CHAPTER 5: CONFIGURING VULNERABILITY SCANNING 69
Chapter 5: Configuring Vulnerability Scanning
This chapter describes procedures to configure a CC-NOC so it can scan for vulnerabilities, for
example, exploits and thresholds against devices within your network. Scanning for
vulnerabilities assists administrators in resolving security concerns.
Vulnerability scanning finds system vulnerabilities, for example, unpatched systems, older
known vulnerable server daemons, etc., that can be exploited by harmful network traffic. This
harmful traffic can be generated by intruders to gain access to restricted information, alter the
flow of data through your network, or even disable important services on your network.
Vulnerability scanning provides the following information about your network devices:
• Detection and diagnosis of vulnerabilities
• Deep detection of all open ports and services
• Logging of all available information that may benefit intruders
• Detection of passwords that are set to default or easy-to-guess values
With this information, you can take steps to make your network more secure from network-based
intrusion such as:
• Apply patches and software updates to fix known security holes
• Shut down unwanted or unnecessary services
• Remove access to sensitive information on your network
• Change security settings and passwords to make them more difficult to crack
The vulnerability scanning process can be performed at Scan Levels 1 through 4. The higher the
scan level, the more invasive the scan will be to the target IP address. Use caution when
performing scans with Scan Level 3 and 4; although the information they provide may be more
accurate and comprehensive, they can also expose the target machines to dangerous exploits that
may cause data loss or denial of services. Scan levels can only be assigned by an administrator.
Accessing Vulnerability Scanning
Vulnerability scanning is a feature that lets you determine whether or not the systems that you are
managing are vulnerable to different types of known intrusions. When vulnerabilities are detected
on your systems, you will be provided a list of the vulnerabilities for the interface and, if
available, possible solutions or links to more information about the vulnerabilities, including
Common Vulnerabilities and Exposures (CVE) entries. For more information, go to
http://www.cve.mitre.org/.
1. Click on the Vulnerabilities tab in the top navigation bar.
2. Click Configure Vulnerability Scanning.
Figure 85 Vulnerability Scanning Warning