December 2, 2016

3 Reasons Why Your Organization Needs a Network Scanner

A network scanner is a somewhat vague term. While it is easy to answer questions such as “what does a patch manager do?”, the same cannot be said of a network scanner. The main reason for this is that a network scanner, unlike a patch manager, is not designed to perform a single function. In general, a network scanner can perform a series of different tasks and checks to ensure that your network is secure against all known vulnerabilities as well as to make sure that it is configured in a secure way.

GFI LanGuard 2012 Dashboard

This is all well and good, but at the end of the day, why do you need a network scanner?

1. To ensure your software is configured securely:

An administrator’s life can be quite demanding at times. It is not enough for an administrator to make sure that any software deployed on the network works as it should but s/he also needs to make sure that this software is configured securely in a way that makes it quite hard for others to exploit.

I cannot stress enough this point. Consider a mail server, for example, that allows relaying from any source. Such a mail server would be seen as working correctly. Any person on your network would be able to send and receive emails without any issues. In fact, in terms of functionality there are no issues.

However, a mail server which relays messages from any source is prone to be discovered by spammers and it is quite likely that they will exploit it to run massive spam campaigns through it. This will lead to a severely degraded performance as your bandwidth would be flooded with spam. Moreover, such activity could get the organization into trouble, your server blacklisted internationally and your company labelled a spammer. This is why a securely configured server is a must.

2. Ensuring there are no unnecessary services or applications:

Every service or application that runs on a system is a potential security risk. One can never be absolutely sure that a service or application is not exploitable. The solution is to avoid running unnecessary services or applications and to do so you have to identify what these are.

While one can manually do a software inventory periodically, using a good network scanner will allow the administrator to do so accurately on a daily basis and be a lot more proactive.

3. Removing unused user accounts and open shares:

User accounts that are no longer required should be deleted at once. They can easily be exploited by their former owners when they leave the company especially if they were fired or they left on bad terms and hold a grudge against the organization.

Deleting accounts as soon as people leave the company is a good practice but is not always enough. Employees with a grudge might have created new user accounts on a number of systems, even more so nowadays when you can deploy virtual machines so easily. Apart from sending out alerts when new user accounts are created, a network scanner can be set to notify the administrator when an account has not been used for a long period of time.

Open shares are also common vectors used to spread malware. A good network scanner can periodically look for such unauthorized shares saving administrators from having to do lengthy inventories in order to maintain network integrity.

There are other reasons why you should be using a network scanner. For instance, to identify vulnerabilities that are hard to find manually. You can regularly monitor the network, automatically carry out audits that otherwise would take ages to complete manually.

What is important is that issues are discovered today and not in a month’s time or when something goes wrong. That is the difference between a safe network and one at risk of being exploited and compromised.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

The Top Nine Best Practices for Network Scanning

(LiveHacking.Com) — Systems admins and security personnel looking to get the most out of their network scanners want to make sure they are using their tools in the right way. Follow these nine best practices for network scanning, and you’ll get the best bang for your buck out of your network scanner.

1. Update regularly

Generating general network reports

Generating general network reports (Source: gfi.com)

A network scanner helps you to find when your systems are out of date, and with new vulnerabilities discovered regularly, it is critical that you update your scanner each time you go to use it. Either set up a process to check for updates daily, or run the update process each time you go to perform a scan.

2. Scan early, often, and on a schedule
Using a network scanner should be a regular part of your systems security and maintenance. You should scan early in the deployment of any new system, and scan your entire network on a regular basis, not just when someone reads about a new vulnerability. By the time a new vulnerability makes it into the press, the bad guys already know about and are attempting to exploit it.

3. Scan new systems before they go into production
You want to make sure a system is fully up-to-date before it goes into production, so you can patch it as necessary. Once it is in production change control will apply.

4. Scan everything
Scanning a subset of systems may be quicker, but scanning your entire IP range makes sure you catch everything, including those rogue systems that someone deployed outside of your normal processes.

5. Scan internally
Whether the threat is a malicious user, a worm, or just someone with too much curiosity, don’t assume your firewalls will protect your internal systems. Scan everything you have internally to make sure all systems are up-to-date.

6. Scan externally
Attackers are scanning your external networks regularly. See what they see by scanning your systems from an external network so you know exactly what is accessible to the rest of the world.

7. Check those deltas
When you perform regular scans, you can see what changes over time. Investigate any deltas between one scan and the next to confirm that any changes were appropriate and authorized.

8. Share the results
Too many companies keep the security scans a closely guarded secret. I don’t suggest you publish the results on your website, but make sure that all the admins are aware that you are scanning, see what you find, and know where their systems stand.

9. Remediate what the scanner finds
Using your network scanner to find vulnerabilities is only half the task; you must remediate what the scanner finds. Make sure that senior management understands the results of the scan, and makes remediation a priority.

Follow these nine best practices for network scanning to get the best use of your network scanner. Don’t underestimate the importance of that first step. New vulnerabilities are discovered regularly, and checking your systems with an outdated scanner is as bad as running with outdated virus definitions. The sense of false confidence can lead to disaster. Maintain your network scanner like the fine tool it is, and you’ll get years of great use out of it, helping maintain secure and updated systems.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.