7.4 - Vulnerability Assessment Tools

 7.4 - Vulnerability assessment tools 

Key Terms: 

    • Vulnerability assessment tool – A service or program that tests systems and devices for weaknesses that could be exploited. 
    • Open source tool – A tool that is free to use and can be modified and shared. 
    • Vulnerability report – A report generated by a vulnerability assessment tool that gives information such as weak passwords, open ports, and lack of encryption. It may also provide suggestions for remediation. 
    • Remediation - Patching, hardening, and correcting a weakness. 

 

Qualys Vulnerability Management 

This is a cloud-based service which keeps all data in a private database. Qualys is easy to use and scalable for large enterprises. All data is encrypted, which adds an extra layer of security. 

 

Nessus Professional 

An assessment solution that resides on the network. Nessus is meant to be used for smaller organisations as it comprehensively scans the network for malware, known vulnerabilities, and misconfigurations. It also provides reporting as well as remediation and continuous monitoring. 

 

OpenVAS 

This is an open source vulnerability scanner that has over 50,000 tests and daily updates. It is capable of high-level and low-level protocols as well as authenticated and unauthenticated testing. 

 

Nikto 

Nikto is a web server scanner. It tests for outdated versions of web servers and scans for over 6,000 files and programs that can be exploited. Nikto also checks for version-specific problems on more than 270 servers. This tool leaves a large footprint as it executes many entry requests that are logged on the web server. 

 

Retina CS for Mobile 

Retina CS provides high-level vulnerability assessment for mobile devices. It can scan, prioritise, and fix vulnerabilities on a mobile device. 

 

SecurityMetrics Mobile 

This program scans for vulnerabilities in mobile devices. It can help to protect against unwanted app privileges, mobile malware, connectivity issues, threats to device storage, and unauthorised account access. 

 

Nessus 

As opposed to Nessus Professional, Nessus is a vulnerability scanner on mobile devices. It lets you know which devices are unauthorised, non-compliant, and running outdated iOS versions. It also highlights devices that haven’t disconnected from the network for a long time. 

 

Net Scan 

This tool allows discovery of vulnerabilities through network and port scanning. 

 

Network Scanner 

Network scanner monitors network usage. It creates vulnerability reports that can be autosaved and backed-up with web storage. 

 

Assessment Reports 

Assessment reports provide detailed information about the vulnerabilities that are found in the network. These reports cover scan information, target information and results. The scan information includes the name of the scanning tool, version, and ports that were scanned. Target information contains the target system’s name and address. The results section contains a complete scanning report with subtopics such as the target, services, classification, and assessment. There are 2 assessment report categories: 

    • Security vulnerability report – This report gives you all the information about scanned devices and servers including open and detected ports, new vulnerabilities, and suggestions for remediation. 
    • Security vulnerability summary – This report also covers every device and server that was scanned however, it will rank found vulnerabilities based on severity level. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more