The Security Benefits of Server Vulnerability Checks
Websites by their nature are exposed to the entire world. Because of this reality, any server or VPS that hosts a website is potentially vulnerable to security threats. Many security holes are obvious, and it may even be standard procedure for you to fix them. You likely already run updates, tighten your firewall, block spam, and scan for viruses.
Nevertheless, some of the looming threats are not detectable by the naked eye. Your server could be vulnerable to security threats and show no obvious symptoms. For this reason, it is imperative that you run vulnerability checks and take the necessary routine precautions to prevent threats you may not have even known existed.
The following are various types of vulnerability checks that you should consider running.
1. Network vulnerablity
By using a network vulnerability scanner, you can check your server for potential network weaknesses, those related to your firewall and other networking tools. You should perform network stack stress tests, port scanning, Denial-of-Service (DoS) vulnerability tests, and other tests to ensure your network’s strength.
2. OS vulnerability
Your operating system has many levels, and you should make sure that each of those levels is secure. That means testing your kernel, your applications, your file system integrity, and more. You can also do routine log checks, read security reports from security specialists, and read bug reports on any major software you use to make sure there are no dangerous security flaws.
3. Web application vulnerability
Even with a fully hardened OS and tightly sealed network, you could still run into security problems by the one component on your server that must remain open: your web server. The port is open, and the data freely flows in and out. This makes any web application a prime target for exploitation. Therefore, you can find a plethora of stress tests and script scanners on the web that will test your web applications for potential hazards. Cross-site scripting (XSS), SQL injection, and other web-related attacks are all very real and affect small and large websites alike.
Examples of Vulnerability Scanning Tools
These tools are not necessarily the best, although they might be. For our purposes, however, they simply serve as examples of free tools you can use for vulnerability scanning. Some hosting companies may also provide free security tools that you can use for your websites.
OpenVAS
Free and open source, OpenVAS vulnerability scanner uses a daily feed of over 20,000 network vulnerability tests (NVT). It also has a comprehensive suite of management tools to make scanning easy and effective.
OSSEC
The Open Source Host-based Intrusion Detection System is a collection of security tools offered by the security firm Trend Micro. It includes rootkit detection, policy monitoring, log analysis, and file integrity checking. The tools are available for Linux and other Unix-like operating systems.
w3af
The w3af web application attack and audit framework scans for a variety of web server vulnerabilities, including SQL injection, file inclusion, and XSS. It has plugin support making it extensible, and it is free and open source.
Vulnerability tests can save you a tremendous amount of time and money by helping you prepare your server for unseen dangers. For a more complete lists of vulnerability scanners and other security tools, visit SecTools.org.
Guest post by: Tavis J. Hampton is a Linux system administrator and writer for TavisOnline.com.
Post new comment