How a Network Scanner can Save Your Network
This article will take a different slant and, instead of going over the numerous benefits a network scanner provides, it takes a look at three simple, yet possible, scenarios a network scanner can protect you from.
Scenario 1 - Forgetting the installation file
An administrator installs a new web server for your organization and deploys some necessary web applications on it. It is common for web applications to employ installation CGIs which, once installed, are meant to be removed for security reasons. Once the administrator manages to get it to work, perhaps after struggling with it for a couple of days, s/he completely forgets about the installation CGI. There is a good reason why the package said the CGI needed to be removed after completing installation – leaving it there means malicious people can leverage it to gain complete control of your web server. A simple mistake that can result in confidential data being stolen, or worse,, the installation of spyware that could steal critical data such as credit card numbers. A network scanner would have alerted the administrator of the insecure script.
Scenario 2 – Anonymous upload is allowed
An administrator installs a server with Internet access and installs an FTP server so that customers can download demos of the software the company offers for sale. The chosen FTP server is configured by default to allow anonymous users to upload files as well as downloads. After a few days, users complain that the network is slow. As a result, customers might give up on downloading your software as it takes too long, bandwidth costs increase and if you’re really unlucky a lawyer presents you with a lawsuit for distribution of copyrighted material. Pirates have scanned your network and detected the ftp server and used anonymous access to distribute illegal software, movies or music. A network scanner would have alerted the administrator that the ftp server is configured to allow anonymous uploads.
Scenario 3 – Mr. X was fired
Mr. X was a troublesome employee, so much so that one day he is fired for his actions. The administrator removed his account from Active Directory but forgot he had a local account on the database server that people from his department had access to from anywhere in the world. After a few months go by, and Mr. X is still unable to find another job and, being resentful towards his former employer, tries to log into the database server to take revenge. His account is still active and time has passed – a perfect opportunity for payback as no one will suspect that he is the perpetrator. He deletes years’ worth of vital data from the company network - chaos.
A network scanner would have alerted the administrator that an account on the specific database server had not been used for quite some time and therefore, unless there is a valid reason, this should be disabled.
These are three scenarios where a network scanner would have prevented some serious issues for the company. An administrator’s time is limited, and as such we cannot expect an administrator to do certain tasks manually. You wouldn’t expect an administrator to go through every computer checking that every potentially dangerous file is not present on the system, but a network scanner can. You cannot expect an administrator to check every configuration combination that can be misused on every computer and every server manually, but a network scanner can. One cannot expect the administrator to check each computer for what users they have configured and how often they log on to root out old accounts that need disabling, but again, a network scanner can. Some jobs can easily be done manually but for some tasks software like a network scanner is essential.
Author
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on why your organization needs a network scanner.
All product and company names herein may be trademarks of their respective owners.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
