A network scanner generally performs a wide range of tasks by scanning networks for vulnerabilities and assessing security risks. In security, an attacker does not try to break down your strongest defenses but looks for the weakest point on your network and tries to exploit it. This is why network scanners are so useful – they help you keep your systems up-to-date and enable you to patch any holes.
The first step is to ensure that your network – operating systems, hardware and third-party software – is fully patched and updated. Remember to follow proper patch management procedures. Failure to do so could result in your systems becoming unstable and, as a result, crashing.
Once the network is fully patched, you need to use the network scanner to check for vulnerabilities in the software, hardware and configurations. Using a good network scanner will ensure you get comprehensive reports on which vulnerabilities were discovered, what software is causing them and information on how to rectify each problem.
After careful evaluation of each vulnerability, you can proceed to fix the detected vulnerabilities. There may be instances when some vulnerabilities cannot (or should not) be fixed. Some legacy software or systems may, for example, require a telnet server to operate. Your network scanner will identify the telnet service as being a risk and recommended you use a safer alternative. A good vulnerability scanner will allow you to ignore that recommendation; however, before you do so, make sure that you have configured your network in such a way that the risk is greatly minimized. Using the same telnet example, you would configure the firewall to limit connections only from the machine on which the legacy application runs.
Once vulnerabilities are taken care of,you should review the setup. A good network scanner will provide you with important security information such as a list of users who have not logged on recently; it can inform you ifyour antivirus has not updated lately and it will provide an overview of what shares run on each machine and what permissions have been set.
This information can be used to identify security risks such as when an employee installsa wireless access point without the administrator’s knowledge;or identify old user accounts of employees who are no longer with the companyand whose local accounts on some computers might not have been removed.
The final step would be to review what applications and services are running on our network. Some applications such as P2P software can pose a number of security risks – from accidental sharing of confidential material to the downloading of software that might break copyright law or contain malware. You might discover unauthorized services running on the network or even discover spyware installed on the basis of the open ports that are in use.After you have addressed the problem of unauthorized software and closed unnecessary services you take the next step: consolidating all that you’ve done so far.
Now that you have a fully patched network and ensured that only authorized software is running, you have a baseline setup that you know is relatively secure. A good network scanner can use this baseline to monitor for any future changes and inform the administrator if these occur, be it new patches are required, to users opening a new, unauthorized share.
Althoughthere is no ‘perfect’ answer to the question‘how to use a network scanner?’, this article covers most of the scenarios you may encounter. The final piece of advice: stop and think about your network and how the advice given above can be appliedbefore using a network scanner.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs.
Find out more about what should be included in your network scanner.