Remote Vulnerability Assessment

Frequently Asked Questions

1. What is a Remote Vulnerability Assessment?

A Remote Vulnerability Assessment is a type of security audit. The assessment is performed over the Internet, looking for signs of vulnerabilities (also known as "security holes") that could pose a risk if not addressed. It is a methodical examination and review done by a knowledgeable person that gathers data used to identify potential risk. The purpose of gathering this data is to achieve a clear non-biased view of the current status of the network upon which to begin a risk assessment.

2. When and how often should an assessment be performed and why?

Your level of security, risk tolerance and how open your systems are should dictate the frequency of your assessments. Ideally, your assessments should be performed whenever your risk profile changes. Realistically, this profile changes daily or weekly, so frequent assessments may not make business sense.

For this reason, most security professionals regularly use self-assessment tools. The process of maintaining a secure environment is ongoing, and administrators need an automated tool to supply vulnerability information to keep up with an ever-changing network structure. External evaluations can also be useful, especially if an organization is seeking to build a case for staffing and for independent verification of risks.

Your remote vulnerability assessment is only the first step in securing your network. To create a security strategy, your organization needs information on the current state of the network and what vulnerabilities exist. If an assessment has never been performed, one should be done to provide a plan for reducing common vulnerabilities and to help establish or improve current policies and procedures.

3. What defines an effective assessment process?

The remote vulnerability assessment service is your first step towards a full assessment. The common process of any security assessment must use the established criteria of policy, plan or specified performance standards, measure against written industry standards, be conducted in the representative environment and produce an understandable report. A full security assessment will consider any event or situation that could cause the network to cease to perform the tasks for which it was intended. The three basic steps of a full assessment are:

1. Vulnerability scanning — focuses on known weaknesses
2. Penetration testing — focuses on unknown weaknesses
3. IT security audits — focuses on security policies and procedures
4. How can a vulnerability assessment affect my network?

Vulnerability assessments are only useful if they are conducted in the production environment under normal operating conditions. Therefore, a system administrator (who will be able to determine if the conducted tests will interfere with normal operations) will be involved in all assessment planning sessions and will be in attendance at all assessments. On rare occasions, the assessment process can interfere with system performance, and proper recovery can only be achieved with the assistance of a qualified staff member.

You may have a number of choices to make while setting up your assessment. While it is best to verify theoretical vulnerabilities by actual testing, it is possible that attempting to break into a system can pose risks to data integrity and availability. Similarly, testing for buffer overflow vulnerabilities can cause a computer to lock up and be unusable until rebooted. You may choose to limit the impact of your assessment on your mission-critical services by excluding them from assessment; if you do so, remember that you are intentionally not checking for those vulnerabilities. Your mission-critical services are often the biggest targets and should be assessed in some manner if they are excluded from the assessment. The results of the assessment will have much less value if critical systems are skipped and left unsecured.