80 likes | 347 Views
Robert Vance NUIT-Telecom & Network Services. Vulnerability Scanning at NU. Outline. Scanning Review Tool Discussion The NU Scanning Service Scanning Limitations Futures. Quick Scanning Overview. What is scanning? System Reconnaissance
E N D
Robert Vance NUIT-Telecom & Network Services Vulnerability Scanning at NU
Outline • Scanning Review • Tool Discussion • The NU Scanning Service • Scanning Limitations • Futures
Quick Scanning Overview • What is scanning? • System Reconnaissance • Achieved via Observable Protocol and Application Characteristics • Port Scanning vs Vulnerablity Scanning • Why is it done? • good: Detect and protect exposed systems • bad: No faster way to spread malware
The Tools • Port Scanners • nmap http://www.insecure.org/nmap • Vulnerability Scanners • Nessus http://www.nessus.org • NeWT http://www.tenablesecurity.com/ • Retina http://www.eeye.com/ • ISS http://www.iss.net
The Idea • The fundamental idea behind vulnerability scanning is to identify and then fix system weaknesses before miscreants use those weaknesses against us.
Vulnerability Scanning Service • Handpicked Nessus Plugins • Loop through the NU Address Space • Import failed Scan Results into NUSA or NetPass • and Repeat
Scanning Limitations • Firewalls • Other Visibility Limitations • False Positives • Scanning only gets you so far...
Possible Futures • On Demand Scanning • Host Based Agents • Stateful Firewalls Everywhere