Site icon InfosecVidya

Vulnerability Management – Scanning

Photo by cottonbro studio on

This is second post in the Vulnerability Management, a practical approach series.I have highlighted that not all suggestions here can fit every possible situation. However, fear not! We can tweak and adapt these recommendations to cater to your needs.

Oops, shouldn’t we take a moment to chat about what goes on during a scanning activity before we dive headfirst into the nitty-gritty of the configurations? Let’s not get ahead of ourselves now, shall we? The scanning activity starts with Discovery Phase. During discovery phase, scanning device tries to find if the asset is online. Once it has been ascertained that the asset is online, port scanning is initiated. In some scenarios when we are not sure if ICMP Ping based discovery methods can be accurate to identify the assets, we include port scanning as the discovery method. During port discovery, if the port has been found to be responding, the scanning device tries to interact with the port and map the response to one signature available in the platform’s service database. Once service discovery is performed, further querying is performed to identify the associated version. The scanning tool also tries to estimate the installed operating system based on open ports, TTL , TCP Sequence values etc. If the open port supports authentication like SSH, SMB etc. and scanning device has a set of valid credentials, it attempts to perform authentication. If authentication succeeds, it enumerate installed packages, installed hostfixes and patches and read the config files to create profile. Once the profile is created, the collected configurations are compared against the vulnerability database maintained by the platform and creates a vulnerability report for the targeted host. This explanation is a simple one to establish the common ground.

Picture this: once we have crafted a nifty inventory tool with all the right attributes, we can gather the relevant stakeholders and laugh while devising scanning strategies. But here’s the catch – before we embark on our scanning adventure, we need to gather multiple parameters and possibly strike a deal with the boss. So, buckle up and let’s tackle one parameter at a time, appreciating the sheer importance of each in our quest for a foolproof strategy.

Vulnerability Scanning Platforms: Tenable, Qualys, Rapid7,NMAP

That’s a wrap, folks! Hopefully, this little nugget of wisdom has been as useful. Buckle up, because in the next, we’ll be diving head first into the enchanting world of vulnerability management reporting. Grab your popcorn and strap in tight 🙂

Exit mobile version