Misc

Passive scanning: A new take on network vulnerability scanning

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: IDSes takes aim: Emerging "target-based" systems improve intrusion defense."

Download it now to read this article plus other related content.

Network vulnerability scanning has traditionally been an active operation: Systems are probed, prodded and occasionally crashed. Vulnerability scanning can be a dangerous operation.

For many enterprises, the cost of active scanning is so high -- downtime, aggravation, finger pointing -- that it's relegated to a semiannual event. Also, active scanning yields extremely sensitive security information that can be misused.

Alternatively, the idea behind passive scanning is that systems expose a lot of information about themselves in normal communications. Active scanning can discover more, but passive scanning may be enough to help target-based IDS.

For example, by watching TCP connection establishment and teardown and application-layer banners, a passive IDS scanner can make a fairly good guess as to the operating system running on the communicating systems, and application types and version information.

We ran NeVO, Tenable Network Security's passive scanner, and found the output to be very accurate. Operating systems, application versions, known bugs and protocols running on nonstandard ports were all in the logs.

While passive scanning will never replace active scanning for its depth of information, it's a powerful tool which we expect all IDS vendors will eventually incorporate in their products.

About the author:
Joel Snyder is a senior partner at Opus One, an IT consulting firm.

This was first published in January 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: