VULNERABILTY TOOLS, ASSESSMENT AND THEIR EXPLOITATION AT UNIT LEVEL

Given time. the need for secure computing environments has become more pronounced. resources. monitoring. it is difficult to retain staffs who are experts in more than a few subject areas. is an effective means of thwarting most attempts at intrusion. Because most organizations are dynamic in nature. most organizations (as well as individual users) regard security as an afterthought. with workers accessing organizations IT resources locally and remotely. Routers help secure gateways to the Internet. The increased reliance on powerful. and budgetary concerns. productivity. the success of each of these technologies is dependent upon a number of variables. Intrusion detection systems warn you of malicious activity.INTRODUCTION 1. a cracker can break into nearly any system. such as the Internet. Firewalls help secure the edge of the network. (c) The ability of those responsible to keep constant vigilance over the network. all of the security procedures and technologies currently available cannot guarantee that any systems are safe from intrusion. Unfortunately. Proper security implementation is often enacted after an unauthorized intrusion has already occurred. it is often difficult to find expert resources for all of your systems. However. including: (a) The expertise of the staff responsible for configuring. While it is possible to have personnel knowledgeable in many areas of information security at a high level. a process that is overlooked in favor of increased power. Due to this complexity. (b) The ability to patch and update services and kernels quickly and efficiently. At the end of the day. Units have solicited the knowledge and skills of security experts to properly audit systems and tailor solutions to fit the operating requirements of the organization. securing organizational resources can be quite complex. Security experts agree that the right measures taken prior to connecting a site to an untrusted network. and motivation. Information security does not stand still. and maintaining the technologies. networked computers to help run organizations and keep track of our personal information. 2. Virtual Private Networks safely pass data in an encrypted stream. unit’s network or environment has been formed around the practice of network and computer security. it is . Given the dynamic state of data systems and technologies. This is mainly because each subject area of information security requires constant attention and focus. Therefore.

ASSETS INVENTORY 4. Vulnerability Management has been defined as the process of finding. and then remediate (fix) the vulnerabilities. (b) MANAGING INFORMATION DISSEMINATION. it makes sense to provide security awareness training around Vulnerability Management and Response plans. systems and environment’s vulnerability. Obtaining and maintaining an accurate asset inventory is a goal that many organizations never reach. In order to effectively manage vulnerabilities. . (c) ASSESSING RISK LEVEL OF ASSETS AND VULNERABILITIES. (e) TRACKING REMEDIATION AND REPORT STATUS. DEFINING THE SCOPE OF VULNERABILITY MANAGEMENT 3. The only way to properly secure a system is to first assess the existing vulnerabilities on each machine. evaluating and remediating vulnerabilities (existing exploitable weaknesses) on servers and workstations. In order for the process to be successful. evaluating and remediating is known as vulnerability management. organizations must expand upon these steps: (a) MAINTAINING AN ASSET INVENTORY. Vulnerability management provides a holistic solution to security threats by handling vulnerabilities throughout the entire lifecycle. Vulnerability assessment makes a organization know about its weaknesses and hence the use of tools to find out these vulnerabilities comes in play. To gain end user support. how are the systems and network engineering groups supposed to sift through security alerts and know which ones apply to them and which can be discarded. AND (f) PLANNING FOR RESPONSE. Without an asset inventory. each participating group has to assist in defining the goals and mission of the VM team and take ownership. Administrators should identify a single entity to hold responsible for inventory management to ensure consistency. This concept expands upon the previous best practices around vulnerability assessment as a standalone process. (d) PERFORMING VULNERABILITY ASSESSMENTS.essential for a administrator to know about the network. determine the degree of risk for each machine's vulnerability. This process of finding. Each step of the Vulnerability Management process should be documented and published to the teams who are involved. There are many organizations that lack an effective asset inventory.

Although we typically may think of the CSIRT as a function that only responds to emergencies. The second step towards true Vulnerability Management is managing the flow of new information into your organization. proper tools.Use an asset numbering scheme and use consistent abbreviations and notations when entering data . but never truly homogenized. the CSIRT can be responsible for “disseminating information that describes an intruder attack. Before undertaking the challenge of a network asset inventory. there are the issues of poor change management. and blurred network boundaries. . Currently.Update inventory management systems via change management processes. or hoax. According to the Carnegie CERT® Coordination Center.Organizations that are unwilling or unable to manage their networks will end up paying a higher cost in the long run when they cannot quickly find and patch their systems.Validate the inventory annually. intrusion alert. In addition to the new vulnerabilities that are discovered every day. . and assigned responsibility become the biggest obstacles to maintaining an accurate and up-to-date inventory. and providing any short term . their networks are typically joined together. Information Management 6. rogue servers. The CSIRT can be made up of staff from various teams who participate as one function of their other jobs. Managing today’s network environment poses many challenges. end users and support staff will need to know who to notify when something changes. As organizations merge with and absorb other institutions. there is a constant influx of information about new vulnerabilities. There are tools for any size Companies that can help teams track and manage their assets. that is not always the case. security vulnerability. and threats. It is important that part of your VM program involves the use of a Computer Security Incident Response Team (CSIRT). computer virus. viruses. This overwhelming amount of data can lead to confusion about where to begin. or of staff dedicated entirely to serving the CSIRT function. These challenges must be handled before an organization takes on the effort of network management. the first computer security incident response team. The lack of resources. worms. Best Practices 5. there are several best practices to keep in mind: -Establish a single point of authority for the inventory -Get the word out! If the process is being improved or is completely new.

Because the CSIRT will be challenged to consistently and continuously assess the threat level to the organization. This exercise is important since organizations have limited resources and time before new vulnerabilities are exploited. According to a survey “64% of attacks during the first six months of this year were aimed at vulnerabilities less than one year old.recommended course of action for dealing with the resulting problem”. Risk is determined by four basic elements: the threat. These reviews can be time consuming and may require a dedicated resource. Best Practices 7. In risk management. most of those. to provide a consistent “look” for CSIRT communications. they should create their own best practices and collect them from other organizations. the possible consequences of that threat if realized. virus activity. Before an organization can truly mitigate risk. CSIRTs can assess new vulnerabilities by reviewing the four basic elements of risk as it pertains to their organization. the 3 objectives are to preserve the confidentiality. Best practices can assist the CSIRT with quickly and effectively disseminating information and providing guidance to users. As a filter. the CSIRT can identify which vulnerabilities and threats are serious to your specific organization.39% percent--targeted security flaws that had been disclosed in the previous six months (Information Week). Risk Assessment 8. and other important security issues -Create incident response guidelines for employees discouraging them from responding to new security alerts and threats without guidance from CSIRT -Create a standardized alert format. Some best practices include: -Use a CSIRT mailing list and allow employees to subscribe to it -Use a CSIRT website to publish all advisories -Hold a daily conference call with the correct security teams and lines of business. and the extent of how confident you are that it will happen. integrity. . malicious activity. the probable frequency of said threat. and availability of information systems. Assigning risk levels allows companies to prioritize large amounts of work to a limited resource pool and still minimize the likelihood that a threat will be realized. its security team must assign a risk level to new vulnerabilities as they are announced. Review new vulnerabilities.

Risk Management team. Within the community of individuals who find and exploit vulnerabilities in systems and networks are several distinct groups. has the skills and intent of a white hat hacker in most situations but uses his knowledge for less than . Best practices should include: .Established and stringent change management process . They often rely on available cracking programs and exploit well known vulnerabilities in systems to uncover sensitive information for personal gain or to inflict damage on the target system or network.Documented processes for reviewing new vulnerabilities as they are announced and management support behind the team that will handle the function (i. The most prepared companies will face the challenge of risk level assignment by having documented information about their environments and established processes for handling new vulnerabilities. CSIRT. and patch levels) and network diagrams . (a) The white hat hacker is one who tests networks and systems to examine their performance and determine how vulnerable they are to intrusion. white hat hackers crack their own systems or the systems of a client who has specifically employed them for the purposes of security auditing. Academic researchers and professional security consultants are two examples of white hat hackers.e. (c) The gray hat hacker.Published risk ratings for vulnerabilities and definitions of those risk ratings (i. on the other hand.e.Defense-in-Depth documentation: the CSIRT should have a published “matrix” of each security tool deployed in the organization and their respective controls.) -Checklists to assist with consistent risk assignment . (b) A black hat hacker is synonymous with a cracker.Best Practices 9. In general. what does a High risk vulnerability mean to the general user public?) -Accurate and readily available asset inventories (See Step 1: Asset Inventory) (including the asset owners. Attackers and Vulnerabilities 10. etc. These groups are often described by the shade of hat that they "wear" when performing their security investigations and this shade is indicative of their intent. Usually. crackers are less focused on programming and the academic side of breaking into systems.

open local network vulnerable to the highly-insecure Internet is much like leaving a door ajar in a crimeridden neighborhood — nothing may happen for an arbitrary amount of time. (e) Regardless of the intent of the intruder. it may render the network completely useless or worse. (a) Broadcast Networks-System administrators often fail to realize the importance of networking hardware in their security schemes. Threats to Network Security 11. (d) Gray hat hackers typically subscribe to another form of the hacker ethic. In these situations. it is important to know the weaknesses a cracker may likely attempt to exploit.noble purposes on occasion. but eventually someone exploits the opportunity. This can be convenient as it is easier to manage and costs considerably less than multiple-server configurations. a centralized server introduces a single point of failure on the network. This method is the most vulnerable to address resolution protocol (arp) or media access control (MAC) address spoofing by both outside intruders and unauthorized users on local hosts. however. If the central server is compromised. However. A gray hat hacker can be thought of as a white hat hacker who wears a black hat at times to accomplish his own agenda. a central server becomes an open door which allows access to the entire network. . Simple hardware such as hubs and routers rely on the broadcast or non-switched principle. (b) Centralized Servers-Another potential networking pitfall is the use of centralized computing. that the act of breaking into a system is in itself unethical. that is. Leaving a trust-based. the hub or router sends a broadcast of the data packets until the recipient node receives and processes the data. A common cost-cutting measure for many businesses is to consolidate all services to a single powerful machine. which says it is acceptable to break into systems as long as the hacker does not commit theft or breach confidentiality. Insecure Architectures-A misconfigured network is a primary entry point for unauthorized users. Some would argue. whenever a node transmits data across the network to a recipient node. Bad practices when configuring the following aspects of a network can increase the risk of attack. The remainder of the chapter focuses on these issues. prone to data manipulation or theft.

However.com) or the Computer Emergency Response Team (CERT) website (http://www. This can cause unwanted services. or DNS. and possibly turned on. (a) Unused Services and Open Ports -Most server administrators do not opt to install every single package in the distribution. Having been in use in production environments for many years. If a server is compromised. including several server applications. constant bug tracking. (b) Unpatched Services . DHCP. A common occurrence among system administrators is to install the operating system without paying attention to what programs are actually being installed. it is up to system administrators to patch their systems promptly. preferring instead to install a base installation of packages. This is particularly true because crackers have access to these same vulnerability tracking services and will use the information to crack unpatched systems whenever they can. Server security is as important as network security because servers often hold a great deal of an organization's vital information. to run on a server or workstation without the administrator realizing it.cert. a potential pathway into the system for crackers. Although these mechanisms are an effective way of alerting the community to security vulnerabilities. such as Telnet. and proper system maintenance to ensure a more secure computing environment. there is no such thing as perfect software and there is always room for further refinement. newer software is often not as rigorously tested as one might expect.org).Most server applications that are included in a default installation are solid. configured with the default settings. their code has been thoroughly refined and many of the bugs have been found and fixed.securityfocus. The following sections detail some of the main issues. because of its recent arrival to production environments or because it may not be as popular as other server software. all of its contents may become available for the cracker to steal or manipulate at will. thoroughly tested pieces of software. Developers and system administrators often find exploitable bugs in server applications and publish the information on bug tracking and security-related websites such as the Bugtraq mailing list (http://www. Good system administration requires vigilance. This can be problematic because unneeded services may be installed. which in turn can cause unwanted traffic to the server or even. .Threats to Server Security 12. Moreover.

such services can also more easily fall prey to what the security industry terms the man-in-the-middle attack. In this type of attack."This applies as much too inexperienced administrators as it does to overconfident or motivated administrators. this assumption fails as soon as the service becomes available over the Internet — which is itself inherently untrusted. while others fail to watch log messages from the system kernel or network traffic. some databases have default administration passwords because the database developers assume that the system administrator changes these passwords immediately after installation. If packet sniffing software is monitoring traffic between the remote user and such a service usernames and passwords can be easily intercepted. a cracker redirects network traffic by tricking a cracked name server on the network to point to his machine instead of the intended server. Another common error is when default passwords or keys to services are left unchanged. One category of insecure network services is those that require unencrypted usernames and passwords for authentication. the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job. Some administrators fail to patch their servers and workstations. Inherently. In this way a cracker can gather administrative passwords and raw data without the server or the user realizing it. Once someone opens a remote session to the server. For instance. These are only a few examples of how inattentive administration can lead to compromised servers. For example. even an inexperienced cracker can use a widely-known default password to gain administrative privileges to the database. According to the System Administration Network and Security Institute (SANS). . sitting quietly between the remote service and the unsuspecting user capturing information. If a database administrator fails to change this password.Inattentive AdministrationAdministrators who fail to patch their systems are one of the greatest threats to server security. Inherently Insecure Services Even the most vigilant organization can fall victim to vulnerabilities if the network services they choose are inherently insecure. Telnet and FTP are two such services. however. there are many services developed under the assumption that they are used over trusted networks. the attacker's machine acts as an invisible conduit.

Workstations can also be co-opted without the user's knowledge and used by attackers as "slave" machines in coordinated attacks. but since they often contain sensitive data. For instance. such as credit card information. but it is up to the user to keep track of what applications have such vulnerabilities and update them as necessary.Threats to Workstation and Home PC Security 13. For instance. refer Army Cyber Security Policy. such as SSH. Workstations and home PCs may not be as prone to attack as networks or servers.1 SSH clients are vulnerable to an Xforwarding attack from malicious SSH servers.Even when using secure protocols. recovering from data theft. if the server offers Telnet or FTP services over a public network. an attacker can capture the plain text usernames and passwords as they pass over the network. (a)Bad Passwords Bad passwords are one of the easiest ways for an attacker to gain access to a system. knowing the vulnerabilities of a workstation can save users the headache of reinstalling the operating system. . they are targeted by system crackers. This problem was fixed in the v. (b)Vulnerable Client Applications Although an administrator may have a fully secure and patched server that does not mean remote users are secure when accessing it. For these reasons. a remote user may be vulnerable to certain attacks if they do not keep their client applications updated. For more on how to avoid common pitfalls when creating a password. The VA team functions as the ‘ethical’ hacker and attempts to find and fix vulnerabilities before a malicious hacker does.2 SSH protocol. and then use the account information to access the remote user's workstation. the attacker can quietly capture any keystrokes and mouse clicks made by the client over the network. It is crucial for organizations to identify vulnerable systems quickly and accurately. Vulnerability Assessment (VA) is the process of identifying vulnerable assets. or worse. v. Vulnerability Assessment 14. Once connected to the server.

medium. This same concept applies to systems. servers. you would likely check each door to your home to see if they are closed and locked. and more. data is corrupted. and motivations and you can then react swiftly to their actions. systems are breached. applications. exploits and bugs are a certainty. where the findings are classified into categories of high. and it is inevitable that adverse incidents occur. Now imagine trying to keep current with each of these. network monitors. and service is interrupted. the results of which indicate the confidentiality. Typically. Malicious users are the thieves and vandals of your data. You see what a cracker sees — publicly-routable IP . This phase leads to the system readiness phase. The readiness phase culminates in the reporting phase. whereby the target is essentially checked for all known vulnerabilities. and availability of your network. and data. intrusion detection systems. during which important data regarding the target systems and resources is gathered. networks. networks. making sure that they closed completely and latch correctly. A vulnerability assessment is an internal audit of your network and system security.(a)Thinking Like the Enemy Networks are commonly comprised of operating systems. Given the complexity of today's software and networking environments. Combine the expertise requirements with the task of keeping current. You would also check every window. Being external to your company provides you with the cracker's viewpoint. integrity. (b) Defining Assessment and Testing Vulnerability assessments may be broken down into one of two types: Outside looking in and inside looking around. Keeping current with patches and updates for an entire network can prove to be a daunting task in a large organization with heterogeneous systems. When performing an outside looking in vulnerability assessment. mentality. and low risk. you are attempting to compromise your systems from the outside. and methods for improving the security (or mitigating the risk of vulnerability) of the target are discussed. Preventative vulnerability assessments against your own systems and network resources can reveal potential issues that can be addressed before a cracker exploits it. Focus on their tools. vulnerability assessment starts with a reconnaissance phase. firewalls. To expand security technologies and aid in protecting systems. you must think like a cracker and gauge the security of your systems by checking for weaknesses. If you were to perform a vulnerability assessment of your home. and electronic data.

Now that the difference between a vulnerability assessment and a penetration test is defined.addresses. This is the viewpoint you and your co-workers have once logged on to your systems. Take any of the assessment tools currently available. the tool may not find vulnerabilities that actually do exist (false negative). both information and physical. and more. The information gleaned from the assessment is used for testing. DMZ stands for "demilitarized zone". which can turn up false positives and false negatives. Very little is done to secure the internals of the organization (such as departmental firewalls. Typically. Assessing network infrastructure is a dynamic process. Security administrators are only as good as the tools they use and the knowledge they retain. databases. Performing an assessment shows an overview. user-level access controls. take the findings of the assessment and review them carefully before conducting a penetration test as part of your new best practices approach. Whether by program fault or user error. Being internal to your company gives you elevated privileges more so than any outsider. There are striking distinctions between these two types of vulnerability assessments. the penetration testing actually attempts to exploit the findings. such as the public Internet. The tool may find vulnerabilities which in reality do not exist (false positive). The systems and resources available to you externally are usually very limited. run them against your system. the result is the same. even worse. is dynamic. file servers. and other resources. FTP servers. and more). the assessment is checking for holes and potential vulnerabilities. or. Typically. the DMZ contains devices accessible to Internet traffic. there are many more resources when looking around inside as most systems are internal to a company. Think of a vulnerability assessment as the first step to a penetration test. . such as a corporate private LAN. SMTP (e-mail) servers and DNS servers. and it is almost a guarantee that there are some false positives. security is configured in such a manner as to keep intruders out. you immediately are given an untrusted status. Security. Consider the difference between vulnerability assessments and penetration tests. Once you set yourself outside of the company. systems on your DMZ. Still today in most organizations. external interfaces of your firewall. You see print servers. which corresponds to a computer or small sub network that sits between a trusted internal network. and an untrusted external network. you are somewhat at an advantage since you are internal and your status is elevated to trusted. such as Web (HTTP) servers. authentication procedures for internal resources. Whereas. When you perform an inside looking around vulnerability assessment.

common sense and best practices can act as a sufficient guide. Additionally. noting the strengths and weaknesses of each.Establishing a Methodology To aid in the selection of tools for a vulnerability assessment. Performing vulnerability assessments can be a time consuming and tedious process. Review the README file or man page for the tool. Finding the right tools may be a daunting task and in the end. Evaluating the Tools An assessment can start by using some form of an information gathering tool. If you don’t have one. If possible. or even mailing lists specific to a tool. What is the target? Are we looking at one server. Some things to remember: (a) Always start with an asset inventory. Knowing which tools to use may be the most crucial step in finding vulnerabilities. others are not. there is no predefined or industry approved methodology at this time. make one using nmap to scan your network. This concept applies to performing vulnerability assessments as well. When assessing the entire network. Once located. . There are tools specific to operating systems. applications. map the layout first to find the hosts that are running. there are many different tools that perform the same job. or are we looking at our entire network and everything within the network? Are we external or internal to the company? The answers to these questions are important as they help determine not only which tools to select but also the manner in which they are used. and even networks (based on the protocols used). however. Best Practices 15. Unfortunately. examine each host individually. while others are cryptic and poorly documented but have features that other tools do not. look to the Internet for more information. it is helpful to establish a vulnerability assessment methodology. Focusing on these hosts requires another set of tools. such as articles. Just as in any aspect of everyday life. set up a test lab and try out as many tools as you can. VA teams can look to others in the security community for best practices and formulate their own from experience. Some tools are free. step-by-step guides. Some tools are intuitive and easy to use. experience counts.

(b) Get permission and change control to run your scans. Vulnerability tools help you find or discover any vulnerability your system. A port scanner is a software application designed to probe a server or host for open ports. and can used by a hacker. and potential service disruptions. which can be used by hackers for malicious purposes. in case you cause a network disruption. (c) Test new checks in a lab to identify any false positives. Port scanners 17. (d) Vulnerability Scanners. VULNERABILITY TOOLS AND THEIR EXPLOITATION AT UNIT LEVEL 16. (c) Network Mappers. Nessus is a full- . computer systems. false negatives. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it. (d) Create custom policies by OS or by industry standard (SANS Top 20. Types of Vulnerability tools: (a) Port scanners. (b) Packet Analyzers. and document how you choose to proceed in a standard Operating procedure. networks or applications for weaknesses. It tells which all ports and services are opened and not in use. Vulnerability Tools are a computer programs designed to assess computers. network or organization has. The most commonly used is NESSUS. Windows Top 10 Vulnerabilities) and specific to your environment (e)Identify what scanning methods and operating procedures are best for your organization.

host scanning. Monitor data-in-motion.service security scanner. Nessus is only as good as the signature database it relies upon. Monitor WAN bandwidth utilization. or for particular types of networks. the sniffer captures each packet and. Gain information for effecting a network intrusion. and analyzes its content according to the appropriate RFC or other specifications. Detect network misuse by internal and external users. even in a tool as powerful and as frequently updated as Nessus. Scoop etc. Detect network intrusion attempts. Monitor network usage (including internal and external users and systems). Isolate exploited systems. showing the values of various fields in the packet. and real-time vulnerability searches. Nessus is frequently updated and features full reporting. decodes the packet's raw data. protocol analyzer or sniffer. . Remember that there could be false positives and false negatives. Monitor WAN and endpoint security status. Documenting regulatory compliance through logging all perimeter and endpoint traffic. Most common used are Capsa. Packet analyzers 18. dSNIFF. A packet analyzer (also known as a network analyzer. Serve as primary data source for day-to-day network monitoring and management. an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. Filter suspect content from network traffic. As with any scanner. Gather and report network statistics. As data streams flow across the network. The plug-in architecture of Nessus allows users to customize it for their systems and networks. Fortunately.The versatility of packet sniffers means they can be used to: • • • • • • • • • • • • • Analyze network problems. if needed.

Nmap is a competent first step in vulnerability assessment. Administrators can use Nmap on a network to find host systems and open ports on those systems. It generates a network map. You can map out all the hosts within your network and even pass an option that allows Nmap to attempt to identify the operating system running on a particular host. proxy). Vulnerability scanners are a core technology component of vulnerability management. Verify adds. computer systems. access control. moves and changes. There are a number of types of vulnerability scanners available today. which speeds up accessing to remote hosts' properties and resources. and monitor their state. A vulnerability scanner is a computer program designed to assess computers. Scan your network. Nikto is an excellent common gateway interface (CGI) script scanner. Nmap has been available for many years and is probably the most often used tool when gathering information. Network Mapper 19.• • • • • • Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use). Reverse engineer proprietary protocols used over the network. Spam filter. While functionality varies between different types of vulnerability scanners. Verify internal control system effectiveness (firewalls. core purpose of enumerating the vulnerabilities present in one or more targets. It comes with thorough documentation which should be carefully reviewed prior to running the program. so as to elude intrusion detection systems. find hosts. Debug network protocol implementations. place them on a network diagram. Nmap is a popular tool used to determine the layout of a network. If you have Web . networks or applications for weaknesses. Vulnerability Scanners 20. Most commonly used are nikto. and managing those. they share a common. distinguished from one another by a focus on particular targets. Vlad. Nmap is a good foundation for establishing a policy of using secure services and stopping unused services. An excellent man page is included that provides a detailed description of its options and usage. Web filter. Debug client/server communications. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner.

For that a unit requires to buy or procure these tools. A unit’s network administrator should be a nodal agency for loading. HOW TO EXPLOIT THESE TOOLS 21. Benefits of these vulnerability assessment and tools are: (a) Creates proactive focus on information security. management and system administrators will not understand the organization’s security posture.servers serving up CGI scripts. Hence no one should use these tools without his permission or his physical presence. (b) Finds potential exploits before crackers find them. with honest evaluations and prioritizations of each. Once the people in an environment learn how to go about it they can work effectively and can inform the administrator about any changes they see or notice. locating the hosts and finding the weaknesses of network which can compromise the security of unit as a whole. and production could be negatively affected by the loads the tests place on the systems. Reporting also gives management something tangible to associate with the vulnerability and a way to measure successes and failures. Not all systems react same to a vulnerability testing. As mentioned earlier these tools do a wonderful job of finding the vulnerabilities. many are free but few are quite expensive. and who should be held responsible. Nikto can be an excellent resource for checking the security of these servers. what remains unfixed. Remediation tracking brings Vulnerability Management full circle. identify as many as vulnerabilities as possible. Hence making the job of administrator easier and securing the environment. But the main task lies in evaluating the true security of an environment. Effective reporting is critical because without it. (e) Abates financial loss and negative publicity. Vulnerable systems could be knocked offline by some of the tests. (c) Results in systems being kept up to date and patched. With . using and testing these tools. But if a unit requires having its network secure it has to have the knowledge of what all vulnerabilities your network or systems have. A very important aspect which comes here is the reporting procedure. (d) Promotes growth and aids in developing staff expertise. These tools are easily available on internet. mapping the network.

systems and other devices.organizations increasingly at risk from unresolved vulnerabilities identified by assessments. remediation is the key to enabling enterprises to quickly 'cover their assets”. secure and adaptable for new users. it seems pointless to even find the vulnerabilities. the reporting system keeps the remediation tracking easy. CONCLUSION: 22. Hence making a environment more efficient. It can secure the unit’s network. If vulnerable hosts are not tracked to remediation. . The well defined rules and regulations on duties and usage of unit’s network and other assets make all users aware of new techniques. Hence these vulnerability assessment tools in our environment prove to be of great benefit. These tools help us know these vulnerabilities in time and remediation tracking can be done thereafter effectively.