The Top Nine Best Practices for Network Scanning
Systems admins and security personnel looking to get the most out of their network scanners want to make sure they are using their tools in the right way. Follow these nine best practices for network scanning, and you’ll get the best bang for your buck out of your network scanner.
1. Update regularly
Generating general network reports (Source: gfi.com)
A network scanner helps you to find when your systems are out of date, and with new vulnerabilities discovered regularly, it is critical that you update your scanner each time you go to use it. Either set up a process to check for updates daily, or run the update process each time you go to perform a scan.
2. Scan early, often, and on a schedule
Using a network scanner should be a regular part of your systems security and maintenance. You should scan early in the deployment of any new system, and scan your entire network on a regular basis, not just when someone reads about a new vulnerability. By the time a new vulnerability makes it into the press, the bad guys already know about and are attempting to exploit it.
Using a network scanner should be a regular part of your systems security and maintenance. You should scan early in the deployment of any new system, and scan your entire network on a regular basis, not just when someone reads about a new vulnerability. By the time a new vulnerability makes it into the press, the bad guys already know about and are attempting to exploit it.
3. Scan new systems before they go into production
You want to make sure a system is fully up-to-date before it goes into production, so you can patch it as necessary. Once it is in production change control will apply.
You want to make sure a system is fully up-to-date before it goes into production, so you can patch it as necessary. Once it is in production change control will apply.
4. Scan everything
Scanning a subset of systems may be quicker, but scanning your entire IP range makes sure you catch everything, including those rogue systems that someone deployed outside of your normal processes.
Scanning a subset of systems may be quicker, but scanning your entire IP range makes sure you catch everything, including those rogue systems that someone deployed outside of your normal processes.
5. Scan internally
Whether the threat is a malicious user, a worm, or just someone with too much curiosity, don’t assume your firewalls will protect your internal systems. Scan everything you have internally to make sure all systems are up-to-date.
Whether the threat is a malicious user, a worm, or just someone with too much curiosity, don’t assume your firewalls will protect your internal systems. Scan everything you have internally to make sure all systems are up-to-date.
6. Scan externally
Attackers are scanning your external networks regularly. See what they see by scanning your systems from an external network so you know exactly what is accessible to the rest of the world.
Attackers are scanning your external networks regularly. See what they see by scanning your systems from an external network so you know exactly what is accessible to the rest of the world.
7. Check those deltas
When you perform regular scans, you can see what changes over time. Investigate any deltas between one scan and the next to confirm that any changes were appropriate and authorized.
When you perform regular scans, you can see what changes over time. Investigate any deltas between one scan and the next to confirm that any changes were appropriate and authorized.
8. Share the results
Too many companies keep the security scans a closely guarded secret. I don’t suggest you publish the results on your website, but make sure that all the admins are aware that you are scanning, see what you find, and know where their systems stand.
Too many companies keep the security scans a closely guarded secret. I don’t suggest you publish the results on your website, but make sure that all the admins are aware that you are scanning, see what you find, and know where their systems stand.
9. Remediate what the scanner finds
Using your network scanner to find vulnerabilities is only half the task; you must remediate what the scanner finds. Make sure that senior management understands the results of the scan, and makes remediation a priority.
Using your network scanner to find vulnerabilities is only half the task; you must remediate what the scanner finds. Make sure that senior management understands the results of the scan, and makes remediation a priority.
Follow these nine best practices for network scanning to get the best use of your network scanner. Don’t underestimate the importance of that first step. New vulnerabilities are discovered regularly, and checking your systems with an outdated scanner is as bad as running with outdated virus definitions. The sense of false confidence can lead to disaster. Maintain your network scanner like the fine tool it is, and you’ll get years of great use out of it, helping maintain secure and updated systems.
Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using anetwork scanner.