network vulnerability scanning xiaozhen xue dept. of computer science texas tech university, usa...

Network Vulnerability Scanning

Xiaozhen Xue

Dept. of Computer Science

Texas Tech University, USA

xiaozhen.xue@ttu.edu

Akbar Siami Namin

Dept. of Computer Science

Texas Tech University, USA

akbar.namin@ttu.edu

Summer Cyber-Security Workshop, Lubbock, July 2014

Summer Cyber-Security Workshop, Lubbock, July 2014

Need for Vulnerability Management

– Vulnerabilities on a network are GOLD to cyber criminals:

• Provide unauthorized entry to networks

• Can expose confidential information, fuel stolen identities, violate privacy laws, or paralyse operations

• Exposure is extreme for networks with vulnerable devices connected by IP

Sources of Vulnerabilities

Programming errors Unintentional mistakes or

intentional malware in General Public License software

Improper system configurations Mobile users sidestepping

perimeter security controls Rising attacks through viewing

popular websites

Summer Cyber-Security Workshop, Lubbock, July 2014

Need for Vulnerability Management

– Despite utilization of basic defenses, network security breaches abound

• TJX exposed 46M records• DSW exposed 1.4M records• CardSystems exposed 40M

records• 215M+ reported record

exposures since 2005 (actual is significantly higher)

– Automation is Crucial• Manual detection and

remediation workflow is too slow, too expensive and ineffective

Attack Trends

Increased professionalism and commercialization of malicious activities

Threats that are increasingly tailored for specific regions

Increasing numbers of multistaged attacks

Attackers targeting victims by first exploiting trusted entities

Shift from “Hacking for Fame” to “Hacking for Fortune”

Summer Cyber-Security Workshop, Lubbock, July 2014

Need for Vulnerability Management

– Did we learn our lessons?

• Most vulnerabilities are long known before exploited

• Successful exploitation of vulnerabilities can cause substantial damage and financial loss

• A few vulnerable systems can disrupt the whole network

• System misconfiguration can make systems vulnerable

Challenges IT Security Face

NOT enough TIME, PEOPLE, BUDGET

Prioritization of efforts for minimize business risks and protecting critical assets. We can’t fix all problems - what can we live with?

Adapting to accelerating change in sophistication of attacks.

Vulnerability ScanningVulnerability Management

Summer Cyber-Security Workshop, Lubbock, July 2014

1. DISCOVERY(Mapping)

2. ASSET PRIORITISATION(and allocation)

3. ASSESSMENT (Scanning)

4. REPORTING(Technical and Executive)

5. REMEDIATION(Treating Risks)

6. VERIFICATION(Rescanning)

Vulnerability ScanningMapping

Summer Cyber-Security Workshop, Lubbock, July 2014

– Mapping• Gives hacker’s eye view of you

network• Enables the detection of rogue

devices

Vulnerability ScanningPrioritisation

Summer Cyber-Security Workshop, Lubbock, July 2014

– Asset Prioritisation• Some assets are more critical to

business than others• Criticality depends of business

impact

– Scanning:• takes an “outside-in” and “inside-in”

approach to security, emulating the attack route of a hacker

• tests effectiveness of security policy and controls by examining network infrastructure for vulnerabilities

Vulnerability Scanning

Summer Cyber-Security Workshop, Lubbock, July 2014

Vulnerability Scanning

• Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses

Vulnerability scanners

Summer Cyber-Security Workshop, Lubbock, July 2014

Vulnerability ScanningHow Vulnerability Scanners Work

Scanning Engine

Knowledge Base

GUI

Results

Target 2

Target 1

Target 3

Target 4

Vulnerability Database

Summer Cyber-Security Workshop, Lubbock, July 2014

Vulnerability Scanning

• Similar to virus scanning software:– Contain a database of vulnerability signatures that

the tool searches for on a target system– Cannot find vulnerabilities not in the database

•New vulnerabilities are discovered often•Vulnerability database must be updated regularly

Vulnerability scanners

Summer Cyber-Security Workshop, Lubbock, July 2014

Vulnerability Scanning

• Network vulnerabilities• Host-based (OS) vulnerabilities

– Misconfigured file permissions– Open services– Missing patches– Vulnerabilities in commonly exploited applications

(e.g. Web, DNS, and mail servers)

Typical Vulnerabilities Checked

Summer Cyber-Security Workshop, Lubbock, July 2014

Vulnerability Scanning

• Very good at checking for hundreds (or thousands) of potential problems quickly– Automated– Regularly

• May catch mistakes/oversights by the system or network administrator

• Defense in depth

Vulnerability Scanners - Benefits

Summer Cyber-Security Workshop, Lubbock, July 2014

Vulnerability Scanning

• Report “potential” vulnerabilities• Only as good as the vulnerability database• Can cause complacency• Cannot match the skill of a talented attacker• Can cause self-inflicted wounds

Vulnerability Scanners - Drawbacks

Summer Cyber-Security Workshop, Lubbock, July 2014

Port scanner (Nmap, Nessus)

Network enumerator

Network vulnerability scanner (BoomScan)

Web application security scanner

Database security scanner

Host based vulnerability scanner (Lynis, ovaldi, SecPod Saner)

ERP security scanner

Computer worm

Vulnerability Scanners tools

Vulnerability Scanning

• Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses

• Used by defenders to automatically check for many known problems

• Used by attackers to prepare for and plan attacks

Summary

Summer Cyber-Security Workshop, Lubbock, July 2014

Vulnerability Scanners tools

comprehensive vulnerability scanner which is developed by Tenable Network Security.

Port scanner (Nmap)

Vulnerability Scanners tools

Summer Cyber-Security Workshop, Lubbock, July 2014

Qualys

https://freescan.qualys.com/freescan-front/

Summer Cyber-Security Workshop, Lubbock, July 2014

Qualys

http://lhs.lubbockisd.org