Time
31 hours 29 minutes
Difficulty
Beginner
CEU/CPE
30

Video Description

Vulnerability Scanners This lesson covers vulnerability scanners. Vulnerability scanners are tools that allow us to check and audit devices on our network to see if there are any known weaknesses. Two vulnerability scanners are Nessus and Nmap. Nessus scans for known vulnerabilities and provides account and auditing. It is run on a scheduled scan cycle. Nmap conducts scanning to look for open ports and protocols, services running on ports and OS fingerprinting.

Video Transcription

00:04
next, we have our vulnerability scanners now vulnerability scanners are tools that we can use in order to check in check and audit our devices on our network to see if there are any known weaknesses on those devices. When we talk about, we talk about vulnerabilities and we talk about securities you may hear
00:23
what's the difference between a vulnerability and an exploit?
00:26
A vulnerability is a, ah, weakness and exploit is the is the tool that we're using to attack that weakness. So the vulnerability is the rusty chain link fence, and the exploit is the pair of wire cutters that were using to get through that chain link fence. So
00:44
our vulnerability scanners
00:46
aren't exploiting our systems. They aren't wire cutters. There, there, the guard that goes around and they look for rusty spots on our fence. So
00:56
we have two main vulnerability of scanners that we're gonna talk about for this particular Siri's this particular network, plus Siri's and that is necessary. And in map,
01:06
now, s nexus is sort of a
01:10
all in one,
01:11
just our only one tool for scanning for vulnerabilities on clients and will allow us to set it up. Select, which clients. We want to scan and then tell it to look for known vulnerabilities on this. These clients this may include not having certain security updates to our operating system.
01:26
This may include being installed with certain software that has known vulnerabilities in it that haven't been patched.
01:33
This makes should be checking for certain weaknesses and how we're passing authentication. Checking how certain weaknesses in service is that we have running service is our roles that we have on computers or our servers, and after it's done, it's going to provide us with some accounting. And auditing is gonna provide us with information that says, OK, here's your score
01:53
and here's where you're weak and here's the computers that you need to take a look at. And here's what you need to do to fix this
01:57
so necessary we can scan these scheduled scan cycles if we have a license for this. For our enterprise, we can set our scheduled scan cycles, will tell it to scan these particular computers, and then, as it does, that it will provide us back reports that we can look over and that we can fix the issues because if necessary, knows about them.
02:16
Then, more than likely, someone coming into our environment
02:20
to try to exploit our computers maliciously very easily could find them as well. If we can pop that, we can pop open messes and scan are our skin our network and it confined them than
02:30
it's very. It would be very easy for someone else to find come along and find those as well and exploit them.
02:36
And then we have in map.
02:38
The map is a little bit different than necessary because it
02:43
it allows us a lot more granular control over how we're scanning and what we're scanning It allows us to scan and look for things such as open, essentially weaken necessary are in map, can do everything from
02:57
scanning a network toe. Look for look for active I P addresses to scanning and seeing what service is air run running on particular port,
03:05
or what protocols are are currently open on a particular computer. So in map allows us to have many different types of scans that we can run. We can run a general scan that will look for I P addresses in a certain range. We can run a scan that will look for open ports or in use protocols
03:22
we can even we can make. We can have a more detailed scan that will actually try and fingerprint
03:27
do something called banner grabbing and actually see and determine what service and what version of a service or program is using a port. So then we would be able to determine if that service version is vulnerable to attack. And we can do something called OS fingerprinting, where we can actually determine what operating system is running on
03:46
a particular on a particular computer or on a particular i p address.
03:50
Just by running this in maps can. And just by using the type of requests and the type of the type of
03:57
packets that this in maps can sins to these clients.
04:01
Now we're talking about in that
04:05
we have a distinction between in map and compass, something called zin map in map is the actual in map engine that is, a command line, a command line engine that we would have to access, say, open up a command, prompt or open up a shell,
04:20
and actually type in commands and or to run this in map. It's the pint behind the same shell that we need to have installed on our computer.
04:28
Zin map is our graphical user interface. It's the user friendly version of in map. We're not typing in everything we're not adding. We're not manually doing all the were not mainly doing all the coding, manually, setting all of the different switches and manually setting all the options. We can do that through zin map,
04:46
and it will give us a une easier to see user graphical user interface.
04:51
So the distinction there between in map ends and that would be that graphical user in interface in Zinman, Butt's in map is still based off of thean map engine. It still needs in map as its back end.
05:04
And then we also have the in map scripting engine Thean map. Scripting engine is an engine which allows us to create scripts for zit in map and allows us to run scripts that can just iterating through I P addresses. Find the available find available I P addresses,
05:21
then on Lee Target those particular I P addresses. Search for those ports
05:26
seeing open ports on Lee. Search for those open ports, see if there's any service is performed banner grabbing. It allows us to have a very powerful control over how in Matt works and allows us to use in map very quickly and very powerful E.
05:41
But you do have to learn how the mat scripting works in map scripting engine works, and you need to learn how you're able to code it and how you can actually create the scripts to run in that in your particular environment, to scan for vulnerable vulnerabilities in your network.
05:58
So whether it's in map, then map or if you're using in map scripting engine, it's all based off of this in map application, which can do all of this OS fingerprinting, port scanning, banner grabbing and all these other actions to find vulnerabilities within our network.
06:15
But whether it's necessary or in map, you be aware that
06:19
depending on how we run our scans, they can cause ah, lot of network traffic. If we just took in map and told us to do a high intensity scan on every on every single I P address between 1 92.1 68 0.2192 dot 1 68 to 51 90 to 1 68 to 55 to 55
06:40
then are in maps skinning are in map. Service is just going to start iterating through all of that and doing intensive port scanning
06:46
on all of those I p addresses if it finds a computer there, so that's gonna create a lot of network traffic. It's going to create a ah lot of very suspicious network traffic if we're running an I d S r I P s. If we're not authorized to be running one of those scans on our network, don't.
07:02
Because those vulnerabilities scans will cause red alarm will cause red flags and alarms all over the place with our security team.
07:10
Because these scans are known vulnerability scans and are known to be used by malicious intruders as well thio in numerous a network and to see if they can find vulnerabilities in a network. So they're going to set off a lot of flags, however, amid delicious scanner, typically wouldn't come into a network
07:29
and be extremely loud and just threw a full intensity full on scan of every computer and our network
07:33
because that would very quickly be found. They'd be a little bit more quiet. They'd be a little bit more discreet. But there are still certain commands, and they're still certain packets that these two programs send out when they're trying to find vulnerabilities that can set set off flags and can cause problems
07:53
if we aren't authorized to be running these scans.

Up Next

CompTIA Network+

This CompTIA Network+ certification training provides you with the knowledge to begin a career in network administration. This online course teaches the skills needed to create, configure, manage, and troubleshoot wireless and wired networks.

Instructed By

Instructor Profile Image
Anthony Harris
Systems Analyst and Administrator at SAIC
Instructor