Introduction

In the preceding chapter, we talked about the boring but necessary first steps of conducting a vulnerability assessment. This chapter will expand on that and move into the more enjoyable steps of actually identifying and confirming vulnerable systems. This is a appropriate topic, because now is the perfect time to demonstrate why a good VA program is required: as we were putting together this chapter, the information technology (IT) world was scrambling to deal with a new form of malware that was exploiting an issue with the Microsoft Windows Server Service. Although some organizations were on high alert and their IT staff were being worked to death dealing with this threat, other organizations were calm and in a business-as-usual mindset because they had a proper vulnerability assessment (VA) methodology in place.

In this case and really in any case where a new threat is exploited in the wild just by following the steps outlined in the preceding chapter an organization would already have a list of systems that it needs to check for the existence of a threat, as well as a list of systems which it should not waste time checking. This chapter will take you through the steps of scanning not only for specific threats, but also for every known vulnerability in existence.

One thing to remember when performing any vulnerability assessment, or even a penetration test, for that matter, is that you are conducting a point-in-time assessment. To borrow from a famous Bruce Schneier quote: Vulnerability management is...