CertiGuide to Security+  9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)       9  1.7  Auditing

System/Network Scanning 1 1.8  Summary

You can learn more about scanners in the paper, “Network Scanning Techniques” by Ofir Arkin¹²⁰.

Nmap¹²¹ (for *nix and Windows), Nessus¹²² (for Unix) and Sara¹²³ (also for Unix) are popular free network scanners. Many other commercial solutions exist, such as eEye Digital Security’s Retina¹²⁴ (for Windows), Internet Security System’s RealSecure Protection System¹²⁵ (management platform for Windows and sensors for Windows and UNIX) and WWDSI’s SAINT¹²⁶ (an updated version of the freely available SATAN scanner for UNIX). Many have said that for CEO-impressing reports, eEye’s award-winning Retina scanner is tops.¹²⁷

Historically, scanners have searched for vulnerabilities at the network layer and defective server software. A new frontier for scanners is that of web applications. Web application scanners (sometimes called CGI scanners, if used to scan for CGI script vulnerabilities) work at the application layer, and look for exploitable web pages (such as CGI scripts or JSP or ASP pages). This area of scanning is still relatively new, but tools written to specifically address it include Web Scarab¹²⁸ (a new open-source tool written in java, with preliminary alpha test release expected in September, 2002) and SPI Dynamics’ WebInspect¹²⁹.

In addition to running system scanners, another way you can check for vulnerabilities in your current system and network configuration is via penetration tests.

Network scanners and penetration exercises (not tests – the real thing) are two tools in the cracker’s arsenal. Employing these tools on your own network – before the crackers do – allow you to find and address weaknesses in your network’s security before they are exploited.

System/Network Scanning 1 1.8  Summary