How to use TripWire SecureScan, a free vulnerability scanning tool

The widely publicized Heartbleed bug is a vulnerability found in all implementations of OpenSSL released between March 2012 and April 2014 that allows attackers to gain access to sensitive user data and encrypted information. With OpenSSL used by approximately two-thirds of all websites and many other devices and services, enterprises have been scrambling to find the bug and fix it fast. Unfortunately, it's not always easy to tell whether an application or system is vulnerable to Heartbleed, even for security professionals. Luckily, Portland, Oregon-based security vendor TripWire Inc. developed SecureScan, a free tool that can help.

In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional, or CISSP, and trainer for CBT Nuggets LLC, demonstrates how to use TripWire SecureScan, an easy-to-use scanning tool that detects vulnerabilities and identifies servers that are susceptible to Heartbleed.

SecureScan is a network and device scanner that identifies which servers providing services through Transport Layer Security (TLS) have a Heartbleed vulnerability. The tool, which is free to use on networks with fewer than 100 devices or IP addresses, also helps determine which ports and services are open on devices on a network to help find any other related vulnerabilities. It has the ability to scan individual devices on the network, or the entire network, and can do credentialed scans for users looking for more detailed information.

SecureScan is cloud-based, so the installation of a connector from a Web browser to the TripWire cloud is required, but the tool makes that easy to do. After scanning, SecureScan produces vulnerability reports, risk scores and ID numbers so users can look further into any detected vulnerabilities.

CBT Nuggets

About CBT Nuggets:
CBT Nuggets creates online IT training on topics including network security, server administration and more. Train 24/7 from any device. Try CBT Nuggets with a seven-day free trial and train on a variety of topics, including Cisco security, Wireshark, Linux and more. Watch. Learn. Conquer.

About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Barker is also the author of numerous Cisco Press books and articles.

View All Videos

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Free in the same way as Micro$oft: there's something behind the curtain, like the limitation up to 100 IPs for free.
Cancel
Oh wow! It invites you to open up a tunnel from their servers into your network and then give them your local network credentials as well! At least you'll know how secure your network is after you've done that...
Cancel
3rd attempt:
Exactly my fears: JustLookin. and just how secure is that "connector" installing "a VPN" at the click of a button without knowing if is encrypted or what authentication authorization is in place? There are just TOOOO many security issues for use on anything other than a sandpit unless your gonna change everything after the scan.
Unless its a test to see how many peps will let unknowns into their network on offer of a free test.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close