Hello Everyone

Well I searched for a tutorial on these I think 5 pages but didn't find any. I will try to put up a good one even though I don't do much writing..LOL

Where did Vulnerability Assessment Scanners come from?

Well IMHO, it all started with ISS and SATAN. ISS (Internet Security Scanner), which was written by a computer science student back in 1992 named Chris Klaus, looked for a few dozen common security holes and flagged them for the administrator to look at so they could be resolved. Most administrators, although a little nervous about this technology getting into the wrong hands, welcomed the new program. After all this would save them alot of work looking at logs which most didn't even do that.

Next we have SATAN (Security Administrator Tool for Analyzing Networks). This tool, written by Dan Farmer and Wietse Venema, basically did the same thing as ISS except with a few advancements. First off it had a much better scanning engine, a web based interface, and a much larger assortment of checks. Unlike ISS which was released without much attention. SATAN came to the masses like a media-crazed event of today. TIME magazine wrote and article about it, CERT even issued an advisory on its abilities (CA-1995-06). This is what started the explosion of Vulnerability Scanners.

What do they do?

A Vulnerability Scanners in its basic form is a port-scanner that has access to a database of vulnerabilities. This is the point that I was wanting to reach in this tutorial. This is were administrators get all secure in the comfort that everything is ok and being taken care off. This is how your more advanced hackers/crackers get into your network. Just keep in mind that these products must be constantly updated just like your AV programs (you DO up-date those don't you?). If you add up all the known vulnerabilities (maybe 3,000 or 4,000) keeping a system up so it can properly identify and track ALL these product vulnerabilities is a fairly hugh task. So I have listed below what basically is the guts of a vulnerability scanner.

Vulnerability Data: These scanners have to have some kind of internal database of vulnerablilty information that helps to accurately identify remote system exposures.

Scanning Mechanism: The technical part of a scanner lies in its capability to propertly scan ports, identify services and subsystems, and compare this information with the data stored in the database.

Reporting Mechanism: After performing all of this and finding a problem, it needs to report this so that the problem and be taken care off. This is a place usually that will separate scanners. Some products are stronger than others when it comes to clearly stating what they've discovered.

In part 2 I will cover what to look for when choosing a scanner!

CyberSorcerer