There are commonly four phases to identify the vulnerabilities of a system
This phase includes- scanning the network with various scanning tools, identification of open share drives, open FTP portals, services that are running, and much more.
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.
Once the vulnerabilities have been identified, the next phase is to exploit the vulnerabilities with an aim to gain access to the target. The target can be a system, firewall, secured zone or server.
Once the penetration test is complete, the final aim is to collect the evidence of the exploited vulnerabilities and report it to the executive management for review and action. Now, it is the management’s decision on how this risk has to be addressed. Whether they want to accept the risk, transfer it or ignore it .
THE PROCESS CAN BE BROKEN DOWN AS ;
Step 1: Conduct Risk Identification And Analysis
Step 2: Vulnerability Scanning Policies and Procedures
Step 3: Identify The Types Of Vulnerability Scans
Step 4: Configure The Scan
Step 5: Perform The Scan
Step 6: Evaluate And Consider Possible Risks
Step 7: Interpret The Scan Results
Step 8: Create A Remediation Process And Mitigation Plan
The most common types of vulnerability scans include:
Network Vulnerability Scans :
The most common type of vulnerability scan is a network based scan. This scan includes networks, their communication channels and the networking equipment used in an environment.
Some of the major software and hardware devices that are in the scope of a network scan are hubs, switches, routers, firewalls, clusters, and servers. A network scan will detect and classify all vulnerabilities that it finds on these devices.
Host Based Vulnerability Scans :
Host based scan is often misunderstood as being the same as a network scan. Far from the truth, host-based scans address vulnerabilities related to hosts on the network including computers, laptops and servers.
More specifically, this scan investigates the host configuration, its user directories, file systems, memory settings and other information that can be found on a host. This scan focuses more on the endpoints and their internal system setup and functionality.
The importance of a host-based scan is also often overlooked. If neglected, misconfigurations and dormant vulnerabilities that lie in endpoints can mean disaster for your company if a malicious hacker manages to penetrate past your perimeter. By neglecting host-based scans malicious actors are able to move laterally through the system with far more ease.
Wireless Based Vulnerability Scans :
In order to conduct a successful wireless vulnerability scan you need to know all the wireless devices that are in your network. Additionally, you need to map out the attributes for each device in order to know how to properly configure the scan.
The next step is to identify any rouge access points that might be in your network and isolate those unknown devices. It is important to remove these devices from your network as they might be listening in on your wireless traffic.
After all of the above, you can start testing your wireless access points and your wireless LAN infrastructure.
Application Based Vulnerability Scans
This type of vulnerability scan is often forgotten and is in the shadows of an application penetration test. Nevertheless, if you are not conducting an application penetration test, scanning your applications for vulnerabilities should be very high on your priority list. By choosing from a variety of application vulnerability scanning tools, you can automate your security tasks and increase the security of your applications. There is are a variety of tools that you can use, both open-source and commercial in order to conduct a true application vulnerability scan.