Drawing Network Diagrams 119
Vulnerability Scanning
So how do you find all the vulnerabilities that exist in an environment, especially with
the ever increasing complexity of technologies? Well, many techniques can help you, some
of them manual or scripted in nature (many of which we have already discussed), but
automated tools such as vulnerability scanners are also available.
Vulnerability scanners are a special type of automated utility designed to identify
problems and holes in operating systems and applications. This is done by checking coding,
ports, variables, banners, and many other potential problem areas. A vulnerability scanner
is intended to be used by potential victims to find out if there is a possibility of being
successfully attacked and what needs to be fixed to remove the vulnerability. Although
vulnerability scanners are usually used to check software applications, they also can check
entire operating environments, including networks and virtual machines.
Vulnerability scanners can be a great asset, but there are drawbacks. The scanners are
designed to look for a specific group of known issues, and if they don’t find those issues
then they may leave the false impression that there are no problems. Therefore, it is wise to
verify the results of these applications using all the techniques discussed in this text.
Although a vulnerability scanner is made for legitimate users who want
to ensure their computer or network is safe, attackers may also choose to
employ such programs for their interests too. By running a vulnerability
scan, an attacker can find out exactly what areas of the network are easy to
penetrate.Vulnerability scanners are mentioned here only to talk about them in context with the
other scanning techniques. Much like Nmap there are popular vulnerability scanners in the
form of Nessus, Rapid7, Retina, and a few others.
Drawing Network Diagrams
Once you have ascertained the network environment and have figured out live IPs and
services, you can now start mapping the network. This phase is designed to help you fully
visualize the network environment and start getting a clearer picture of what the network
looks like. With this information in hand, you can clearly see holes and deficiencies that
can be exploited.
Network mapping can give you an easy-to-look-at picture of the target
environment, but don’t assume that everything will necessarily show
up in that picture. Due to filtering of routers and firewalls, it is possible
that some scans may fail or return results that the scanner itself doesn’t
understand.