Network Vulnerability Scanning
Xiaozhen Xue
Dept. of Computer Science
Texas Tech University, USA
Akbar Siami Namin
Dept. of Computer Science
Texas Tech University, USA
Summer Cyber-Security Workshop, Lubbock, July 2014
Summer Cyber-Security Workshop, Lubbock, July 2014
Need for Vulnerability Management
– Vulnerabilities on a network are GOLD to cyber criminals:
• Provide unauthorized entry to networks
• Can expose confidential information, fuel stolen identities, violate privacy laws, or paralyse operations
• Exposure is extreme for networks with vulnerable devices connected by IP
Sources of Vulnerabilities
Programming errors Unintentional mistakes or
intentional malware in General Public License software
Improper system configurations Mobile users sidestepping
perimeter security controls Rising attacks through viewing
popular websites
Summer Cyber-Security Workshop, Lubbock, July 2014
Need for Vulnerability Management
– Despite utilization of basic defenses, network security breaches abound
• TJX exposed 46M records• DSW exposed 1.4M records• CardSystems exposed 40M
records• 215M+ reported record
exposures since 2005 (actual is significantly higher)
– Automation is Crucial• Manual detection and
remediation workflow is too slow, too expensive and ineffective
Attack Trends
Increased professionalism and commercialization of malicious activities
Threats that are increasingly tailored for specific regions
Increasing numbers of multistaged attacks
Attackers targeting victims by first exploiting trusted entities
Shift from “Hacking for Fame” to “Hacking for Fortune”
Summer Cyber-Security Workshop, Lubbock, July 2014
Need for Vulnerability Management
– Did we learn our lessons?
• Most vulnerabilities are long known before exploited
• Successful exploitation of vulnerabilities can cause substantial damage and financial loss
• A few vulnerable systems can disrupt the whole network
• System misconfiguration can make systems vulnerable
Challenges IT Security Face
NOT enough TIME, PEOPLE, BUDGET
Prioritization of efforts for minimize business risks and protecting critical assets. We can’t fix all problems - what can we live with?
Adapting to accelerating change in sophistication of attacks.
Vulnerability ScanningVulnerability Management
Summer Cyber-Security Workshop, Lubbock, July 2014
1. DISCOVERY(Mapping)
2. ASSET PRIORITISATION(and allocation)
3. ASSESSMENT (Scanning)
4. REPORTING(Technical and Executive)
5. REMEDIATION(Treating Risks)
6. VERIFICATION(Rescanning)
Vulnerability ScanningMapping
Summer Cyber-Security Workshop, Lubbock, July 2014
– Mapping• Gives hacker’s eye view of you
network• Enables the detection of rogue
devices
Vulnerability ScanningPrioritisation
Summer Cyber-Security Workshop, Lubbock, July 2014
– Asset Prioritisation• Some assets are more critical to
business than others• Criticality depends of business
impact
– Scanning:• takes an “outside-in” and “inside-in”
approach to security, emulating the attack route of a hacker
• tests effectiveness of security policy and controls by examining network infrastructure for vulnerabilities
Vulnerability Scanning
Summer Cyber-Security Workshop, Lubbock, July 2014
Vulnerability Scanning
• Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses
Vulnerability scanners
Summer Cyber-Security Workshop, Lubbock, July 2014
Vulnerability ScanningHow Vulnerability Scanners Work
Scanning Engine
Knowledge Base
GUI
Results
Target 2
Target 1
Target 3
Target 4
Vulnerability Database
Summer Cyber-Security Workshop, Lubbock, July 2014
Vulnerability Scanning
• Similar to virus scanning software:– Contain a database of vulnerability signatures that
the tool searches for on a target system– Cannot find vulnerabilities not in the database
•New vulnerabilities are discovered often•Vulnerability database must be updated regularly
Vulnerability scanners
Summer Cyber-Security Workshop, Lubbock, July 2014
Vulnerability Scanning
• Network vulnerabilities• Host-based (OS) vulnerabilities
– Misconfigured file permissions– Open services– Missing patches– Vulnerabilities in commonly exploited applications
(e.g. Web, DNS, and mail servers)
Typical Vulnerabilities Checked
Summer Cyber-Security Workshop, Lubbock, July 2014
Vulnerability Scanning
• Very good at checking for hundreds (or thousands) of potential problems quickly– Automated– Regularly
• May catch mistakes/oversights by the system or network administrator
• Defense in depth
Vulnerability Scanners - Benefits
Summer Cyber-Security Workshop, Lubbock, July 2014
Vulnerability Scanning
• Report “potential” vulnerabilities• Only as good as the vulnerability database• Can cause complacency• Cannot match the skill of a talented attacker• Can cause self-inflicted wounds
Vulnerability Scanners - Drawbacks
Summer Cyber-Security Workshop, Lubbock, July 2014
Port scanner (Nmap, Nessus)
Network enumerator
Network vulnerability scanner (BoomScan)
Web application security scanner
Database security scanner
Host based vulnerability scanner (Lynis, ovaldi, SecPod Saner)
ERP security scanner
Computer worm
Vulnerability Scanners tools
Vulnerability Scanning
• Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses
• Used by defenders to automatically check for many known problems
• Used by attackers to prepare for and plan attacks
Summary
Summer Cyber-Security Workshop, Lubbock, July 2014
Vulnerability Scanners tools
comprehensive vulnerability scanner which is developed by Tenable Network Security.
Port scanner (Nmap)
Vulnerability Scanners tools
Summer Cyber-Security Workshop, Lubbock, July 2014
Qualys
https://freescan.qualys.com/freescan-front/
Summer Cyber-Security Workshop, Lubbock, July 2014
Qualys
http://lhs.lubbockisd.org