1. Vulnerability Scanning at NU Robert Vance NUIT-Telecom & Network Services

2. Outline Scanning Review Tool Discussion The NU Scanning Service Scanning Limitations Futures

3. Quick Scanning Overview What is scanning? –System Reconnaissance –Achieved via Observable Protocol and Application Characteristics –Port Scanning vs Vulnerablity Scanning Why is it done? –good: Detect and protect exposed systems –bad: No faster way to spread malware

4. The Tools Port Scanners –nmap http://www.insecure.org/nmap Vulnerability Scanners –Nessus http://www.nessus.org –NeWT http://www.tenablesecurity.com/ –Retina http://www.eeye.com/ –ISS http://www.iss.net

5. The Idea The fundamental idea behind vulnerability scanning is to identify and then fix system weaknesses before miscreants use those weaknesses against us.

6. Vulnerability Scanning Service Handpicked Nessus Plugins Loop through the NU Address Space Import failed Scan Results into NUSA or NetPass and Repeat

7. Scanning Limitations Firewalls Other Visibility Limitations False Positives Scanning only gets you so far...

8. Possible Futures On Demand Scanning Host Based Agents Stateful Firewalls Everywhere