Information Technology Reference
In-Depth Information
Here are some tools used for vulnerability scanning:
Nessus is designed to automate the testing and discovery of known vulnerabilities.
Nessus is an open source tool that runs on various operating systems, including
Linux, UNIX and Microsoft Windows-based operating systems.
SAINT (Security Administrator's Integrated Network Tool) is a vulnerability-
assessment application that runs on Linux/UNIX hosts.
MBSA (Microsoft Baseline Security Analyzer) is used to scan systems and identify
whether patches are missing for Windows products such as operating systems, Inter-
net Information Services (IIS), Structured Query Language (SQL), Exchange Server,
Internet Explorer, Media Player, and Microsoft Office applications. MBSA also alerts
you if it finds any known security vulnerabilities such as weak or missing passwords
and other common security issues.
The MBSA security report in Figure 12-2 displays several security issues on this host.
There are some user account passwords with blank or missing passwords, Windows hot-
fixes missing, and some hard disks that are not using NTFS file systems.
Figure 12-2
MBSA: Security Report
Unauthorized Access
Another threat that you need to be concerned with is attackers gaining access. Hackers
use several techniques to gain system access. One approach is when unauthorized people
use usernames and passwords to escalate the account's privilege levels. Furthermore, some
system user accounts have default administrative username and password pairings that are
common knowledge, which makes them very unsecure. Trust relationships between sys-
tems and applications are another way unauthorized access takes place.
Unauthorized access is also obtained through the use of social engineering (the practice
 
Search WWH ::




Custom Search