![]() ![]() It is essential that the tool chosen for vulnerability assessment within the industrial networks is capable of identifying vulnerabilities for the targeted hosts. It was mentioned earlier that the number of vulnerabilities disclosed targeting ICS and industrial network components is growing. The ability to detect vulnerabilities can vary widely from product to product, as the vulnerability databases are managed by the application and not a common repository. These applications are designed to identify vulnerabilities that may exist within a target by comparing these hosts against a database of known vulnerabilities. ![]() Tenable Nessus, Qualys Guard, Rapid7 Nexpose, Core Impact, SAINT scanner) products available. There are a variety of both open-sourced (e.g. Vulnerability scanners form the next major type of commonly used network security scanners. Knapp, Joel Thomas Langill, in Industrial Network Security (Second Edition), 2015 Vulnerability Scanners While most vulnerability scanners are a form of protection, to the extent they detect modification of system files, they can be considered a detection tool. ![]() For example, Tripwire detects if monitored files change and alert the administrators of a potential compromise. There are some tools that look for changes in systems and critical system files, which can indicate a system compromise. There are also vulnerability scanners that run on individual systems and can do an extra level of scanning to find vulnerabilities that can be exploited by someone with system accesses. There are managed services available, such as Qualys and Tenable, that perform regular scanning. They can detect the vulnerabilities that are exploitable by network-based attacks. There are network-based vulnerability scanners that scan systems that sit on a network. ![]() Depending upon the access of the vulnerability scanner, it can also potentially find configuration errors, such as improper file sharing and similar issues. In other words, they look for software versions that have known bugs. They look for outdated components of operating systems and applications that are known to have security vulnerabilities. Vulnerability scanners scan systems for known vulnerabilities. Ira Winkler, Araceli Treu Gomes, in Advanced Persistent Security, 2017 Vulnerability Scanners ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |