Home » Security for IT Professionals » Services » Vulnerability Scan Resources

Vulnerability Scan Resources

When performing a vulnerability scan against your host, whether to open a port in the firewall or to check for a possible problem, the Network Security Team uses the Nessus scanner. The scan produces a report that shows the services running on the scanned machine and vulnerabilities found in its services, if any. By services, we mean http, ssh, etc. All vulnerabilities for a service are listed together in one section of the report.

The following is an example of a vulnerability report:

Synopsis :

The remote service encrypts traffic using a protocol with known weaknesses.

Description :

The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

See also :

http://www.schneier.com/paper-ssl.pdf

Solution :

Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.

Risk factor :

Medium / CVSS Base Score : 5.0

CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Within the vulnerability report is the short and long description of the vulnerability itself, along with a suggested solution. The solution should be implemented as soon as possible and will be required if the vulnerability prevents a port from being opened through the campus firewall.

Also included in the report is the 'Risk Factor' of the vulnerability, such as Low, Medium, or High. A Medium or High vulnerability normally prevents a requested port from being opened. A Low Vulnerability is usually informational, but still should be considered and reviewed to fully secure a machine.

Here are additional items to note:

  • CVE Reports -- Some vulnerabilities report a CVE number, such as CVE-2002-0419. This is an identifier for a Common Vulnerability and Exposure. You can look up the identifier reported to learn more about that particular vulnerability.
  • Plug-in Output -- This section of a vulnerability report shows the output of the test against your server for that particular issue.
  • Trace and or Track Methods -- Many web servers report these methods enabled. This flaw allows for cross-site scripting, and the methods will need to be disabled before having port 80 or 443 open through the firewall.
  • SSL v2.0 -- Many servers report using SSL 2.0 for encryption. This method encrypts traffic using a protocol with known weaknesses. Services using SSL 2.0 will not be opened through the campus firewall. SSL 3.0 or TLS 1.0 will be required.

For any questions concerning this output or the solutions, please contact the Network Security Team is at security@tamu.edu.