Ethical hacking tools and techniques: Vulnerability scanning

In this portion of a tip on network penetration testing and ethical hacking tools and techniques, security consultants and value-added resellers (VARs) will learn about vulnerability scanning.

This Content Component encountered an error

Vulnerability scanners allow you to connect to a target system and check for such vulnerabilities as configuration errors and system vulnerabilities. A popular vulnerability scanner is the freely available open source tool Nessus. Nessus is an extremely powerful network scanner that can be configured to run a variety of scans. While a Windows graphical front-end is available, the core Nessus product requires Linux to run.

 

Microsoft's Baseline Security Analyzer is a free Windows vulnerability scanner. MBSA can be used to detect security configuration errors on local computers or remotely across a network, and is now in its second release. It does have some issues with Windows Update, however, and can't always tell if a patch has been installed.

Popular commercial vulnerability scanners include Retina Network Security Scanner, which runs on Windows, and SAINT, which runs on various Unix/Linux versions.


Ethical hacking tools and techniques

  Introduction
  Information gathering
  Port scanning
 Vulnerability scanning
  Password cracking

About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is The CISSP and CAP Prep Guide, published by John S. Wiley and Sons. He is available to answer your security threat questions via Ask the Expert.

This was first published in April 2007

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close