Product Security Glossary

Vulnerability Scanning

What is vulnerability scanning? 

Vulnerability scanning is the act of examining a network-connected system or device for known security problems that could allow an attacker to compromise the system or device. 

Why is vulnerability scanning important? 

There are many types of security-related problems that vulnerability scanning can detect.  Systems or devices might be set up with inadequate security controls and configurations.  For example, a system might be set up with inadequate firewall protection.  An individual device that users need to access remotely might be set up with a Secure Shell configuration that isn’t secure at all.   

Vulnerability scanning can also detect problems with software.  Poorly designed software can allow attackers to exploit a system with cross-site scripting attacks, SQL Injection attacks, or buffer overflow attacks.  A vulnerability scanner would detect what software is installed on a device, and what the versions of the various software packages are.  It would then consult a database to see if there have been any reported vulnerabilities with the software packages that it detects. 

Attackers can exploit systems or devices that are poorly configured, or that are running buggy software.  Once a system or device has been exploited, an attacker can steal sensitive data or damage the system.  In the case of network-connected industrial control devices, an attacker could also cause damage to the industrial equipment, or even injury or death to plant personnel. 

Many times, regulations and standards require a vulnerability scanning. In such a case it is important to understand what type of vulnerability scanning is required, how often it should be performed, and so on.

What are the types of vulnerability scanning? 

A device scan is when someone performs vulnerability scanning on a specific device, many times even before it is connected to a network. This can give security personnel an understanding if this device is ready to be sold if he works for a manufacture or is the device ready to be connected to the network if he works in an enterprise.  

An internal scan is when someone performs vulnerability scanning from within the network to be scanned.  This can give security personnel a good feel for what an attacker would see once he or she has penetrated the network. 

External vulnerability scanning is performed from outside the network.  This way, security personnel can find vulnerabilities in perimeter defenses, such as firewalls.  An external scan can reveal problems that could allow an attacker to penetrate the network. 

Unauthenticated vulnerability scanning is performed without having the scanner log into any devices that it’s scanning.  With authenticated vulnerability scanning, the scanner will log into devices in order to scan them from the inside.  This makes it easier for the scanner to detect things that are configured incorrectly, such as file and directory permissions or Secure Shell configuration.  One method for doing this would be to create a user account specifically for the scanner, and to load the credentials for that account into the scanner. 

Is vulnerability scanning the same as penetration testing? 

No.  Penetration testing involves having security personnel actually trying to break into a system.  In addition to exploiting hardware and software vulnerabilities, penetration testing could involve working with personnel, trying to trick them into giving security personnel access to sensitive systems.  Vulnerability scanning simply involves examining systems or devices for problems that could allow an attacker to gain unauthorized access.