What are software scanners used for?
As the network of an organisation gets more complicated with the advance in
technology, so are the tools developed to maintain the integrity of these system. The threats are many and varied, from spoofing emails, viruses that disrupt service to intrusions that steal information. One of the main methods that can be used to check the status of a system is the use of software scanners. They operate like a security guard to building, checking who is entering the building, where they are they going and what they up to. Scanners do this in a data environment, checking what packets enter the domain, looking for any unusual activity and is anything being transmitted out that shouldn’t be.
What are the function of these scanners?
Scanners carry out several different functions:.
- They can send a ping to see what devices or peripherals are connected to the network. This can also provide information on the status (printers can give an indication of ink levels for example)
- They can check how up to date the patches are on the system.
- See the current configuration map to confirm security policy.
- Warn of current vulnerabilities in the system by providing a penetration test.
These tools can be used for good or ill-gotten gain in equal measure. As much information can be provided to an It professional on the maintenance of a system, can also be used by attacker to identify a weak point.
What are penetration tests?
A penetration test is a dummy attack that is conducted by an authorised agent to mimic what would happen in a real-life situation. This is done after a vulnerability scan, so they know what is available on their attack surface. Next, they create a scenario of what a hacker might do and measure its impact. Kind of a cyber fire drill. Penetration tests are a high-risk tactic as real damage can be done inadvertently so it needs management over sight and approval. Sometimes these are done without the knowledge of the IT department to test the integrity of their systems and their preparedness. With that in mind consideration needs to be given as to the information is made available to the ethical hacker:
- Black box: Completely blind to see what they can do.
- Grey box: Partial disclosure
- White box: Full disclosure and cooperation of stakeholders.
What are the different types of software scanners available?
There are different types of tools available including:
- Nessus which is a vulnerability scanner. This investigates the entire network and compares the current state with known issues.
- Nmap which scans a network for specific information that give a way configuration and what service are operating. They can check a ports status for open, closed, filtered, unfiltered).
- Network tap: Is a live wire of network traffic and can instantly spot any abnormal activity. These are used as Security and Event Management system (SEM, SEIM) to alert an IT department of a potential intrusion.
Each provides audit logs as proof of traceability for security and compliance purposes. When combined with Security intelligence System (SIS) then all these different logs can extrapolate and look for trends across all the different sources including VoIP and teleconference and pure data. This can provide a powerful tool to provide an efficient early warning system prior to a full incursion taking place.
Thought needs to be given to the type and importance of the data that needs to be protected compared with the expense of running and maintaining these tools. There is an increased expectation by regulators, suppliers and clients alike for due care to be given to the information in an organisation’s possession. The use of scanning technology to measure the effectiveness of IT security systems would show good practice.
If you need assistance with any of these issues please see our services page.