The security risks that threaten networks seem to evolve just a little bit faster than the methods used to deal with them. Fix one, it seems, and one or two more pop up almost right away. And small wonder: there are lots of people who do nothing but scan networks for vulnerabilities to exploit.
And while network vulnerability scanning and auditing tools can be incredibly expensive, there are some free ones out there that can deal with a lot of the dirty work, according to a recent article in Network World. In it, Eric Geier examines six network vulnerability tools that don’t cost a cent.
1. The Open Vulnerability Assessment System, or OpenVAS, is a free network security scanner licenced under the GNU General Public Licence. It’s available in several Linix packages or as a downloadable Virtual Appliance for testing and evaluation. While the scanner doesn’t work on Windows, Windows clients are available.
The biggest chunk of OpenVAS is the security scanner, which only runs in Linux. Geier says this is the part that does the actual scanning and receives a feed, updated daily, of more than 33,000 Network Vulnerability Tests (NVT). The OpenVAS Manager controls the scanner and provides the intelligence.
OpenVAS isn’t the quickest and easiest tool to install and use, but it has one of the best feature sets of any free security scanner, Geier says. The drawback: its main component does require Linux.
2. Retina CS Community scans and patches for Microsoft and common third-party applications, such as Adobe and Firefox. It supports vulnerabilities in mobile devices, web applications, virtualized applications, servers and private clouds, and scans for network vulnerabilities, configuration issues and missing patches. Retina CS Community does the patching; for vulnerability scans the Retina Network Community software must be separately installed first.
“Retina CS Community is a great free offering by a commercial vendor, providing scanning and patching for up to 256 IPs free and supporting a variety of assets,” Geier says. “However, some small businesses may find the system requirements too stringent, as it requires a Windows Server.”
3. A relatively straightforward and easy to use scanner is the Microsoft Baseline Security Analyzer (MBSA). It will do local or remote scans on Windows desktops and servers, identifying missing service packs, security patches and common security misconfigurations. The latest release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012, and maintains previous versions as far as Windows XP.
“Although free and user-friendly, keep in mind that MBSA lacks scanning of advanced Windows settings, drivers, non-Microsoft software, and network-specific vulnerabilities,” Geier says. “Nevertheless, it’s a great tool to help you find and minimize general security risks.”
4. Nexpose Community Edition scans networks, operating systems, web applications, databases and virtual environments. The Community Edition is limited to scanning up to 32 IPs at a time, and each licence runs for a year only. A seven-day free trial of the commercial edition is available.
Nexpose installs on Windows, Linux, or virtual machines and provides a web-based GUI. The user can create sites to define the IPs or URLs to scan, select scanning preferences and schedule, and provide credentials for scanned assets.
“Nexpose Community Edition is a solid full-featured vulnerability scanner that’s easy to set up,” Geier says, “but the 32 IP limit may make it impractical for larger networks.”
5. SecureCheq is a simple tool that does local scans on Windows desktops and servers, zeroing in on insecure advanced Windows settings as defined by CIS, ISO or COBIT standards. While it specializes in common configuration errors related to OS hardening, data protection, communication security, user account activity and audit logging, the free version will only scan less than two dozen settings, about a quarter of the full version.
It’s easy to use and does nab those advanced config settings, but Geier says SecureCheq actually misses some more general Windows vulnerabilities and network-based threats. “However, it complements the Microsoft Baseline Security Analyzer (MBSA) well; scan for basic threats and then follow up with SecureCheq for advanced vulnerabilities.”
6. Qualys FreeScan provides up to 10 free scans of URLs or IPs of Internet facing or local servers or machines. Users initially access it via the Qualys web portal and then download the virtual machine software if running scans on their internal network. FreeScan supports vulnerability checks for hidden malware, SSL issues, and other network-related vulnerabilities.
If users enter a local IP or scan, they’re prompted to download a virtual scanner via a VMware or VirtualBox image. This allows scanning of the local network. Once the scan is done users can view interactive reports by threat or by patch.
“Since Qualys FreeScan only provides 10 free scans, it’s not something you can use regularly,” Geier says. “Consider using another solution for day-to-day use and periodically run Qualys FreeScan for a double-check.”