Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Whats this vulnerability scanning thing of which you speak?

by Leave a Comment

The process of performing a vulnerability scan is intended to identify product or software versions (on workstations) that are no longer current and have had updates released by the vendor that should be installed.

Secunia.com site has a product called Online Software Inspector – http://secunia.com/vulnerability_scanning/online/ 
It is free and uses Java to identify vulnerable versions of software installed on a workstation.  Once someone accesses the page, they select the START option. As it indicates, if you don’t do the through inspection, it can be done in normally less than 30 seconds.  I did the through inspection on my machine and it took about 20 mins.  This product will check both
Microsoft and some third party applications. I know it found Java and Flash
updates that were needed.  Even after installing the updates, it might
require someone either reboot or for a Java update, clear the java cache –
http://www.java.com/en/download/help/plugin_cache.xml

As an alternative for Online Software Inspector, some might prefer running
the Microsoft Baseline Security Analyzer –
http://www.microsoft.com/downloads/details.aspx?FamilyID=F32921AF-9DBE-4DCE-
889E-ECF997EB18E9&displaylang=en . It might not be something that all users
can utilize. It requires installation and provides some somewhat detailed
and specific results.  Based on what I have seen it does not check for
third-party products like OSI.

I really suggest we begin suggesting to non-AD/WUS folks that on the Second
Wednesday of the month, they login with the admin ID, and check for updates
to Microsoft/Sun-Java/Mozilla-Firefox and Adobe Products. These are the ones
that are being targeted most consistently and these vendors are moving to a
consistent update methodology that is pushed on the second Tuesday of each
month.  By deploying a consistent patch update procedure, we will be more
likely to ensure that the workstations are current and less likely to be
compromised.

NOTE – for server vulnerability scans please use either scan.tamu.edu (and
uncheck the box that says you are making a change in access through the
firewall), or use mysecurity.tamu.edu to perform the scan for the entire
network or an individual host.