Though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself.
Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.
Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities, but there are also those that offer broad IT security scanning.
The Open Vulnerability Assessment System (OpenVAS) is a free network security scanner platform, with most components licensed under the GNU General Public License (GNU GPL). The main component is available via several Linux packages or as a downloadable Virtual Appliance for testing/evaluation purposes. Though the scanner itself doesn't work on Windows machines, they offer clients for Windows.
The main component of the OpenVAS is the security scanner, which only can run in Linux. It does the actual work of scanning and receives a feed updated daily of Network Vulnerability Tests (NVT), more than 33,000 in total.The OpenVAS Manager controls the scanner and provides the intelligence. The OpenVAS Administrator provides a command-line interface and can act as full service daemon, providing user management and feed management.
There are a couple clients to serve as the GUI or CLI. The Greenbone Security Assistant (GSA) offers a web-based GUI. The Greenbone Security Desktop (GSD) is a Qt-based desktop client that runs on various OSs, including Linux and Windows. And the OpenVAS CLI offers a command-line interface.
OpenVAS isn't the easiest and quickest scanner to install and use, but it's one of the most feature-rich, broad IT security scanners that you can find for free. It scans for thousands of vulnerabilities, supports concurrent scan tasks, and scheduled scans. It also offers note and false positive management of the scan results. However, it does require Linux at least for the main component.
2. Retina CS Community
Retina CS Community provides vulnerability scanning and patching for Microsoft and common third-party applications, such as Adobe and Firefox, for up to 256 IPs free. Plus it supports vulnerabilities within mobile devices, web applications, virtualized applications, servers, and private clouds. It looks for network vulnerabilities, configuration issues, and missing patches.
The Retina CS Community software essentially provides just the patching functionality. Retina Network Community is the software that provides the vulnerability scanning, which must be separately installed before the Retina CS Community software.
Sign up for Computerworld eNewsletters.