Modern corporate networks encompass multiple routers, switches, firewalls, hubs, servers, load balancers, etc. and often include subnets, VLANs, WANs, and connections to the public internet. These complex interconnections between many network devices consequentially result in a myriad of potential entry points and vulnerabilities that an attacker could use to gain access to your backend servers and sensitive business systems.One of the major ways that your company can protect itself and its customer-base is to utilize powerful vulnerability scanners that can scan your entire network to deduce whether any vulnerabilities are present in order to diagnose any security holes that need to be patched. This is one of the first steps that you can take to gauge the security posture of your network and to determine how well your attack surface can be defended and reduced, and how efficiently threats can be mitigated.Vulnerability Scanning is also the second step that hackers use according to most offensive security methodologies, which comprise of footprinting/recon, port and vulnerability scanning, exploitation, and post-exploitation. Thus, by using vulnerability scanners, you will be conducting an assessment with one of the fundamental tools that cyber-criminals use to determine how vulnerable you are; this will give you invaluable data as to your network's security posture.To conduct a vulnerability scan, our expert team of security personnel uses the most powerful proprietary and open-source vulnerability scanners, which include automated tools that identify and enumerate network devices (servers, routers), ports (open TCP and UDP ports), services, functions, etc. in order to give you a complete overview of the activity of your corporate networks. Along with the use of SNMP and Port
scanners, these complex security mechanisms give great visibility into the state, functionality and efficacy of your network, allowing you to make decisions on patching, configurations, and hardening, in order to ensure complete data security.
The configuration of your servers, routers, switches and other network devices - along with the appropriate use of 802.1x, intrusion detection and prevention systems (IDPS), firewalls (with access control lists), and network access control - largely determines how secure your network will be, thus the correct use of the aforementioned security controls, and their correct configuration, is key. When we scan your network for vulnerabilities, we conduct a thorough assessment to determine if any known vulnerabilities exist, if any unpatched systems exist that could allow for cyber attacks, and if any exploitable programs, insecure devices or vulnerable scripts are running on your business systems.This is an important step, as part of the process to ensure complete data security is setting an application baseline and discontinuing the use of insecure applications that could expose your company network to attacks.Patch management is also one of the most significant mechanisms that should be clearly defined and used consistently, which is generally predicated upon the results of a thorough vulnerability assessment.
There are multiple types of vulnerability assessments that can be conducted on your networks. The two major types are authenticated vulnerability scans and unauthenticated vulnerability scans:
This type of scan covers the portions of a network that can be accessed by an unauthenticated user, such as an external cyber-attacker.
This type of scan focuses on areas of the network that a logged-in, authenticated user can access, and is used to conduct a more detailed, widespread assessment as well as determining the threat level of a malicious internal threat.
Unauthenticated users can only access certain, basic areas of any corporate network. Outside of malicious internal threats, cyber-attacks generally come from outside of a network, and thus requires a hacker to utilize session hijacking, man-in-the-middle attacks, code injection, or malware - such as rootkits and backdoors - to become an authenticated user. This allows them to access databases, information, resources, servers, files, etc.Along with pivoting through different systems, a cyber-attacker can use rootkits and tools for privilege escalation to gain access to other, more sensitive systems, all from initially being an unauthenticated user on the outside of a network.As can be seen, unauthenticated users may be able to initially access only limited parts of a network, but can still represent a very real threat to your business infrastructure. As noted by David Shephard and according to the 2014 U.S. State of Cybercrime Survey, over 50 percent of organizations reported that cyber-crimes from outside sources were the most damaging, though malicious internal threats often represent a large portion of the cyber-criminals that attack businesses.During an unauthenticated vulnerability scan our security engineers start with little knowledge of the system being tested and use normative footprinting methodologies to obtain information on the organization, and to discover as much about the network as possible. This usually entails using google, google-dorks, WHOIS and other resources such as dig, to obtain DNS information, emails, IP addresses, policy information, etc.Along with a port and vulnerability scan, these steps offer a good simulation of what an attacker could potentially expose about a business system in order to exploit it.
An authenticated vulnerability scan is indicative of a logged-in, authenticated user with internal knowledge of and access to the system, which allows for a more direct approach. This method of scanning allows for the utilization of more network ranges, including VLANs, subnets, host systems and other IP addresses usually associated with the purview of an authenticated user.Going back to offensive security methodologies - comprised of footprinting, port and vulnerability scanning, exploitation, and post exploitation - authenticated vulnerability scanning allows our security team to focus less on the discovery phase of the offensive security methodology and instead allows our engineers to focus on the vulnerability assessment and identification phase.Together, unauthenticated and authenticated vulnerability scans provide a comprehensive security overview of how well your business network will stand up against an external or internal threat, and allows you to ascertain the different attack patterns associated with internal and external threats, and consequently, how to harden your systems to ensure complete data security.