In this video, learn about advanced vulnerability scanning concepts, including intrusive vs. non-intrusive scanning, credentialed vs. noncredentialed scanning, and the verification of false positives.
- We've already discussed many of the basic concepts of vulnerability scanning in this course. Let's now take a moment to dive deeper into a few advanced vulnerability scanning topics that the security plus exam covers. As you set up a vulnerability scan you need to carefully consider the type of scan that you will perform. Most scanners allow you to choose between intrusive and non-intrusive or dangerous and safe modes. Scans run in non-intrusive or safe mode will not perform tests that could themselves disrupt system operation.
This is the safest way to go when you are worried about damaging production services. But this mode does not provide an accurate picture of security because it fails to show you if those attacks would have been successful. One way to balance these concerns is to run tests against production systems in safe mode but then clone those systems running dangerous mode scans against the images. When you run vulnerability scans you'll receive detailed reports of issues discovered during the scan. Sometimes those reports contain errors.
There are two types of error common in vulnerability scan reports. False positive errors occur when the scanner detects a vulnerability that doesn't actually exist. System administrators should investigate each false positive report and once they are satisfied that the result is erroneous mark it in the scanning system so that it is not reported on future scans. False positives may be burdensome and annoying but the only real danger they pose is that people will become desensitized to vulnerability reports if too many are false alarms.
False negative errors on the other hand are far more dangerous. They occur when a scan does not report a vulnerability that really does exist. This may be due to a misconfiguration of the scanner or it might simply be a vulnerability that the scanner doesn't know about yet. These errors are quite dangerous because a true security flaw exists but the system administrator doesn't know about it. So, far we've spoken about vulnerability scanning as if it were occurring from an external perspective. And most vulnerability scanners do work that way.
They aim to give a picture of the world from the attackers perspective. Identifying vulnerabilities that are obvious over the network. Sometimes the vulnerability scanner needs to make assumptions about system configuration because of this limited perspective. It is also possible to run vulnerability scans that have full details of system configurations. These scans called credentialed scans use read only accounts to gain access to configuration information on the scans server. They use the details of this configuration to reduce false positives and identify vulnerabilities that might not be easily detected over the network.
As you prepare for the security plus exam, you'll want to become familiar with these advanced vulnerability scanning topics. Security professionals around the world use these tools regularly to enhance the security of their organizations.
Looking for study partners?Join the CompTIA Security+ SY0-501 Exam study group
The CompTIA Security+ exam is an excellent entry point for a career in information security. The latest version, SY0-501, expands coverage of cloud security, virtualization, and mobile security. This course prepares exam candidates for the critical Threats, Attacks, and Vulnerabilities domain of the exam. By learning about malware, networking and application security exploitations, and social engineering, you'll be prepared to answer questions from the exam—and strengthen your own organization's systems and defenses. Author Mike Chapple, an IT leader with over 15 years of experience, also covers the processes for discovering and mitigating threats and attacks, and conducting penetration testing and scanning for vulnerabilities. Visit certmike.com to join one of his free study groups.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities