The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/810339
23 WWW.ILTANET.ORG BEST PRACTICES Vulnerability Scanning Best Practices Considering Outsourcing? If you decide to outsource vulnerability scanning, here are things to remember to make sure it's worth your investment: » Work with the vendor to create a clear, detailed service-level agreement that clarifies responsibilities for the engagement. Make sure the contract covers how your scan data will be stored and transmied. » During active scanning, make sure the vendor has a point of contact who can be reached immediately if there are issues. » Ensure that vulnerability scans are done regularly, such as quarterly. The vendor should be able to show you trends from quarter to quarter so the effectiveness of your vulnerability management program is measurable over time. P2P Here is an example of an Nmap scan you can run to figure out how many hosts on your network are responding to ping: nmap -sn 192.168.3.0/24 -n -oG - | awk '/Up$/{print $2}' » The -sn flag tells Nmap to do a ping sweep. » The 192.168.3.0/24 is my test network. » The -n flag disables DNS resolution to give the scan a speed boost. » The -oG flag creates an output report that is then piped to an awk command. All of this gives you a nice clean list of IP addresses like this: 192.168.3.1 192.168.3.20 192.168.3.253 192.168.3.254 You can copy this host list into a text file and save it as targets.txt. This will make it easier to run subsequent scans against just your live hosts instead of wasting time scanning empty IP space. Now try running these IPs through a more intense scan by combining the power of Nmap with the vast Exploit Database maintained by Offensive Security: nmap -p- -sV -oX output.xml -iL targets.txt; searchsploit --nmap output.xml » The -p- tells Nmap to scan all 65,535 ports. » The -sV triggers service detection. » The -oX tells Nmap to export the information into an output. xml file. » An executable called searchsploit parses the output.xml file and returns information on vulnerabilities that might match the discovered ports and services. When I ran this command in my test lab, I was informed that one of my hosts was running a vulnerable FTP server; the searchsploit output subsequently recommended several exploits I might use against the host using Metasploit penetration soware. P2P Develop a Vulnerability Management Program For vulnerability scanning to be of value to your organization, it needs to be part of an overall vulnerability management program. That program should include the assignment of assets to owners (a person or team ultimately responsible for the asset and its risk to the organization) and the prioritization of vulnerabilities and their associated remediation timelines. Once your program is up and running, documentation must be created and maintained on an ongoing basis so all the processes are measurable and repeatable. P2P EXAMPLE OF AN NMAP SCAN