Series on Information Security - Weekly -Part 14

Vulnerability scanning

A vulnerability is a hole or a weakness which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the application or systems.

Following are few examples of vulnerabilities
a) Lack of input validation in application
b) misconfiguration of application
c) keeping default passwords for different devices
d) Passing un-encrypted password from and to the database

Vulnerability scanner tools are available as commercials products as well as open source solutions.

Few of them mentioned below,

a) Nessus
b) GFI LanGuard
c) SARA
d) Core Impact
e) ISS Internet Scanner
f) SAINT
g) MBSA

a) Nessus :

The Nessus vulnerability scanner is one of the most popular scanner. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. There are currently over 40,000 different plugins used by Nessus, covering local and remote flaws.

b) GFI LanGuard
GFI LanGuard’s vulnerability assessment feature performs over 45,000 checks on your operating system, virtual environments and installed applications using vulnerability check databases such as OVAL and SANS Top 20. .

 c) SARA : The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. However the project has been stopped and its last release was SARA 7.9.1. It has CVE standards support. Still it is a good tool to explore.  

e) MBSA : Microsoft Baseline Security Analyzer is a  Microsoft’s free security and vulnerability assessment scan tool for administrators, security auditors, and IT professionals. It is an easy-to-use tool that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

f) ISS : Internet Security Systems' Internet Scanner (ISS) is a security product that assesses devices on a network for vulnerabilities. It goes through a long list of checks and tests, carefully gathering appropriate pieces of information and reporting vulnerabilities

g) SAINT : SAINT is the Security Administrator's Integrated Network Tool. In its simplest mode, it gathers as much information about remote hosts and networks as possible by examining such network services .  While the program is primarily geared towards analyzing the security implications of the results, a great deal of general network information can be gained when using the tool - network topology, network services running, types of hardware and software being used on the network, etc. SAINT is another commercial vulnerability assessment tool (like Nessus, ISS Internet Scanner, or Retina).

Wardialing   

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers. Generally the modems attached to the computers responds to the very first ring , but it does not respond till two rings than that will mean that the modem is not connected  If the remote end modem responds than the war dialer application will note the phone number and proceed further. Interesting items often include test tones, computers, Voice Mail Boxes,  etc. The method used for war dialing is to find out  any one phone number for the targeted company or an organization and try every possible phone number with the entire prefix in the range as that of the known phone number.

Following are few of the examples of war dialing softwares,

 • TeleSweep Secure® modem-vulnerability scanner is a software      provided by  SecureLogix at no-cost .
 • PhoneSweep-Sandstorm Enterprises' PhoneSweep is a full-featured           telephone scanner developed for Microsoft's Windows platform.
 • THC-SCAN Next Generation is basically used with *nix platform.
 • PAW / PAWS is a wardialing software in python. It is designed to          
scan for ISDN (PAWS only) and "modern" analog modems (running at  
9.6kbit/s or higher). It uses a list of pre-defined phone numbers in a file to be scanned.

To address the issue of  war dialing, following countermeasures needs to be implemented.
    • Require Proper authentication for dial up users
    • Require caller id verification
    • Configure Call backs so that only pre-configured users and phone               numbers are allowed to validate.