How to Use a Network Scanner
One of the most effective tools you can use to improve the security of your systems is a network scanner. A good network scanner can provide you with the same view of your servers, infrastructure, and workstations, as that of an attacker who is going to try to find a way into the network; that, and the regular user of the network scanner who can also help you keep a close eye on the changes your network undergoes as a normal part of its evolution. Here are seven tips on how to use a network scanner to its fullest.
1. Use it regularly
A network scanner is not a tool you pull out once a year before the auditor arrives. It’s a tool that you ought to run continuously or at least on a weekly basis. Attackers are scanning your network around the clock; you want to make sure you find any new vulnerabilities as soon as you can. Make sure you scan from the outside as well as internally, so you get the full view.
2. Diff the results from one scan to the next, and over time
Network scanners are great at logging the details of what they find. If you scan the same way each time, differencing the results of those scans lets you find what is changing on your network, and gives you deep understanding of what is going on with your network, and the actions of the other admins.
3. Investigate the deltas
When a diff finds a delta, investigate it. Make sure that new system went through proper provisioning and change control, and that no one has plugged a rogue host into your network.
4. Confirm all open ports
When scanning from the outside, make sure all the open ports are still appropriate. Systems are retired or retasked, and sometimes that doesn’t get through to the firewall rule sets, so use your network scanner to make sure you don’t have any opening that you shouldn’t have.
5. Address vulnerabilities immediately
If your network scanner finds a vulnerability, go fix it! Don’t set it for next month’s patching process; treat it as a priority, because if you found it, it’s only a matter of time before an attacker will too.
6. Validate new systems before they go live
A network scanner is a great way to help validate that a new system is fully patched and up-to-date, and its actual configuration matches its intended purpose, before you green light it for production or open the requested ports on the firewall.
7. Spread it around
Don’t keep the output of your network scanner to yourself. Publish the results to the team portal, or send them out in a weekly summary email, and discuss them during your team meetings. When it comes to vulnerabilities, the more eyes taking a look at the data, the better.
If you use these seven tips to get the most out of your network scanner, you will find it to be one of the most valuable tools in your collection. Network scanners can provide you with a wealth of information, understanding, and automate some of the tasks that go into securing your network.
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.
All product and company names herein may be trademarks of their respective owners.