In addition, you may be sick of explaining why it's necessary to go above and beyond the security measures that come with the product. Although most vendors include some sort of security-scanning mechanism with their products, these checks often fail to address how remote users interact with your organization's specific implementation of that software system.
The ability to remotely verify the security status of network resources is the point of collecting log data and constantly scanning networks. However, this process doesn't necessarily have to be pricey.
A plethora of tools for scanning networks is available, with a plethora of prices. However, the Nessus tool stands out above the rest. Best of all, it's free!
Some people consider Nessus a black hat's tool, and the bad guys and gals out there definitely use it. But that's exactly why your company should use it as well. By looking at your network through the eyes of your enemy, you can find and patch the holes in your defenses before potential intruders exploit them.
A hacker group or a security company typically discovers a specific way to violate the security of a software system and then releases the hack, in various levels of detail, to a hacker or security community (depending on which side of the law these folks fall).
And that's where Nessus comes in. Designed to automate the testing and discovery of known security problems, this software tool can identify and solve these known problems—before a black hat can take advantage of them.
Nessus' most powerful feature is its client-server technology. You can deploy Nessus servers throughout your network to conduct tests from diverse points of view. The client can then control multiple servers.
The server/client software runs on UNIX, MAC OS X, IBM/AIX, and most flavors of Linux. Clients are also available for Windows. The Nessus server performs the actual scanning, and the client provides configuration and reporting functionality.
Nessus also offers the ability to discover all open ports detected on a remote targeted system and then attack these ports. Nessus not only uses common attacks against common ports (e.g., Web servers generally use TCP port 80 for Web pages); it also discovers Web services running on different ports through its smart service recognition. It can then attack these Web services ports as well.
Let's look at some of the other key features of Nessus.
To benefit the most from using Nessus, I suggest installing several external programs. While the tool doesn't require these programs to work, they greatly augment its scanning ability.
Keep in mind that deploying and running Nessus in your organization requires knowledge of UNIX/Linux. If you're serious about network security, you need to become familiar with these operating systems.
Vendors will always issue patches, but it's dangerous to rely on them for your entire security strategy. You must still take steps to make sure you've plugged all the holes to prevent black hats from accessing your network.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.
Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.