SN-896: Vulnerability scanning

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Lob

What could possibly go wrong?
Nov 7, 2020
161
44
On the topic that @Steve mentioned of the UK NCIC scanning IP ranges in the UK for what lights up (no just web servers), this actually is a good thing and a monster task to perform.

What is important to remember is the appliances will map the entire IP space and will record what answers on many ports (certainly the first 1024). Those answers will be stored and, as long as they are not terribly stale, can be reconciled against identifiers of vulnerabilities (such as new zero day flaws) thus allowing you to know without scanning where your zero days might be located.

Given the public IP space is a little more volatile than a corporate network, stale will happen quickly but it would allow them to perform targetted, quicker scans of the assets/CIs that likely have the flaw to validate whether they do or not.

I've used Qualys in the corporate environment for years and it really scans the entire IP space. You will be surprised what is out there.....!! But once the definitions are updated to incorporate zero days that need patching, you can focus efforts to patch and validate the flaws quickly. I scanned our Internet-facing systems weekly, including provider services.

In the context of the IP space in the UK, I can imagine that they would target certain businesses to fix their problems sharpish and potentially threaten with cutting services if remediation is not performed. It should be but VM is hard and many cannot or will not do it properly.

Getting this right reduces the risk exposure in a massive sense.

Does anyone have an insight into what they are using? Qualys? Tenable? Something else?