Communications and Internet 

Best Pen Tester Tools: Security Scanners. Network security scanners: capabilities, operating principles and advanced solutions The best vulnerability scanners

Purpose of the scanner

Today, almost all local networks have access to resources global network Internet. Some local networks may not have servers that can be accessed from the outside and the network accesses the Internet using NAT technology, that is, one computer provides the Internet to the entire network. Some networks may have multiple servers that are accessible from the Internet, and computers on the network may have global IP addresses. In any case, there is always at least one computer with a direct connection to the Internet. Hacking such a computer will jeopardize the information security of the network and may have dire consequences. If there are several servers with global addresses running on the network and they provide the opportunity, for example, for company employees to access their mail or corporate database from anywhere in the world, then ensuring the security of such a network becomes a rather complex task, which only an employee with highly qualified. The main responsibilities of this specialist will be to monitor the news feeds of dozens of security websites that publish information about discovered vulnerabilities, respond immediately to such messages, and independently search for vulnerabilities that are not yet known or unique. Considering that quite a lot of time can pass between the discovery of a vulnerability and the release of an official fix from the software manufacturer, a specialist must quickly close the possibility of exploiting the vulnerability. If the services provided to visitors are quite popular, then the sooner the administrator learns about the discovery of a vulnerability (ideally, even before it is published on specialized sites), the higher the likelihood that he will have time to close the discovered gap. Some vulnerabilities may be unique to a particular service. For example, errors in script programming can open the door for a hacker to install a console on the server, using which he can get full control over the server, and then over the rest of the network resources. Thus, ensuring the security of the network in which public services operate is a very complex and difficult task, which XSpider is designed to help with.

XSpider can completely automatic mode scan computers and services on the network to detect vulnerabilities. The vulnerability database is constantly updated by specialists, which, combined with automatic updates of databases and program modules, constantly keeps the XSpider version up to date.

XSpider can perform scheduled scans. Thus, by setting up the XSpider scheduler, automatically updating and sending reports on scan results by mail or saving them to network drive, the process of detecting vulnerabilities can be greatly simplified. This will allow you to concentrate your attention on combating already discovered vulnerabilities and on additional configuration and updating software. XSpider also provides invaluable assistance in this regard, displaying in the scan results report not only information about the found vulnerability, but also links, for example, to articles on the Microsoft website that describe the vulnerability discovered by XSpider and provide recommendations for eliminating it.

You can read the terms of purchase, find out prices and order XSpider at.

Results of checking a host running Windows XP without a service pack and with the firewall disabled

In the second test, a host running Windows XP without a service pack and with the firewall disabled was audited. Tab XSpider main window is shown in the figure below.

During the scan, several critical vulnerabilities were discovered. The results of the work included links to articles in the Microsoft Knowledge Base that describe the discovered vulnerability and links to download patches that eliminate these vulnerabilities.

We thank the "" company for providing a copy of the product for testing.

A process called vulnerability scanning is the process of checking individual hosts or networks for potential threats.

And the need to check security arises for IT specialists quite often - especially when it comes to large organizations that have valuable information that could be needed by attackers.

Administrators of small networks should not neglect such scanning, especially since in 2017 hundreds of thousands of computers were subjected to serious attacks from large-scale ransomware viruses launched by hackers.

Using vulnerability scanners

To scan networks for weaknesses in their security systems, specialists information security Appropriate software is used.

Such programs are called vulnerability scanners.

The principle of their operation is to check applications that run on network computers and search for so-called “holes” that could be used by outsiders to gain access to important information.

Proper use of programs that can detect network vulnerabilities allows IT specialists to avoid problems with stolen passwords and solve the following problems:

  • searching for malicious code that has entered your computer;
  • inventory of software and other system resources;
  • creating reports containing information about vulnerabilities and ways to eliminate them.

Vulnerability scanners are of particular importance for those organizations whose scope of activities includes processing and storing valuable archives and confidential information. Such programs are required by companies engaged in scientific research, medicine, trade, information technology, advertising, finance and other tasks that could be affected by information leakage.

Scanning Mechanisms

Vulnerability scanning is performed using two main mechanisms - scanning and probing.

The first option assumes that the scanner program performs a passive analysis, determining the presence of security problems only by a number of indirect signs, but without actual evidence.

This technique is called "logical inference", and its principles are to perform the following steps:

1. Identification of ports open on each device on the network;

2. Collection of headers associated with ports and found during the scanning process;

3. Comparison of the received headers with a special table containing rules for identifying vulnerabilities;

4. Obtaining conclusions about the presence or absence of security problems in the network.

A process called “probing” is an active verification technique that allows you to verify with almost one hundred percent certainty whether there are vulnerabilities in the network or not.

It is relatively slow compared to scanning, but in most cases it is more accurate.

The method, also called “validation,” uses the information obtained during the preliminary check to analyze each network device, confirming or denying the presence of threats.

The main advantage of the second option is not only the confirmation of those problems that can be detected by a simple scan, but also the detection of problems that cannot be found using a passive technique. The check is performed using three mechanisms - header checks, active probing checks, and simulated attacks.

Checking Headers

The mechanism, whose name is English language sounds like "banner check", consists of a number of scans and makes it possible to obtain certain conclusions based on the data transmitted to the scanner program in response to its request.

An example of such a check would be scanning headers using the Sendmail application, which allows you to determine software versions and verify the presence or absence of problems.

The technique is considered the simplest and fastest, but has a number of disadvantages:

  • Not very high verification efficiency. Moreover, attackers can change the header information, removing version numbers and other information that is used by the scanner to obtain conclusions. On the one hand, the probability of such a change is not too high, on the other hand, it should not be neglected.
  • Inability to accurately determine whether the data contained in the header constitutes evidence of a vulnerability. First of all, this applies to programs that are supplied with the source text. When fixing their vulnerabilities, the version numbers in the headers have to be changed manually - sometimes developers simply forget to do this.
  • IN the likelihood of a vulnerability appearing in future versions of the program, even after it was eliminated from previous modifications.

Meanwhile, despite certain disadvantages and the lack of a guarantee of detecting “holes” in the system, the process of checking headers can be called not only the first, but also one of the main stages of scanning. Moreover, its use does not disrupt the operation of either services or network nodes.

Active probe checks

The technique, also known as “active probing check,” is based not on checking software versions in headers, but on analyzing and comparing digital “imprints” of programs with information about already known vulnerabilities.

The principle of its operation a bit like the algorithm of antivirus applications, which involves comparing scanned fragments with virus databases.

The same group of techniques also includes checking the creation date of the software being scanned or checksums, which allows you to verify the authenticity and integrity of the programs.

To store information about vulnerabilities, specialized databases are used, which also contain information that allows you to eliminate the problem and reduce the risk of unauthorized access to the network.

This information is sometimes used by both security analysis systems and software whose task is to detect attacks. In general, the active probe testing technique used by major companies like ISS and Cisco is significantly faster than other methods - although it is more difficult to implement than header checking.

Simulated attacks

Another method in English is called "exploit check", which can be translated into Russian as "simulated attacks".

The check performed with its help is also one of the probing options and is based on searching for program defects by strengthening them.

The technique has the following features:

  • some security holes cannot be detected until a real attack is simulated against suspicious services and nodes;
  • scanner programs check software headers during a fake attack;
  • When scanning data, vulnerabilities are detected much faster than under normal conditions;
  • by simulating attacks, you can find more vulnerabilities (if they existed initially) than using the two previous methods - and the detection speed is quite high, but using this method is not always advisable;
  • situations that do not allow launching “imitation attacks” are divided into two groups - the threat of problems with the maintenance of the software being tested or the fundamental impossibility of attacking the system.

It is undesirable to use the technique if the objects of inspection are protected servers with valuable information.

An attack on such computers can lead to serious data loss and failure of important network elements, and the costs of restoring functionality may be too serious, even taking into account increased system security.

In this case, it is advisable to use other verification methods - for example, active probing or header checking.

Meanwhile, the list of vulnerabilities also includes those that cannot be detected without attempts to simulate attacks - these include, for example, susceptibility to Packet Storm attacks.

By default, such verification methods are disabled in the system.

The user will have to enable them independently.

Scanner programs that use the third method of scanning for vulnerabilities include systems like Internet Scanner And CyberCop Scanner. In the first application, checks are highlighted in a separate category “Denial of service”. When using any function from the list, the program reports the danger of failure or reboot of the scanned node, warning that responsibility for starting the scan lies with the user.

Main stages of vulnerability checking

Most programs that scan for vulnerabilities works like this:

1. Collects all the necessary information about the network, first identifying all active devices in the system and the software running on them. If the analysis is carried out only at the level of one PC with a scanner already installed on it, this step is skipped.

2. Tries to find potential vulnerabilities, using special databases to compare the information received with already known types of security holes. Comparison is performed using active probing or header checking.

3. Confirms found vulnerabilities using special techniques– imitation of a certain type of attack that can prove the presence or absence of a threat.

4. Generates reports based on information collected during scanning, describing vulnerabilities.

The final stage of scanning is an automatic fix or attempt to fix problems. This function is available in almost every system scanner, and is missing in most network applications to check vulnerabilities.

Differences in the work of different programs

Some scanners categorize vulnerabilities by threat level.

For example, NetSonar system divides them into network ones, which can affect routers, therefore more serious, and local ones, affecting workstations.

Internet Scanner divides threats into three levels - low, high and medium.

These two scanners have several other differences.

With their help, reports are not only created, but also divided into several groups, each of which is intended for specific users - from network administrators to organizational leaders.

Moreover, for the former, the maximum number of numbers is given, for the management - beautifully designed graphs and diagrams with a small amount of detail.

The reports generated by the scanners contain recommendations for eliminating the vulnerabilities found.

Most of this information is contained in the data produced by the Internet Scanner program, which issues step by step instructions to solve the problem, taking into account the characteristics of different operating systems.

The troubleshooting mechanism is also implemented differently in scanners. So, in the System Scanner there is a special script for this, launched by the administrator to solve the problem. At the same time, a second algorithm is being created that can correct the changes made if the first one led to deterioration in performance or failure of individual nodes. In most other scanner programs, there is no option to revert changes back.

Administrator actions to detect vulnerabilities

To find security holes, the administrator can use three algorithms.

The first and most popular option– checking the network for only potential vulnerabilities. It allows you to preview the system data without disrupting the operation of the nodes and providing maximum analysis speed.

Second option– scanning to check and confirm vulnerabilities. The technique takes more time and can cause malfunctions in the software of computers on the network during the implementation of the mechanism for simulating attacks.

Method No. 3 involves the use of all three mechanisms (with both administrator and user rights) and an attempt to eliminate vulnerabilities on individual computers. Due to the low speed and the risk of damaging the software, this method is used least often - mainly when there is serious evidence of the presence of “holes”.

Capabilities of modern scanners

The main requirements for a scanner program that checks the system and its individual components for vulnerabilities are: are:

  • Cross-platform or support for multiple operating systems. If you have this feature, you can scan a network consisting of computers with different platforms. For example, with several Windows versions or even with systems like UNIX.
  • Ability to scan multiple ports simultaneously– this function significantly reduces the time required for verification.
  • Scanning all types of software that are usually susceptible to attacks by hackers. Such software includes products from Adobe and Microsoft (for example, the package office applications MS Office).
  • Checking the network as a whole and its individual elements without the need to run a scan for each node of the system.

Most modern scanning programs have an intuitive menu and are quite easy to configure in accordance with the tasks being performed.

Thus, almost every such scanner allows you to create a list of hosts and programs to scan, specify applications for which updates will be automatically installed when vulnerabilities are detected, and set the frequency of scanning and generating reports.

After receiving the reports, the scanner allows the administrator to run threat remediation.

Among the additional features of scanners, we can note the possibility of saving traffic, which is obtained by downloading only one copy of the distribution and distributing it across all computers on the network. Another important function involves saving the history of past scans, which allows you to evaluate the operation of nodes in certain time intervals and assess the risks of new security problems.

Network vulnerability scanners

Assortment of scanner programs for modern market The software is quite large.

All of them differ from each other in functionality, efficiency of searching for vulnerabilities and price.

To evaluate the capabilities of such applications, it is worth considering the characteristics and features of the five most popular options.

GFI LanGuard

The manufacturer GFI Software is considered one of the leaders in the global information security market, and its products are included in the ratings of the most convenient and effective in checking for program vulnerabilities.

One such application that provides security for the network and individual computers is GFI LanGuard. whose features include:

  • quick assessment of the status of ports in the system;
  • search for unsafe settings on network computers and prohibited installation of programs, add-ons and patches;
  • the ability to scan not only individual computers and servers, but also those included in the system virtual machines and even connected smartphones;
  • drawing up a detailed report based on the scanning results, indicating vulnerabilities, their parameters and methods of elimination;
  • intuitive operation and the ability to configure automatic operation - if necessary, the scanner starts in certain time, and all corrections are performed without administrator intervention;
  • the ability to quickly eliminate detected threats, change system settings, update permitted software and remove prohibited programs.

What sets this scanner apart from most analogues is the installation of updates and patches for almost any operating system.

This feature and other advantages of GFI LanGuard allow it to be at the top of the ratings of programs for searching network vulnerabilities.

At the same time, the cost of using the scanner is relatively low and is affordable even for small companies.

Nessus

The Nessus program was first released 20 years ago, but only since 2003 has it become paid.

Monetization of the project has not made it less popular - thanks to its efficiency and speed, every sixth administrator in the world uses this particular scanner.

The benefits of choosing Nessus include:

  • constantly updated vulnerability database;
  • easy installation and user-friendly interface;
  • effective detection of security problems;
  • the use of plugins, each of which performs its own task - for example, it scans the Linux OS or starts checking only headers.

Additional scanner feature– the ability to use tests created by users using special software. At the same time, the program also has two serious drawbacks. The first is the possibility of failure of some programs when scanning using the “simulated attacks” method, the second is the rather high cost.

Symantec Security Check

Security Check is a free scanner from Symantec.

Among its functions, it is worth noting the search not only for vulnerabilities, but also for viruses - including macro viruses, Trojans and Internet worms. In fact, the application consists of 2 parts - the Security Scan scanner, which ensures network security, and the Virus Detection antivirus.

The advantages of the program include easy installation and the ability to work through a browser. Among the disadvantages, they note low efficiency - the versatility of the product, which allows it to also search for viruses, makes it not very suitable for scanning a network. Most users recommend using this scanner only for additional checks.

XSpider

The XSpider scanner is produced by Positive Technologies, whose representatives claim that the program not only detects already known vulnerabilities, but is capable of finding threats that have not yet been created.

Features of the application include:

  • effective detection of “holes” in the system;
  • opportunity remote work without installing additional software;
  • creating detailed reports with tips for troubleshooting;
  • updating the database of vulnerabilities and software modules;
  • simultaneous scanning large quantity nodes and workstations;
  • saving test history for further problem analysis.

It is also worth noting that the cost of using the scanner is more affordable compared to the Nessus program. Although higher than GFI LanGuard.

QualysGuard

The scanner is considered multifunctional and allows you to receive a detailed report assessing the level of vulnerabilities, the time to eliminate them and the level of impact of the “threat” on the business.

The product developer, Qualys, Inc., supplies the program to hundreds of thousands of consumers, including half of the world's largest companies.

The difference between the program is the presence cloud storage database and a built-in set of applications, which allows not only to increase the security of the network, but also to reduce the cost of bringing it to various requirements.

The software allows you to scan corporate websites, individual computers and the network as a whole.

The result of the scan is a report that is automatically sent to the administrator and contains recommendations for eliminating vulnerabilities.

conclusions

Taking into account the wide range of applications for scanning the network and its nodes for vulnerabilities, the administrator’s work is greatly facilitated.

Now he is not required to independently launch all scanning mechanisms manually - he just needs to find a suitable application, select a scanning method, configure and use the recommendations of the received report.

You should choose a suitable scanner based on the functionality of the application, the effectiveness of threat detection (which is determined by user reviews) - and, which is also quite important, at a price that should be comparable to the value of the information being protected.

A process called vulnerability scanning is the process of checking individual hosts or networks for potential threats.

And the need to check security arises quite often - especially when we are talking about large organizations that have valuable information that could be needed by attackers.

Administrators of small networks should not neglect such scanning, especially since in 2017 hundreds of thousands of computers were subjected to serious attacks by hackers.

Using vulnerability scanners

Information security specialists use appropriate software to scan networks for weaknesses in their security systems.

Such programs are called vulnerability scanners.

The principle of their operation is to check applications that are running and search for so-called “holes” that could be used by outsiders to gain access to important information.

Proper use of programs that can detect network vulnerabilities allows IT specialists to avoid problems with stolen passwords and solve the following problems:

  • searching for malicious code that has entered your computer;
  • inventory of software and other system resources;
  • creating reports containing information about vulnerabilities and ways to eliminate them.

The main advantage of the second option is not only the confirmation of those problems that can be detected by a simple scan, but also the detection of problems that cannot be found using a passive technique. The check is performed using three mechanisms - header checks, active probing checks, and simulated attacks.

Checking Headers

A mechanism whose name in English sounds like "banner check", consists of a number of scans and makes it possible to obtain certain conclusions based on the data transmitted to the scanner program in response to its request.

An example of such a check would be scanning headers using the Sendmail application, which allows you to determine software versions and verify the presence or absence of problems.

The technique is considered the simplest and fastest, but has a number of disadvantages:

  • Not very high verification efficiency. Moreover, attackers can change the header information, removing version numbers and other information that is used by the scanner to obtain conclusions. On the one hand, the probability of such a change is not too high, on the other hand, it should not be neglected.
  • Inability to accurately determine whether the data contained in the header constitutes evidence of a vulnerability. First of all, this applies to programs that are supplied with the source text. When fixing their vulnerabilities, the version numbers in the headers have to be changed manually - sometimes developers simply forget to do this.
  • IN the likelihood of a vulnerability appearing in future versions of the program, even after it was eliminated from previous modifications.

Meanwhile, despite certain disadvantages and the lack of a guarantee of detecting “holes” in the system, the process of checking headers can be called not only the first, but also one of the main stages of scanning. Moreover, its use does not disrupt the operation of either services or network nodes.

Active probe checks

The technique, also known as “active probing check”, is based not on header checks, but on the analysis and comparison of digital “imprints” of programs with information about already known vulnerabilities.

The principle of its operation a bit like an algorithm, which involves comparing scanned fragments with virus databases.

The same group of techniques also includes checking the creation date of the software being scanned or checksums, which allows you to verify the authenticity and integrity of the programs.

To store information about vulnerabilities, specialized databases are used, which also contain information that allows you to eliminate the problem and reduce the risk of unauthorized access to the network.

This information is sometimes used by both security analysis systems and software whose task is to detect attacks. In general, the active probing testing technique used by large companies like ISS and ISS works much faster than other methods - although it is more difficult to implement than header checking.

Simulated attacks

Another method in English is called "exploit check", which can be translated into Russian as "simulated attacks".

The check performed with its help is also one of the probing options and is based on searching for program defects by strengthening them.

The technique has the following features:

  • some security holes cannot be detected until a real attack is simulated against suspicious services and nodes;
  • scanner programs check software headers during a fake attack;
  • When scanning data, vulnerabilities are detected much faster than under normal conditions;
  • by simulating attacks, you can find more vulnerabilities (if they existed initially) than using the two previous methods - and the detection speed is quite high, but using this method is not always advisable;
  • situations that do not allow launching “imitation attacks” are divided into two groups - the threat of problems with the maintenance of the software being tested or the fundamental impossibility of attacking the system.

It is undesirable to use the technique if the objects of inspection are protected servers with valuable information.

An attack on such computers can lead to serious data losses and failure of important network elements, and the costs of restoring functionality may be too serious, even taking into account.

In this case, it is advisable to use other verification methods - for example, active probing or header checking.

Meanwhile, the list of vulnerabilities also includes those that cannot be detected without attempts to simulate attacks - these include, for example, susceptible to Packet Storm attacks.

By default, such verification methods are disabled in the system.

The user will have to enable them independently.

Scanner programs that use the third method of scanning for vulnerabilities include systems like Internet Scanner And CyberCop Scanner. In the first application, checks are highlighted in a separate category “Denial of service”. When using any function from the list, the program reports the danger of failure or reboot of the scanned node, warning that responsibility for starting the scan lies with the user.

Main stages of vulnerability checking

Most programs that scan for vulnerabilities works like this:

1 Collects all the necessary information about the network, first identifying all active devices in the system and the software running on them. If the analysis is carried out only at the level of one PC with a scanner already installed on it, this step is skipped.

2 Tries to find potential vulnerabilities, using special databases to compare the information received with already known types of security holes. Comparison is performed using active probing or header checking.

3 Confirms found vulnerabilities using special techniques– imitation of a certain type of attack that can prove the presence or absence of a threat.

4 Generates reports based on information collected during scanning, describing vulnerabilities.

The final stage of scanning is an automatic fix or attempt to fix problems. This feature is available in almost every system scanner, and is missing from most network vulnerability scanning applications.

Differences in the work of different programs

Some scanners share vulnerabilities.

For example, NetSonar system divides them into network ones, which can affect routers, therefore more serious, and local ones, affecting workstations.

Internet Scanner divides threats into three levels - low, high and medium.

These two scanners have several other differences.

With their help, reports are not only created, but also divided into several groups, each of which is intended for specific users - from up to the managers of the organization.

Moreover, for the former, the maximum number of numbers is given, for the management - beautifully designed graphs and diagrams with a small amount of detail.

The reports generated by the scanners contain recommendations for eliminating the vulnerabilities found.

Most of this information is contained in the data produced by the Internet Scanner program, which provides step-by-step instructions for solving the problem, taking into account the characteristics of different operating systems.

The troubleshooting mechanism is also implemented differently in scanners. So, in the System Scanner there is a special script for this, launched by the administrator to solve the problem. At the same time, a second algorithm is being created that can correct the changes made if the first one led to deterioration in performance or failure of individual nodes. In most other scanner programs, there is no option to revert changes back.

Administrator actions to detect vulnerabilities

To find security holes, the administrator can use three algorithms.

The first and most popular option– checking the network for only potential vulnerabilities. It allows you to preview the system data without disrupting the operation of the nodes and providing maximum analysis speed.

Second option– scanning to check and confirm vulnerabilities. The technique takes more time and can cause malfunctions in the software of computers on the network during the implementation of the mechanism for simulating attacks.

Method No. 3 involves the use of all three mechanisms (with both administrator and user rights) and an attempt to eliminate vulnerabilities on individual computers. Due to the low speed and the risk of damaging the software, this method is used least often - mainly when there is serious evidence of the presence of “holes”.

Capabilities of modern scanners

The main requirements for a scanner program that checks the system and its individual components for vulnerabilities are: are:

  • Cross-platform or support for multiple operating systems. If you have this feature, you can scan a network consisting of computers with different platforms. For example, with or even with systems like UNIX.
  • Ability to scan multiple ports simultaneously– this function significantly reduces the time required for verification.
  • Scanning all types of software that are usually susceptible to attacks by hackers. Such software includes the company's products (for example, the MS Office suite of office applications).
  • Checking the network as a whole and its individual elements without the need to run a scan for each node of the system.

Most modern scanning programs have an intuitive menu and are quite easy to configure in accordance with the tasks being performed.

Thus, almost every such scanner allows you to create a list of hosts and programs to scan, specify applications for which updates will be automatically installed when vulnerabilities are detected, and set the frequency of scanning and generating reports.

After receiving the reports, the scanner allows the administrator to run threat remediation.

Among the additional features of scanners, we can note the possibility of saving traffic, which is obtained by downloading only one copy of the distribution and distributing it across all computers on the network. Another important function involves saving the history of past scans, which allows you to evaluate the operation of nodes in certain time intervals and assess the risks of new security problems.

Network vulnerability scanners

The range of scanner programs is quite large.

All of them differ from each other in functionality, efficiency of searching for vulnerabilities and price.

To evaluate the capabilities of such applications, it is worth considering the characteristics and features of the five most popular options.

GFI LanGuard

The manufacturer GFI Software is considered one of the leaders in the global information security market, and its products are included in the ratings of the most convenient and effective in checking for program vulnerabilities.

One such application that provides security for the network and individual computers is GFI LanGuard. whose features include:

  • quick assessment of the status of ports in the system;
  • search for unsafe settings on network computers and prohibited installation of programs, add-ons and patches;
  • the ability to scan not only individual computers and servers, but also virtual machines included in the system and even connected smartphones;
  • drawing up a detailed report based on the scanning results, indicating vulnerabilities, their parameters and methods of elimination;
  • intuitive control and the ability to configure automatic operation - if necessary, the scanner starts at a certain time, and all corrections are performed without administrator intervention;
  • the ability to quickly eliminate detected threats, change system settings, update permitted software and remove prohibited programs.

What sets this scanner apart from most analogues is the installation of updates and patches for almost any operating system.

This feature and other advantages of GFI LanGuard allow it to be at the top of the ratings of programs for searching network vulnerabilities.

At the same time, the cost of using the scanner is relatively low and is affordable even for small companies.

Nessus

The Nessus program was first released 20 years ago, but only since 2003 has it become paid.

Monetization of the project has not made it less popular - thanks to its efficiency and speed, every sixth administrator in the world uses this particular scanner.

The benefits of choosing Nessus include:

  • constantly updated vulnerability database;
  • easy installation and user-friendly interface;
  • effective detection of security problems;
  • the use of plugins, each of which performs its own task - for example, it scans the Linux OS or starts checking only headers.

Additional scanner feature– the ability to use tests created by users using special software. At the same time, the program also has two serious drawbacks. The first is the possibility of failure of some programs when scanning using the “simulated attacks” method, the second is the rather high cost.

Symantec Security Check

Security Check is a free scanner from Symantec.

Among its functions, it is worth noting the search not only for vulnerabilities, but also for viruses - including macro viruses, Trojans and Internet worms. In fact, the application consists of 2 parts - the Security Scan scanner, which ensures network security, and the Virus Detection antivirus.

The advantages of the program include easy installation and the ability to work through a browser. Among the disadvantages, they note low efficiency - the versatility of the product, which allows it to also search for viruses, makes it not very suitable for scanning a network. Most users recommend using this scanner only for additional checks.

XSpider

The XSpider scanner is produced by Positive Technologies, whose representatives claim that the program not only detects already known vulnerabilities, but is capable of finding threats that have not yet been created.

Features of the application include:

  • effective detection of “holes” in the system;
  • the ability to work remotely without installing additional software;
  • creating detailed reports with tips for troubleshooting;
  • updating the database of vulnerabilities and software modules;
  • simultaneous scanning of a large number of nodes and workstations;
  • saving test history for further problem analysis.

It is also worth noting that the cost of using the scanner is more affordable compared to the Nessus program. Although higher than GFI LanGuard.

QualysGuard

The scanner is considered multifunctional and allows you to receive a detailed report assessing the level of vulnerabilities, the time to eliminate them and the level of impact of the “threat” on the business.

The product developer, Qualys, Inc., supplies the program to hundreds of thousands of consumers, including half of the world's largest companies.

conclusions

Taking into account the wide range of applications for scanning the network and its nodes for vulnerabilities, the administrator’s work is greatly facilitated.

Now he is not required to independently launch all scanning mechanisms manually - he just needs to find a suitable application, select a scanning method, configure and use the recommendations of the received report.

You should choose a suitable scanner based on the functionality of the application, the effectiveness of threat detection (which is determined by user reviews) - and, which is also quite important, at a price that should be comparable to the value of the information being protected.