How vulnerable is your network? Do you really know? You have taken all of the steps you believe to be the best security practices so you should be protected, right? Let’s review some of the reasons why you may want to have a vulnerability scan performed on your network.
Why should you scan the network anyway? Generally there are two motivating factors in a decision to scan for vulnerabilities. 1) Regulatory requirement, these include PCI, GLBA, Sarbanes Oxley, HIPPA or others that require businesses in those industries to certify that their client’s information is secure from outside malicious threats. 2) Network changes and software updates. Each time you add new hardware, change your network configuration, install new software or perform major upgrades, these are all events that could possibly open up your network without your knowledge.
What happens in a vulnerability scan? You contract with an outside provider of scanning services to have all of your public IP addresses scanned for potential errors in security setup, misconfigurations, and regulatory compliance. The testing uses commonly available tools to sample your network to find any of the errors listed above. Once an error is found, it logs the error, continues to other errors if found. Some scanners may also try to exploit the discovered errors which may slow network performance for users or bring down the network if the vulnerability is severe. These are two different approaches to vulnerability scanning, you may choose either with confidence that the errors have been discovered so you may take steps to remediate them.
Your public facing network is secure with no vulnerabilities. How about your internal network? A secure network from the outside is a major step in preventing exploits. To be sure there are no misconfigurations on the computers and network servers in your organization an internal scan should be performed. An internal vulnerability scan is much the same as an external scan. An appliance is connected to the network behind your firewall and it scans the entire network looking for potential problems. After a period of time the information the scan gathers is summarized into a report with issues discovered. Internally you may find devices broadcasting availability to users on the network (Printers using SMTP to let users know of its availability and status) if these were on the public side of the network they pose a problem; however behind the firewall they pose a minimal threat.
The scan found vulnerabilities, now what? Generally scan reports group vulnerabilities into risk categories. These categories may be defined as High Risk, Medium Risk and Low Risk or similar language. Whatever the assessment in the remediation report your IT department should prioritize their actions to eliminate the higher risks first as they pose the greatest threat to your network. If you discover high risks, fix the high risk vulnerabilities, then consider rescanning the network to make sure the risks were remediated correctly.
In our last post Brian Burkett talked about the internal “people” things you can do to minimize the threat for data loss or discovery of confidential information. Vulnerability scans are another way to assure your clients and users that the data is secure and the company is taking steps to keep it secure.