Definition

network vulnerability scanning

Contributor(s): Matthew Haughn

Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.

A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provide, possibly as a condition imposed by some authority.  An Approved Scanning Vendor (ASV), for example, is a service provider that is certified and authorized by the Payment Card Industry (PCI) to scan payment card networks. Vulnerability scans are also used by attackers looking for points of entry.

A vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered.

Running a vulnerability scan can pose its own risks as it is inherently intrusive on the target machine’s running code. As a result, the scan can cause issues such as errors and reboots, reducing productivity.

There are two approaches to vulnerability scanning, authenticated and unauthenticated scans. In the unauthenticated method, the tester performs the scan as an intruder would, without trusted access to the network. Such a scan reveals vulnerabilities that can be accessed without logging into the network. In an authenticated scan, the tester logs in as a network user, revealing the vulnerabilities that are accessible to a trusted user, or an intruder that has gained access as a trusted user.

According to security consultant Kevin Beaver, the best plan is to conduct both types of scans: “Until you test your systems from every possible angle, you simply cannot say with reasonable certainty just where things stand with security.”

See a video on how to use TripWire SecureScan, a free vulnerability scanning tool:

This was last updated in June 2015

Continue Reading About network vulnerability scanning

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close