The Need for Network Vulnerability Scanning
Network vulnerabilities don’t make it to news headlines as often as other security issues such as malware, phishing, ransomware, or web vulnerabilities. However, it’s the network security issues and misconfigurations that often let the attackers take the first steps when they compromise systems.
- Open ports and exposed services such as FTP, SSH, database servers, etc. are one of the most common configuration issues that lead to major data breaches, especially if coupled with weak passwords. For example, most recent major data breaches happened because businesses exposed their database servers such as Elasticsearch to the public.
- A network vulnerability scanner also helps you discover the lack of security patches for your network devices, web servers, or operating systems. Missing patches or late patching may expose your infrastructure to dangerous attacks, both in the case of Windows and Linux.
- You can use your network scanner to find many other network security issues. For example, you can check whether you are using secure SSL/TLS ciphers.
Harnessing the Power of the OpenVAS Vulnerability Scanner
One of the most established and best network security scanners in the world is an open-source tool – OpenVAS. Its roots go back all the way to 1998 to the open-source Nessus project started by Renaud Deraison. Acunetix closely integrates with OpenVAS, making it even easier to use.
- Acunetix treats vulnerabilities discovered by the OpenVAS engine and by the Acunetix engine the same way. It means that after you run a scan, you have a common list of web and network vulnerabilities that you can manage and remediate.
- Acunetix is a vulnerability assessment tool and a vulnerability management tool, and when integrated with OpenVAS it becomes network security assessment software. Just like in the case of web vulnerabilities, you can prioritize and manage your network vulnerabilities along with web vulnerabilities to proceed with further penetration testing or remediation.
- You can manage all the vulnerabilities discovered by Acunetix using an external issue tracker, for example, Jira, Microsoft TFS, GitHub, GitLab, Bugzilla, or Mantis. This also includes network vulnerabilities. Therefore, Acunetix effectively and uniquely enables simple integration between OpenVAS and issue trackers.
Easy Network Vulnerability Management Integration
The OpenVAS integration in Acunetix is not only powerful but most important of all, it’s easy. You don’t have to create custom scripts or learn the Acunetix API, you only need to use the Acunetix user interface.
- The online (cloud) version of Acunetix is already integrated with OpenVAS so you don’t have to do anything. Immediately after you log in to Acunetix Online for the first time, you can start running network scans for your external network services.
- To secure your internal network, you can install Acunetix and OpenVAS on your premises and integrate them using a few easy steps in the Acunetix user interface. This way, you will be able to scan also those network services that are not available from the outside but still may be subject to internal threats.
- Thanks to Acunetix, you can also use OpenVAS to scan your virtual environments in the SDLC. By integrating Acunetix web and network scanning into CI/CD pipelines, you can check if your virtual machines are not misconfigured. Network issues in development may lead to similar issues in production environments.
Frequently asked questions
What is network security scanning?
Network security scanning means analyzing a network structure and seeing what services are available on the network. Once a network scanner knows the structure and the services, it checks if these services use outdated, vulnerable software. A network scanner may be integrated with a web scanner.
What are the three types of network scanning?
Network scanning can be divided into three types of scans. First, a network scanner finds all accessible addresses on the network (network structure). Then, it finds all the open ports for each of those addresses. Then, it checks every port for vulnerabilities in the software.
Should I do network scanning or web scanning?
You should do both. However, if your website or web application is hosted in the cloud and you did not open any ports manually, there is very little chance that you find any network vulnerabilities. On the other hand, there is a big chance that you will find web vulnerabilities.
How do I scan a network with Acunetix?
Acunetix on-premises can be easily integrated with the OpenVAS network scanner – you just need to enter the IP address and port number of OpenVAS. Acunetix Online is already integrated with OpenVAS so you do not need to install or configure anything. When integrated with OpenVAS, Acunetix manages all web and network vulnerabilities together in the same interface.