Abstract

This chapter explains and demonstrates several tools available for performing vulnerability assessments. A vulnerability assessment tool probes a system for a specific condition that represents vulnerability. Some tools operate by using an agent, which is a piece of software that must run on every system to be scanned; other tools operate without the use of agents, and some use a combination of the two configurations. The architecture of the scanning engines, agents, and systems vary from product to product, but it is the architecture that affects overall scanning performance. A good vulnerability assessment tool possesses low rate of false positives, zero false negatives, concise and complete checks database credentialed checks, noncredentialed checks, low network traffic impact, and enterprise scalability. By creating logical groups of hosts based on department or even physical location, one can effectively approach scanning larger networks by section instead of trying to scan and deal with data from a mass scan. Most vulnerability assessment tools offer remediation advice. The entire point of a vulnerability assessment tool is to identify vulnerabilities so that they can be remediated.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call