Get started with Network Vulnerability Assessment

Practical scenarios to max out the tools and features on when evaluating a network’s security
Written by Adina Mihaita
Updated 1 year ago

Depending on what you want to achieve, you can start a network vulnerability assessment in one of the following ways:

1. Semi-automated: Port discovery + Vulnerability scan

Focus only on network and port discovery first and, after analyzing the results, do a vulnerability scan:

  1. TCP Scanner – ports 1-65535
  2. UDP Scanner – top 1000 ports
  3. Based on the results, start the Network Vulnerability Scan with OpenVAS and check for open ports
  4. SSL/TLS Scanner on HTTPS ports (if needed).

2. Fully automated: Port Scan + Vulnerability scan

Try a scan template that runs multiple tools at the same time. Include the following tools in your scan template, with the configuration below:

  1. TCP Scanner – ports 1-65535
  2. UDP Scanner – top 1000 ports
  3. OpenVAS TCP (Full Scan) – ports 1-65535
  4. OpenVAS UDP (Full Scan) – top 1000
  5. OpenVAS TCP (Light Scan) – ports 1-65535 (based on Nmap Vulnerability Scan)
One downside here is that the tools will generate a lot of traffic in the network, therefore creating noise and probably triggering some alerts on your Intrusion Detection System/Intrusion Prevention System.

In some cases, when the network has limited bandwidth, the scanners might return false negative or false positive results. If you know a port is opened on a host, we recommend rescanning the host(s).

Top tip: focus first on the publicly exposed assets and then on private/internal assets, using our VPN agent to create a secure tunnel between our scanning machines and your network.

Extra check - Password Auditor

For applications that require authentication, check if weak credentials are being used by trying the usernames and passwords from the input wordlists. One of the unique advantages of the Password Auditor is that it automatically detects web forms in web applications and it attempts to log in with the given credentials by itself. It has the capability to detect if a web form authentication is successful or not, making your workflow smoother by removing manual checks.

You can dive into the details by reading the full guide in our Platform Tutorials section of our blog.

Did this answer your question?