Vulnerability scanners

Computer networks are used by organisations and companies as a carrier of communication and services. Disruption of the network service can severally harm the organisation. A vulnerability scanner can find weaknesses in a computer network before a potential attacker does. It scans the network for vulnerabilities by testing weaknesses and by gathering information about different entities active in the network. From the testing and information gathering it makes conclusions and reports the vulnerabilities it found in the network. If the scanner misses some vulnerabilities and the administrator of the network makes the conclusion that the network is secure enough the impact can be severe on the organisation or company. This thesis is trying to find out to what extent a vulnerability scanner can be trusted. The thesis starts with defining the theoretical requirements to a secure network. When the foundation is set the thesis moves on and explains common network vulnerabilities that are threatening computer networks. Network security testing is an activity that consists of several techniques and tools to simulate possible attacks. The vulnerability scanner is one tool that can be used during such a test. Four vulnerability scanners have been run against a laboratory network. On the same network a penetration test has been conducted to know what security holes that can be used to gain access to the system. The comparison between the findings of the vulnerability scanners and the vulnerabilities found and explored in the penetration test indicates to what extent the vulnerability scanners can be trusted. The results show that the scanners miss out on severe vulnerabilities or give them a low priority, even though these vulnerabilities have been used to gain access to an entity in the network. Vulnerability scanners work with the best intentions but are far too insecure to be trusted as a stand alone security tool.