The Task Is About Comparison Of Vulnerability Scanners (Lab Report Sample)

Comparison of Vulnerability Scanners
Introduction
With the advancements in information technology, the security concern of the users in the network is increasing drastically. Various approaches have been adopted to protect respective network from un-authorized users. New innovative methods have been presented in order to identify potential discrepancies that can damage the network. Most commonly used approach for this purpose is vulnerability assessment. Vulnerability can be defined as the potential flaws in the network that make it prone to possible attack by un-authorized user. Assessment of these vulnerabilities provides a way to identify as well as develop innovative strategies in order to protect the network. Number of software applications have been introduced for this purpose. However, majority of the software developers are not fully aware of the security measures that must be introduced in these applications in order to eliminate these vulnerabilities CITATION ANe05 \l 1033 [1]. The main motive for most of these developers is to develop a software application that can run in one desired state. They mainly refuse to take into consideration the possible flaws in the programming language, the higher risk of any user of being under attack through unauthorized access. The software developed with such flaws not only makes the user vulnerable to serious attacks but also network becomes a prone factor by compromising significant security aspects of the users. Thus, it is significantly important to device innovate methodologies and strategies in the development of these software applications.
Accessing as well as eliminating the all vulnerabilities requires in depth understanding and sound knowledge about them. It becomes essential to have basic idea behind the working of these vulnerabilities like the way in which they appear in any system. One must be aware of the flaws needed to be corrected in order to free the whole system from vulnerabilities, alternatives can also be devised for this purpose and how to reduce the risk of them in a proactive manner CITATION NKh11 \l 1033 [2]. Various methods have been introduced for the identification of these vulnerabilities. Some of the methods include attack graph generation, static analysis and vulnerability scanners. This work presents a detailed study of the vulnerability scanners. It also analysis number of vulnerability scanners and make comparison of them based on their identification abilities.
Vulnerability Scanners
A Vulnerability scanner can have access to a variety of vulnerabilities across complete information systems including network systems, software applications, computers and operating systems. It must be able to identify the vulnerabilities that could have originated from system administrator activities, vendors or even everyday user activities. Possible examples of these vulnerabilities include software bugs, web applications, insecure default configurations, lack of password protection or even failure to run virus scanning software CITATION JBa10 \l 1033 [3]. Vulnerability assessment is a proactive approach in which the vulnerability is detected and dealt with before any unauthorized user access this issue. It is also worth noting that most of the focus has always been on the firewall protection but one must also focus on the internal functionality as well. In addition, vulnerability assessment mostly correlates various platforms including operating systems, applications and middleware CITATION HHo11 \l 1033 [4]. Thus, vulnerability scanners are mostly used to run a scan of the whole network system along with the software applications.
Types of Vulnerability Scanners
Vulnerability scanners can be categorized into two types. These include network based scanners and host based scanners.
Network Based Scanners
As the name suggests, network based scanners normally run over the network. They are mostly installed on a single machine which scans hosts on the particular network. These scanners help to detect vulnerable webservers, misconfigured firewalls, vulnerabilities related to system and network administrators and risks linked with vendor-supplier software. Network based scanners can be categorized into port scanners, webserver scanners and web application scanners. Port scanners access the number of open network port located in remote systems. An example of pot scanner includes Nmap. Web server scanner access the possible dangerous file in remote webservers. Similarly, web application scanners assess the security issues of web applications on these webservers.
Host Based Scanners
A host based vulnerability scanner is usually installed in the host and gains direct access to the low level data such as configuration details of operating systems. Thus, host based scanners can provide insight information into the vulnerable user activities such as weak or no passwords. These scanners can also provide baseline checks. One example of host based scanners is database scanner. It performs security analysis of authentication, authorization and integrity. Host based scanner are also able to identify potential security risks ranging from security misconfigurations to Trojan Horses.
Working of Vulnerability Scanners
The working of vulnerability scanner is based on its four basic modules namely Scan database, User interface, Scan engine and report module. Firstly, the scan engine executes the required checks based on the installed plug-ins, identifying the system vulnerabilities and information. The scan engine basically compares the results with its known vulnerabilities. The results of the engine scan are then stored in scan database, The Scan database stores other data such as vulnerability information as well. The number of plug-ins available for scan and updating frequency of them depends in the vendor of the system. The scan results are presented on different levels in the form of report. The detailed technical reports include high level graphs, summary reports for respective security managers, and suggestions for system administrators. The user interface simply allows the user or administrator to operate scanner with ease. The user interface can either be command line or Graphical User interface.
Next section discusses the scanners and try to evaluate their performance through various performance metrics.
NMAP
Nmap is basically a port scanner that scans the ports of the network. The inputs of this scanner is an IP address or host name. It finds the basic information of the port network. For instance, if an IP address is input to the scanner, it finds the host to which it belongs. In addition, it also provides the information about the number of ports running on that specific host, number of open ports, services provided by these ports and number of closed ports. It also provides information regarding the services whether they are FTP or TCP oriented. Another advantage of Nmap is that topology of the host scanned is recorded in the form of a graph that depicts various gateways through which local machines can access that specific host.
Nessus
Nessus is a widely used vulnerability scanner that focuses on the vulnerabilities in remote host. It also offers both external and internal scan. The internal scan is mostly related to the hosts present within a particular router. Nessus also provides an added advantage of web application testing. The vulnerability scan of Nessus is usually categorized into four types of Informal, Low, Medium and High. The results of this scanner can also be saved for one particular host. These results are normally presented in two ways by vulnerabilities by host and plug-in. It is also worth noting that Nessus works on client-server architecture. Each session in Nessus is controlled by client but test can be run even on the server side.
Acunetix WVS
Another commonly used vulnerability scanner is Acunetix WVS. It is an exploit analysis tool that is used for performing severe web security audits. The working criteria for this scanner includes site crawling, target specification, structure mapping and pattern analysis. In the target identification phase, scanner collect all the information related to the web-technologies, responsiveness for filtering tests and web server types of the target. The second step involves site crawling and structure mapping. It includes fetching the index file of the web application. It then builds list of files and directories inside the web application. Nessus than performs pattern analyses against the target web application.
Nikto
Nikto is another vulnerability scanner mostly know for it command based structure. It is used to scan particular targets. One important requirement for this tool is that Perl language must be installed in the system for functionality. This scanner performs the security scans against severe files/CGI problems mainly on the servers. A possible advantage of Nikto is its open source Web server security and free of cost CITATION THo04 \l 1033 [5].
Burpsuite
Burp is another proxy based tool that consists of number of functional specifications. The requirements of this tool is setting of the proxy present in the browser. Burp starts by setting the proxy to 127.0.0.1. The tool involves number of tabs such as Repeater, Spider, Proxy, Introducer, Scanner and Sequencer. Each tab has its own functionality. For example, Proxy tab is mainly used to set the proxy as well as configure it. The introducer tab in the tool is used to automat...