Vulnerability Assessment Tool Step

Step 1: Identify the Hosts on Your Network

- ICMP Discovery
This is the simplest method of identifying systems on a network. An ICMP packet is also known as a ping packet. Although ICMP discovery is the most reliable way of identifying hosts, many IT professionals are taught to disable a system’s (or switch’s) ability to respond to ICMP as mitigation from unauthorized scans. Of course, although they’re protecting against unauthorized ICMP scans, they have also effectively hidden their systems from legitimate scans as well.

- TCP Discovery on Ports
This is a good way to identify hosts when ICMP might be disabled. Simply put, the Transmission Control Protocol (TCP) discovery method will attempt to connect to every IP address in the scan range on a specific port. If that port is open and listening for connections, the host will be considered alive. If none of the selected ports is alive and listening, the host will be considered dead.

- UDP Discovery
This type of scan works a little differently. Although a TCP port scan looks for a response on an open port, a User Datagram Protocol (UDP) scan will actually look for closed ports. When a UDP scan hits a port that is closed, a specific error will be returned which proves that there is, in fact, a live system at that IP address.

- Perform OS Detection
This is not a scan to identify hosts on a network, but rather an option that tells the tool to attempt to identify the remote operating system of the systems found to be alive. Different tools perform this step in multiple ways, each with their own degree of accuracy.

- Get Reverse DNS
This option should be self-explanatory. It will simply match the IP address of live hosts to their domain name system (DNS) name. For example, the system at 155.212.56.73 has the DNS name of host73.155.212.56.conversant.net, which also happens to be the system hosting the Syngress Web site.

- Get Netbios Name
This option should also be self-explanatory. It will cause the tool to map the NetBIOS names of each system being scanned to the IP address.

- Get MAC Address
This option will map the network Media Access Control (MAC) address of each live system to the rest of the data collected.

Step 2: Classify the Hosts into Asset Groups

Step 3: Create an Audit Policy
For the most part, we recommend that all audits be used for initial scans. In some cases, you may not want to run certain audits, so you will want to exclude those audits. In Nessus, audits are called plug-ins Retina, on the other hand, calls them audits, but the way you select them
is similar to the approach you’d use in Nessus (see

Step 4: Launch the Scan
This step is quite simple: Launch the scan and wait for your results

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Technorati

Trackback URL for this post:

http://www.securitycompliances.com/trackback/43

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • arrercuby
  • brijtiwari28
  • Fantasko
  • pyosaterryysx
  • ugg54685