Page 1168 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1168

organization is an unpatched system, and so a vulnerability
                  management program will often work in conjunction with a patch

                  management program. In many cases, duties of the two programs
                  are separated between different employees. One person or group
                  would be responsible for keeping systems patched, and another
                  person or group would be responsible for verifying that the
                  systems are patched. As with other separation of duties
                  implementations, this provides a measure of checks and balances
                  within the organization.




               Vulnerability Scans

               Vulnerability scanners are software tools used to test systems and

               networks for known security issues. Attackers use vulnerability
               scanners to detect weaknesses in systems and networks, such as
               missing patches or weak passwords. After they detect the weaknesses,
               they launch attacks to exploit them. Administrators in many
               organizations use the same types of vulnerability scanners to detect
               vulnerabilities on their network. Their goal is to detect the
               vulnerabilities and mitigate them before an attacker discovers them.


               Just as antivirus software uses a signature file to detect known viruses,
               vulnerability scanners include a database of known security issues and
               they check systems against this database. Vendors regularly update
               this database and sell a subscription for the updates to customers. If
               administrators don’t keep vulnerability scanners up-to-date, they
               won’t be able to detect newer threats. This is similar to how antivirus
               software won’t be able to detect newer viruses if it doesn’t have current

               virus signature definitions.

               Nessus is a popular vulnerability scanner managed by Tenable
               Network Security, and it combines multiple techniques to detect a
               wide range of vulnerabilities. Nessus analyzes packets sent out from
               systems to determine the system’s operating system and other details
               about these systems. It uses port scans to detect open ports and

               identify the services and protocols that are likely running on these
               systems. Once Nessus discovers basic details about systems, it can
               then follow up with queries to test the systems for known
   1163   1164   1165   1166   1167   1168   1169   1170   1171   1172   1173