Tuesday, May 25, 2010

Vulnerability Scanning Do's And Don'ts - DarkReading

Vulnerability Scanning Do's And Don'ts - DarkReading

This is a pretty good article about the "gotchas" around vulnerability scanning.  Its not as simple as firing up a scanner and have it comb your company's entire class A subnet.

Here are the things I look out for when performing vulnerability scans on the organziation:
  • legacy hardware/software, such as mainframes, miniframes - I've tipped over some mainframe programs with nessus, back in the day
  • small software/hardware vendors - I've tipped over a database High Availability solution before with nessus
  • sizing of network connections and the size of your scan - don't saturate your network links
  • choose a maintenenace window or an off-production time to run scans
  • make sure you notify people that you're scanning
    • don't assume that your scan won't be noticed
    • don't assume that your scan won't cause an issue
    • people like to be notified should they notice something odd
  • make sure that people are available, should you knock something over, and/or test the system once your scan is done to ensure that the services come back or are still functioning appropriately

Chris
LABrat.com