O'Reilly logo

Incident Response by Richard Forno, Kenneth R. van Wyk

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Network Vulnerability Scanners

Network-based vulnerability scanners are very different than the network-level tools described in the previous section. The network-level tools are used primarily to passively observe and analyze network activity, good or bad, whereas network vulnerability scanners actively send packets out over a network in search of vulnerabilities, malicious code, etc., on other hosts on the network. It’s the real-world equivalent of the weatherman sticking his head outside the window to see if it’s raining compared to doing research to figure out why it is raining and how much rain should be expected. As such, we have placed them in an entirely different category. Their applicability to incident response operations includes these tasks:

Detection of back doors and malicious code throughout a network

Often while handling an incident, one major concern is that an intruder may have placed unauthorized software on one or more of the computers under investigation. Such so-called back doors on systems allow an attacker to access the compromised systems with ease (and low chance of detection) again later. One of the best and quickest ways of detecting whether this has been done is to perform a network-based sweep of the potentially affected systems, specifically looking for common back door software. Although by no means foolproof, it is a useful process while handling an incident and can often alert you to things that you might otherwise overlook.

Detection of enabling ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required