reporting

    A comprehensive vulnerability scan begins by "discovering" all active devices on the network. This is followed by a port scan, which identifies ports in listening mode as well as those that may have exploitable active services. Full scans check for open TCP and UDP ports and examine network services (such as DNS and FTP). These scans will also check operating systems and application software for unauthorized modifications and for known problems that can be fixed by patches.

    Next, the scanner analyzes the data and generates a report detailing potential vulnerabilities and fixes. Look for a scanner that displays data in real time as it scans, then provides appropriate reports so administrators don't have to search through volumes of data. Beware of scanners that flood you with hundreds of pages of potential problematic symptoms (or too many "false positive" reports). A scanner should illustrate the cause of a problem, the risk it poses, and make recommendations on how to eliminate it. As for reports, you should be able to tailor them for a range of audiences, both technical and executive, and have the capability to export them to a variety of formats, such as Word, Excel, and HTML.

    In or out?
    Several factors must be considered if you plan to undertake vulnerability assessment scanning, including whether your company has the sufficient IT expertise to do the job in-house. Those lacking expertise in this area might consider turning to a managed security services (MSS) provider. Any company considering outsourcing, however, should first ask the following questions:

  • Does the MSS provider have sufficient financial wherewithal to survive economic hardships?
  • Does the provider have sufficient consultants to assist onsite and to assist in implementing recommendations?
  • Does the provider or its partners have the national or global reach required by your company?

    Take action
    Once a vulnerability assessment has been performed, it's important that you take corrective action promptly. If you let too much time pass between when the scanning occurs and when corrective action is taken, network connections might have changed, rendering your report out of date. Remember, too, that vulnerability assessment scanning is not a one-time fix. A security edifice that is rock-solid today can crumble tomorrow under the assault of newly discovered exploits. (And that's all the more reason to make sure that the scanner you select keeps current with the latest vulnerabilities.)

    And one final note: it should be emphasized that vulnerability assessment scanning does not replace in-person security audits. Your company's security policies and procedures need to be regularly reviewed by actual persons to guarantee that they are in place and followed. After all, effective security is a combination of people, policies, procedures, and technologies.

    • home find a solution library tech resources