Every business owner with a computer network needs to be aware of vulnerability scans, why they are important, how they work and which types of scans should be performed. Vulnerability scanning allows you to locate possible points where an intruder could exploit the information on a single computer or on a network. The scanning process finds and classifies those vulnerabilities based on the type of weakness. It also predicts the effectiveness of repairing the vulnerability. There are two types of vulnerability scans that an individual or business needs to know about and perform in order to protect their sensitive information, internal and external.
How a Vulnerability Scanner Works: Internal vs External
The end point of the vulnerability scanner is the person running the software. It allows the person to inspect the points of attack. The software used examines details about a target attack surface and compares them with the known security flaws and holes in ports, software and security systems. The scanner also examines anomalies in packets and potentially exploitable programs and scripts. Each time a vulnerability is detected, the scanner logs it.
The log can then be used to take preventive action and correct the identified vulnerabilities. The scan can be attempted as an authenticated, internal user who is logged into the computer or network or as an unauthenticated, external user who is not logged in. An intruder would likely exploit vulnerabilities as an unauthenticated user on the network. The scanning process takes one to three hours for a short scan and 10 hours or longer for a detailed, large scan of a complex network environment.
Internal Vulnerability Scans
A threat can originate within a network. This is similar to using a motion detector within a house in order to identify an intruder or unusual activity. A disgruntled employee or a person who is out for revenge after being denied a raise or promotion might purposely load malware onto the network. Once the malware is in a business’s internal network, it can identify systems and data that are not visible from outside of the network. From there, it can run its own scripts and export data to an outside website, delete data or change the information in a way that makes it difficult or impossible to recover. An internal vulnerability scan is designed to search the internal components of the network and find possible points of exploitation. Business owners should download a vulnerability scanner and have their service provider configure it. Another option is to download an open-source scanner or purchase Nessus. Make sure that the person running the internal vulnerability scan is independent of your organization.
External Vulnerability Scans
When most people think of malware, they think of an external attack perpetrated by someone using a computer anywhere in the world. An external vulnerability scan is similar to a homeowner locking their doors and windows before going to bed at night. It identifies and closes potential points of unwanted intrusion. It takes a perspective from the outside, looking in at the network. An external vulnerability scan begins by looking for weaknesses in the network’s firewall. One of those weaknesses could be all that a hacker needs to worm their way into the network. An external vulnerability scan also tests outside IP addresses and the perimeter of the network. Find an approved scanning vendor (ASV) to run the external vulnerability scan.
Why External and Internal Vulnerability Scanning Are Important
A business has to know its vulnerabilities from every possible angle and source. The logged alerts are packaged as a list of common vulnerabilities and exposures, and they provide a plan of action for an individual or business to pursue in protecting their computer and network. A business that has a quarterly external vulnerability scan might be forgetting to conduct regular internal vulnerability scans. The best practices for security and risk management include quarterly scans of both types. There are open-source software options, proprietary software packages for purchase and consulting providers of both types of vulnerability scans. Be sure to run at least four external and four internal vulnerability scans each year in order to maintain PCI DSS compliance. If a network is segmented, make sure that every segment is scanned. Run new vulnerability scans after any upgrade or modification to networks, applications or firewalls.
Business owners should remember that they bear the responsibility for PCI DSS compliance. The internal vulnerability scan is a critical part of this. Although conducting the internal vulnerability scanning and finding a provider for the external vulnerability scanning require some resource investments, it is easier to find a vulnerability and fix it than it is to take corrective action once a network has been compromised.