You may have come across these services before, or heard them being mentioned, but its surprising how many people get them confused, or don’t realise they are in fact quite different in their own rights.
On the technical side of things, vulnerability scanning identifies weaknesses in network devices. This can include routers, firewalls, servers, switches and software applications. It will look for both ‘potential’ flaws/weaknesses and also ‘known’ ones, where it would match it against an existing database list. This is where vulnerability scanning stops, after it has identified weak areas, it will highlight them in a report, however will not go any further and physically exploit them.
This is an automated process performed by software alone and involves no human interaction, until the report has been generated.
Although this is different to vulnerability scanning, it essentially serves a similar purpose, but doesn’t use any automation whatsoever. It will be human driven, where a specific set of elements (scope) or departments are focussed on and a number of penetrating software tools are created, specific to the environment. Essentially they are acting as a hacker and mimicking their processes (without causing damage) in order to try and gain entry. Their goal is to try and identify weaknesses in the network of devices and applications and then physically prove it, by penetrating them and getting in – just like a hacker would!
These tests are usually conducted outside of business hours, or when networks and applications are least used, which in turn, limits the impact on business operations.
Imagine a wall that had various holes drilled into it. Some of these holes only went quarter or half of the way through, where as others would be drilled through completely, creating an entry point from the outside to the inside (well for uninvited insects anyway, so let’s call them hackers!).
To continue reading, please click here
Member since: 25th March 2014
Southern IT Networks provides technology advice, support and management for SME's, with specialisation in regulated industries, Office365 & Azure
The following Cookies are used on this Site. Users who allow all the Cookies will enjoy the best experience and all functionality on the Site will be available to you.
You can choose to disable any of the Cookies by un-ticking the box below but if you do so your experience with the Site is likely to be diminished.
In order to interact with this site.
To help us to measure how users interact with content and pages on the Site so we can make things better.
To show content from Google Maps.
To show content from YouTube.
To show content from Vimeo.
To share content across multiple platforms.
To view and book events.
To show user avatars and twitter feeds.
To show content from TourMkr.
To interact with Facebook.
To show content from WalkInto.