These tools can search for misconfigured application servers, such as Web servers; and network components, such as switches and routers, that are vulnerable to known problems.They look for out-of-date applications, especially those with known problems.We installed all the analyzers on dual-processor 1.7 GHz systems with 512 MB of memory.As the number of security threats to networks and servers grows, security managers have turned to vulnerability analysis tools to identify a wide variety of potential problems on their networks.And they often search for applications that are enabled by default--but perhaps shouldn't be, such as RPC services on Unix or the UDP ECHO program on Windows NT/2000.Vulnerability analyzers are also security oriented, so they often look for "information leakage" from systems through DNS and other avenues, including SNMP and Windows registry.There are many variations within these three phases.Some products try to brute-force guess passwords on accounts.
We tested five Our test network was large enough to give the analyzers a run for their money.
Smarter products iterate between phases two and three, learning more and using that information to launch additional tests.
Others have ways of pruning their decision tree to save time and minimize the risk of overloading the target systems.
Because scanning is network and processor intensive, all VA products offer different types of scans, usually called "policies." We set the vulnerability analyzers at their highest, or most intensive, setting.
We took the advice in each product's documentation to pick the heaviest "safe" scan--safe in the sense that the scan was not supposed to crash any system, although this definitely wasn't the case (see "Caveat Emptor").