What is Vulnerability Scanning
Vulnerability scanning is the second level of countermeasures in a defence in depth after a firewall. Even with a firewall blocking some malicious traffic a server providing online services must be connected to the internet and must interact with traffic from the internet. Unfortunately, a percentage of that traffic is malicious and will attempt to find a means to gain unauthorised access to the server. What these hackers are looking for are ways to exploit of out-of-date software containing bugs or server mis-configurations of the software that interacts with the internet traffic.
How does it work?
Memset Vulnerability Scanning does exactly what the hackers are doing, our self-hosted F-Secure Radar scanners will audit the server by probing all open network ports to determine exactly what programs are accepting network connections and compare how they are configured and analyse the configuration of your servers for security vulnerabilities based on signatures for all known (Public) vulnerabilities, including those produced by F-Secure’s own in-house security research organisation, F-Secure Labs.
Our Vulnerability Management (Powered by F-Secure Radar) has the advantage in that we can perform thousands of highly detailed checks and compares them to an exhaustive database of known issues for an extremely detailed analysis and threat report of the server. Whereas generally, a hacker must perform their scan stealthily and only for a limited number of cases as they cannot make their presence known so as to avoid the risk of being detected and blocked.
An example of the sort of information that is collected and analysed is the header information that is often provided by a webserver. Webservers can, and should, be configured to not provide any information regarding what they are and their version, however, sometimes through mis-configuration they do. The following is provided by a well known website:
Connecting to microsoft.com (microsoft.com)|184.108.40.206|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Cache-Control: private Content-Length: 96638 Content-Type: text/html Server: Microsoft-IIS/8.5 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" CorrelationId: 492bf382-a61d-4cd6-8cae-76fb114208f3 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true X-Powered-By: ARR/2.5 X-Powered-By: ASP.NET Date: Tue, 08 Jul 2014 21:54:19 GMT Length: 96638 (94K) [text/html]
Although there is a lot of information in this response the webserver has disclosed that it is running Microsoft IIS 8.5 and employing ASP 4.0.30319. Should a vulnerability be discovered in either of those versions this information can be used by a hacker to target the server. Our Vulnerability Management proactively scans for this sort of information disclosure and will flag it as an issue as soon as it is discovered.
What is your Attack Surface?
Your attack surface is the sum of your organisation IT risk exposure. It crosses all network infrastructure, software, and web applications internally and in the global Internet, and includes an understanding of all points of interaction.
F-Secure Radar identifies where your organisation's assets are vulnerable, allowing you to minimise your attack surface to reduce risk. Including, identifying security vulnerabilities associated with configuration errors, improper patch management, implementation oversights and more.
What is a Zero-Day?
Zero-days, or 0-day vulnerabilities are vulnerabilities that are known, either to malicious actors or to the general public, that have not currently been patched by the vendor or maintainer.
F-Secure Radar helps you mitigate the risk of 0-days by highlighting their presence on your infrastructure as soon as the signatures are released. Allowing you to implement mitigating controls and plan for timely patching once patches have been made available.
What is an Exploit?
Exploits, otherwise known as 'attacks in the wild' indicate when applications or code that can take advantage of a vulnerability are present on your infrastructure to cause a security incident. Exploits in the wild are often rapidly built into automated attack frameworks such as metasploit, allowing them to be used at scale with little skill or training on the part of the attackers. Vulnerabilities with exploit code available can be extremely dangerous.
F-Secure Radar highlights when vulnerabilities discovered on your infrastructure have known exploit code, allowing you to prioritise patching or mitigation for these issues.