Two pieces of advice I was given long ago by a security guru are “Know your enemy” and “Know yourself”. ‘Your enemy’ is the malicious attacker who is scanning your network for vulnerabilities, and you ‘yourself’ can use the same tools the enemy does. A network scanner is a very effective tool for discovering what hosts are on your network, the services they are running, and what vulnerabilities exist. With this information in hand, you not only gain an appreciation for how the enemy can attack you, but you can also develop a prioritized list of tasks you need to work on to improve your network security. Here are seven reasons why you should be using a network scanner on your systems every day.
1. Determine your network’s security posture
The fastest way to determine what kind of shape your network is in is to scan it. Patch levels, listening ports, running services, weak password policies, open shares, among many others, can be quickly and easily identified by running a scan.
2. Create your task list
The results of the scan will give you your task list. Sort by priority, and start working on the critical issues immediately. Work your way through the list, and then scan again. It’s an iterative process that you will follow continuously.
3. Identify new systems on your network
Running discovery scans will help you to identify new systems. You can ensure that change management is being followed, and run down any unauthorized systems to ensure that they are not rogue.
4. Ensure compliance with your policies and best practices
You have change control requirements, standards and procedures for deploying systems on your network, and a “gold image” all systems should use. Use a network scanner to identify all systems you can compare to the list of approved systems, and that they all are running the gold image.
5. Know what openings exist on your systems
Use your network scanner against your DMZ systems to enumerate all the open ports on your systems. This is exactly what attackers will do to find ways into your system. Beat them to it by identifying the openings and making sure they are secured.
6. Easily find changes on your network
Run regular scans on your network with your network scanner, and compare the difference from one scan to the next to identify deltas. These can be unauthorized changes, new systems, or approved changes. Using the network scanner lets you confirm change control was followed and also ferret out rogues.
7. Provide reporting for audit and compliance
Network scanners can produce very detailed reports, which can meet the discovery needs of internal and external auditors, and also help you to meet compliance requirements. The results can be used to confirm adherence to policy, and that best practices are being followed.
Any one of these seven reasons for you to be using a network scanner should be enough to get you started. All seven should convince you to start today. Start using a network scanner today and your security will improve immensely tomorrow.
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.
All product and company names herein may be trademarks of their respective owners.