![]() Managers of IT environments with a rapidly changing application mix or weak configuration control should add in passive scanning. They highlight out-of-date applications, missing patches and potential misconfigurations that could lead to security vulnerabilities. ![]() Together, these techniques provide a view of systems, operating system and application versions. ![]() “Credentialed scanning,” which gives the vulnerability analyzer a username or SSH key to log on to each system, is a necessary part of active scanning. Start with active scanning, both inside and outside the firewall. Here are some guidelines for choosing when and how to use active and passive scanning. Passive scanning is a new technology that presents fewer options, but choices include Tenable and Sourcefire. Many manufacturers, including eEye, McAfee and Tenable, sell active vulnerability scanners or scanner signatures. For example, when a passive scanner detects a new system, it can launch an active scan of the system to gather more information about network apps that may be running, but unused. The two techniques often are used together. On the other hand, passive scanning uses one or more network taps to see which systems are actually communicating and which apps are actually running. Active scanning tries to connect to every IP address on a network and determine open TCP/IP ports, application version information and device vulnerabilities. Security pros can choose from two complementary vulnerability analysis techniques: active scanning and passive scanning. Vulnerability analyzers provide independent information about network traffic and link this information to knowledge bases showing real and potential vulnerabilities. Best practices now call for continuous monitoring to obtain an up-to-the-minute view into networks and systems. With attackers constantly probing networks, smart IT managers know that performing security audits once a year isn’t enough. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |