The vulnerability scanning is a process of scanning your system, application, or network for vulnerabilities or weaknesses. The vulnerability scanning tools allow you to find out vulnerabilities on your system or the devices on your network that can be compromised on security. Once you know the weaker areas, you can make fix the weaknesses. However, if vulnerability scanning is used on your network by a hacker then the hacker can use it against you. Therefore, it is important that you use this system before a hacker uses against you. The vulnerability scanning can be of two types:
- Active vulnerability scanning: This is an active approach that an organization uses to fix all kinds of system breaches through core monitoring functionality. It includes scanning tools that require constant attention and vigilance. It includes specific focus areas. Sometimes a product is configured to prevent particular situations. For example the use of USB pan drives on a network. Some vulnerability scanning products are: Nitko, Paros proxy, CGI Scanner, and WebScarab.
- Passive vulnerability scanning: This is a passive approach in which the security personnel of an organization monitor system security. For example it includes monitoring of operating systems in use, scanning LAN for inbound and outbound traffic, determining the services that are available, and determining the parts of the system/network that are vulnerable to security threats. Some passive scanning products are: NeVO by Tenable Network Security, Secure Linux, and LANguard Network Security Scanner.
You can use both types of vulnerability scanning on your system/network to eliminate the exposures in the system/network that can be exploited by the attackers.