Utilizing a Network Scanner – Best Practices
Your auditor, your boss, or maybe that great book on security you just read, has you thinking you want to use a network scanner to help with the security on your network, but you’re just not really sure where to begin. Take heart, in this article we will go over what you need to know to get started with a network scanner, and to get the most out of your new software.
First up, install your software on a server, or a desktop that stays in the office. You are going to run scheduled scans overnight, and you don’t want to have to leave your laptop in the office overnight, or run intense scans over a VPN.
When you have your software installed, the first thing you will want to do is run an automatic discovery. You can configure your network scanner to scan all your subnets, query Active Directory for a list of domain member machines, or both. You will definitely want to add the IP address ranges for your DMZs and any hosted servers so you get a picture of all systems, not just the ones on the “inside”.
Your network scanner will report on all the systems that it discovered, and list any vulnerabilities found. Sort this list by criticality so you can see the machines that require immediate attention. If you have any really critical issues, you want to resolve them before you spend any more time playing with your new network scanner. Once those are taken care of, with most network scanners, you can create categories of system – domain controller, file server, web server, etc. Network scanners make a good go of sorting your servers, but expect to do some manual work, especially for any servers that are multipurpose or have a web interface to an application they are running.
By sorting your servers and workstations into categories, you can perform scheduled scans on a class of system, and set up specific tests to run to make your scans more efficient. For example, it wastes time to scan IIS servers for Apache vulnerabilities, and by categorizing your servers, you can customize your scans.
With your critical vulnerabilities addressed, and your systems sorted, it’s time to really get the most out of your network scanner. Schedule regular scans on the different categories of system, and compare any differences from one scan to the next. With regular updates to your network scanner, these scheduled scans can do two things; they can highlight newly discovered vulnerabilities and they can identify changes on your network. Both are invaluable for making sure policies and procedures are being followed and to assist with compliance.
The best network scanner solutions can do more than scan; they can remediate. Whether that is patching operating systems or third party applications, running software and hardware inventories, or sending out regular reports on your security posture and any newly discovered vulnerabilities, you should use your network scanner as an around the clock, always on watch protection mechanism for your network. That is the best way to use a network scanner, and will provide you the maximum protection for your environment.
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. See how you can benefit from using a network scanner: http://www.gfi.com/network-security-vulnerability-scanner
All product and company names herein may be trademarks of their respective owners.