Vulnerability management is a key responsibility of any IT security team or managed security service provider. This scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. Vulnerability scanning is an integral component of vulnerability management. In fact, a scanner is an application that identifies and creates an inventory of all the systems connected to a network. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts.

The result of a scan is a list of all the systems found and identified on the network, highlighting any that have known vulnerabilities that may need attention.

A network security specialist need to keep the following in mind:

  • Understanding how critical a vulnerability
  • How easy would it be for a hacker to exploit the vulnerability?
  • Are there any existing security controls that could reduce the risk of the vulnerability being exploited?



Types of Vulnerability Scanning

Generally, it is necessary to carry out two distinct types of  scans:

  • Internal: This scan is carried out from inside an organization’s perimeter defenses. Its purpose is to detect vulnerabilities that could be exploited by hackers who successfully penetrate the perimeter defenses, or equally by “insider threats” such as contractors or disgruntled employees.
  • External: This scan is an external scan is carried out from outside an organization’s network, and its principal purpose is to detect vulnerabilities in the perimeter defenses such as open ports in the network firewall or specialized web application firewall.

On the other hand, there are other two approaches to vulnerability scanning:

  • Authenticated Scans: In these scans, the tester logs in as a network user, and provides vulnerability scanners with various privileged credentials. Authenticated scans allow for the scanner to directly access network based assets using remote administrative protocols such as secure shell (SSH) or remote desktop protocol (RDP) and authenticate using provided system credentials.
  • Unauthenticated scans: These scans, search for weaknesses in the network perimeter and reveal vulnerabilities that can be accessed without logging into the network. Unauthenticated scans is a method that can result in a high number of false positives and is unable to provide detailed information about the assets operating system and installed software.



Vulnerability Scanning vs Penetration Testing

I suggest that before reading this section, you should first read the following blog:

Penetration Testing

Vulnerability scanning and penetration testing are quite different and are used for different purposes.

A vulnerability scan is automated test that looks for potential security vulnerabilities, while a penetration test includes a live person actually digging into your network’s complexities to exploit the weakness in your systems.



How Vulnerability Scanning Works 

Vulnerability management process includes four steps:

  • Identification of vulnerabilities
  • Evaluation of the risk posed by any vulnerabilities identified
  • Treatment of any identified vulnerabilities
  • Reporting on vulnerabilities and how they have been handled


Identification of Vulnerabilities 

A scanner’s efficacy depends on two things:

  • The ability of the scanner to locate and identify devices, software and open ports, and gather other system information
  • The ability to correlate this information with known vulnerability information from one or more vulnerability databases

Note that there is a strong recommendation that vulnerability scans must be performed during business hours. Because it is during these hours that almost all systems – including some employees’ personal laptops – are connected to the network.


Evaluation of Risks 

This step is therefore extremely important, as it triages the vulnerabilities. It is at this step that network security staff must decide on the following:

  • How critical the Vulnerabilities discovered?
  • How practical it would be for a hacker to exploit the vulnerability?
  • Whether any existing security controls could reduce the risk?

In fact, at this step, IT security staff must enable to prioritize the vulnerabilities that need the most urgent attention.


Treatment of any Identified Vulnerabilities 

Any vulnerabilities that are detected during vulnerability scanning should be patched or otherwise fixed.

If there is no a simple fix or patch at that moment, IT security staff may choose to mitigate the risk that the vulnerability poses by ceasing to use a vulnerable system.