Wednesday, October 5, 2011

VA-Scanner vulnerability assessment (VA)

  • nmap

Nmap Free Security Scanner For Network Exploration & Hacking

http://nmap.org/

  • Closed Port: If you send a SYN to a closed port, it will respond back with a RST.
Filtered Port: Presumably, the host is behind some sort of firewall. Here, the packet is simply dropped and you receive no response (not even a RST).
Open Port: If you send a SYN to an open port, you would expect to receive SYN/ACK.

http://www.madhur.co.in/blog/2011/09/18/filteredclosed.html

  • The six port states recognized by Nmap

open
An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network


closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable.Administrators may want to consider blocking such ports with a firewall

filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically

https://nmap.org/book/man-port-scanning-basics.html
  • Metasploit integrates with Nexpose to verify vulnerabilities
https://www.metasploit.com/
  • Microsoft Baseline Security Analyzer 2.3
The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations.,
https://docs.microsoft.com/en-us/windows/security/threat-protection/mbsa-removal-and-guidance


  • Nessus is the most trusted vulnerability scanning platform for auditors and security analysts. Users can schedule scans across multiple scanners, use wizards to easily and quickly create policies, schedule scans and send results via email.
http://www.tenable.com/products/nessus/select-your-operating-system#tos 


  • Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux/Unix-based systems.

https://cisofy.com/lynis/

No comments:

Post a Comment