This is a pretty good article about the "gotchas" around vulnerability scanning. Its not as simple as firing up a scanner and have it comb your company's entire class A subnet.
Here are the things I look out for when performing vulnerability scans on the organziation:
- legacy hardware/software, such as mainframes, miniframes - I've tipped over some mainframe programs with nessus, back in the day
- small software/hardware vendors - I've tipped over a database High Availability solution before with nessus
- sizing of network connections and the size of your scan - don't saturate your network links
- choose a maintenenace window or an off-production time to run scans
- make sure you notify people that you're scanning
- don't assume that your scan won't be noticed
- don't assume that your scan won't cause an issue
- people like to be notified should they notice something odd
- make sure that people are available, should you knock something over, and/or test the system once your scan is done to ensure that the services come back or are still functioning appropriately
Chris
LABrat.com
No comments:
Post a Comment