Thursday, October 13, 2022

Vulnerability Management - How scans work in the background

Phases of a vulnerability scan:

1. Host Discovery

Identify network-accessible systems by pinging or sending them TCP/UDP packets (Scanners will try to probe well known ports to check for responses)


2. Port Discovery

Identify open ports on live systems identified in step 1 (NOT all the 65535 ports are probed!! A Standard Scan includes 1900 TCP and 180 UDP ports by default for Qualys. Typically, the majority of services and listening applications are going to be running on these ports.)


3. Service Discovery

Identify services running on identified open ports in step 2


4. VM/PC Assessment

Gather detailed system information and correlate with known vulnerabilities


Please refer the below links for more information:

https://community.tenable.com/s/article/Phases-of-a-vulnerability-scan

https://qualys.secure.force.com/articles/How_To/000002028

https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/


Happy Learning !!

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Vulnerability Management - Understanding vulnerability posture

Understanding the vulnerability posture of an organisation at a basic level helps you drive remediation efforts. So, I don't know what t...