Posted on April 30, 2013 by Sean Wang
Tags: Mythics Consulting, Security
When conducting a security vulnerability assessment using an automated scanner on a large number of hosts, it is very tempting to create one or more large groups of scanning hosts. It is a perfect opportunity to have a “Look Mom, No Hands!” moment. But more often than not, this can cause more problems than you expect. It may bring down the network; it may also cause the scanning to terminate prematurely, and you end up having to do it again, and again.
You can group the hosts any way you like. But with some planning when you group the hosts together, you will have a much better experience and result. Here are few factors to consider when you are grouping the hosts together:
- Network traffic: When scanning a large number of hosts, the network will sustain high volume of traffic for prolonged period of time since there are too many hosts to scan. It would be much better to strategically place the scanner and group the hosts in smaller groups to localize the traffic.
- Platform: Large environment normally have different computing platforms. By grouping hosts of same platform together, you can be more specific with your scan policies and have much quick scans.
- Credential: Similarly, in a large environment, there are many different credentials that are used to access the network. Grouping hosts with the same credential will eliminates the problems caused by having to submit multiple credentials.
- Problem Hosts: You may notice that there always some hosts that will cause the scans to crash. Those hosts should be excluded from any group and scanned separately. Doing so will ensure more successful scans.
Next time you perform a security vulnerability scanning, try one or more of these practices; it can help you perform your scans more efficiently and effectively.