The document provides an overview of systems vulnerability scanning, defining vulnerabilities and discussing methods for scanning networks, systems, and applications to identify potential security risks. It highlights the importance of understanding open ports and services, conducting banner/version checks, and utilizing vulnerability probes to detect flaws. The conclusion emphasizes the need for caution and legal clearance before performing any network scans to avoid risks such as crashing servers.

1. Cyber Security
CHAPTER 1:SYSTEMS VULNERABILITY SCANNING (PART 1)
Created By: Dholakiya Mohit
1

2. Index
 What is Vulnerability?
 Overview of Vulnerability Scanning
 Open Port/Service Identification
 Banner/Version Check
 Traffic Probe
 Vulnerability Probe
 Vulnerability Examples
 Conclusion
2

3. What is Vulnerability?
 Vulnerability is nothing but a loophole from where we can find a door to
step into any of the sites, software, network, etc.
 This topic itself has it’s own fanbase in the world
 Vulnerability is found everywhere in one or different form
 These vulnerabilities can be found by many ways mostly all of them comes
under Vulnerability assessment(VA).
 Also another one is through Penetration Testing(PT).
3

4. Overview of Vulnerability Scanning
 Firstly, question comes to mind what is Vulnerability scanning and why we
need Vulnerability scanning…..
 Vulnerability scanning is nothing but to scan the whole computer system or
network or software and gain the knowledge about all the possible ways
from where they can be hacked.
 It is obvious that we need this scanning because we want more security for
our technological surroundings.
 Mostly Vulnerabilities are scanned through software based which are
known as Vulnerabilities Scanners.
4

5. Cont…
 Vulnerability Scanner:
 A vulnerability scanner can assess a variety of vulnerabilities across information
systems
 (including computers, network systems, operating systems, and software
applications)
 that may have originated from a vendor, system administration activities, or
general day to-day user activities
 Three of them are created, generated or added to the system without the
permission of the user unknowingly.
5

6. Cont…
 Benefits:
 This helps to detect the problems at the early stage only from both the
perspective internal and external easily. For example vulnerability present in the
network
 A new device connected to the system can be easily categorized to rogue
machines if it is such malicious.
 Moreover it can give all the information about the device such as IP address,
device name, operating system version, security patch level version,etc.
6

7. Open Port/Service Identification
 Open Port are the available ports from where the required packets are
send.
 From all the available ports some ports are kept always open because
some of the packets are to be sent and received compulsorily.
 So from here the attacking, hacking, cracking, etc. terms comes into the
market.
 Information about these ports are taken by the hackers and further used to
probe the place where they found the open port.
 Based on the response type a hacker or attacker knows whether the port
is used or not, open or closed.
7

8. Cont…
 Examples of ports
 Physical - USB,Serial
 Virtual - 1 – 65535
 http:// - 80
 https:// - 443
 ftp - 21
 smtp - simple mail transfer protocol - 25
 pop - post office protocol - 110
8

9. Banner/Version Check
 -sV (Version detection)
 -allports(Don’t exclude any ports from version
detection)
 -version-intensity<intensity>(set version scan intensity)
 -version-all(try every single probe)
 -version-trace(trace version scan activity)
9

10. Traffic Probe
 High Speed Traffic Processing
 Network Traffic Measurement
 Network Intrusion Detection
10

11. High Speed Traffic Processing
 Total amount od data created or replicated was over 1 zettabyte which
means 1021 bytes which is 143 GB for each of the 7 billion people on planet
 FPGA cards are still used in applications which perform in depth analysis,
patter matching, and low latency operations
11

12. Network Traffic Measurement
1. Full packet Trace
2. Flow statistics provide information from Internet Protocol(IP)
3. Volume Statistics are provided by most network appliances for network
management
12

13. Network Intrusion Detection
 Signature based approach inspects the evaluated content
 Anomaly- based detection
 Stateful protocol analysis
13

14. Vulnerability Probe
 Some security bugs can’t be identified without sending a payload that
exploits a suspected vulnerability
 An easy to understand example of a vulnerability probe is an HTML
injection check for a web application.
 Imagine a web app that has a search box for users to find text within its
pages.
14

15. Vulnerability Examples
 Missing data encryption
 OS command injection
 SQL injection
 Buffer overflow
 Missing authentication for critical function
 Missing authorization
 Unrestricted upload of dangerous file types
 Reliance on untrusted inputs in a security decision
15

16. Cont…
 Cross-site scripting and forgery
 Download of codes without integrity checks
 Use of broken algorithms
 URL redirection to untrusted sites
 Path traversal
 Bugs
 Weak passwords
 Software that is already infected with virus
16

17. Conclusion or Warning
 Please carefully review the relevant terms and conditions before
registering on any website ,as well as downloading and installing any
software.
 In addition, please note that running any of the network scan may lead
you to too many inherent risks from scanner tools.
 Example given : denial od service scans, you may unknowingly lead to the
crashing of vulnerable server
 It is necessary to plan and perform the scanning carefully with the prior
arrangement or notification, such as management approval for legal
clearance.
 Never scan any network that is not your own.
17

18. 18