A Guest Post from GFI

How to Use a Network Scanner

One of the most effective tools you can use to improve the security of your systems is a network scanner. A good network scanner can provide you with the same view of your servers, infrastructure, and workstations, as that of an attacker who is going to try to find a way into the network; that, and the regular user of the network scanner who can also help you keep a close eye on the changes your network undergoes as a normal part of its evolution. Here are seven tips on how to use a network scanner to its fullest.

1. Use it regularly

A network scanner is not a tool you pull out once a year before the auditor arrives. It’s a tool that you ought to run continuously or at least on a weekly basis. Attackers are scanning your network around the clock; you want to make sure you find any new vulnerabilities as soon as you can. Make sure you scan from the outside as well as internally, so you get the full view.

2. Diff the results from one scan to the next, and over time

Network scanners are great at logging the details of what they find. If you scan the same way each time, differencing the results of those scans lets you find what is changing on your network, and gives you deep understanding of what is going on with your network, and the actions of the other admins.

3. Investigate the deltas

When a diff finds a delta, investigate it. Make sure that new system went through proper provisioning and change control, and that no one has plugged a rogue host into your network.

4. Confirm all open ports

When scanning from the outside, make sure all the open ports are still appropriate. Systems are retired or retasked, and sometimes that doesn’t get through to the firewall rule sets, so use your network scanner to make sure you don’t have any opening that you shouldn’t have.

5. Address vulnerabilities immediately

If your network scanner finds a vulnerability, go fix it! Don’t set it for next month’s patching process; treat it as a priority, because if you found it, it’s only a matter of time before an attacker will too.

6. Validate new systems before they go live

A network scanner is a great way to help validate that a new system is fully patched and up-to-date, and its actual configuration matches its intended purpose, before you green light it for production or open the requested ports on the firewall.

7. Spread it around

Don’t keep the output of your network scanner to yourself. Publish the results to the team portal, or send them out in a weekly summary email, and discuss them during your team meetings. When it comes to vulnerabilities, the more eyes taking a look at the data, the better.

If you use these seven tips to get the most out of your network scanner, you will find it to be one of the most valuable tools in your collection. Network scanners can provide you with a wealth of information, understanding, and automate some of the tasks that go into securing your network.

This guest post was provided by Casper Manes  on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on
the importance of using a network scanner.

All product and company names herein may be trademarks of their respective owners.

About Andy Malone

Andy Malone Microsoft MVP, MCT Andy Malone is the CEO of Quality Training Ltd and founder of both the Dive Deeper Technology and Cybercrime Security events. Based in Scotland, Andy is a popular international event speaker and technology evangelist with over 15 years experience. Andy was also the 2006 winner of the Microsoft TechEd Speaker Idol contest. Andy has delivered technical and security content to thousands of delegates worldwide at various technical conferences, such as Microsoft TechEd, IT Pro-Connections and Tech-days. His passionate style of delivery, combined with a sense of fun has become his trademark. Although his primary focus is for security. Andy loves to talk about the Windows platform, Exchange and Office technologies. And with knowledge dating back to the MS-DOS 2 and Windows 2.0 era there is often an interesting story to be told. But technology never sleeps and Andy continues to work with the Microsoft product teams to create and deliver ground breaking material on Windows 7, Server 2008 R2 and beyond. For 2011/12 Andy is scheduled to deliver content in Europe, the Middle East, Russia and the US to name but a few. Andy’s blog: http://blogs.quality-training.co.uk/blog
This entry was posted in Cybercrime, Security. Bookmark the permalink.