Categories Of JSA Vulnerability Manager Vulnerability Checks
JSA Vulnerability Manager checks for multiple types of vulnerabilities in your network.
Vulnerabilities are categorized into the following broad categories:
Risky default settings
Risky Default Settings
By leaving some default settings in place, you can make your network vulnerable to attacks. The following situations are examples that can make your network vulnerable:
Leaving sample pages or scripts on an IIS installation
Not changing the default password on a 3Com Hub/Switch
Leaving "public" or "private" as an SNMP community name on an SNMP enabled device
Not setting the sa login password on an MS-SQL server
Some software settings for systems or applications are designed to aid usability but these settings can introduce risk to your network. For example, the Microsoft NetBIOS protocol is useful in internal networks, but if it is exposed to the Internet or an untrusted network segment it introduces risk to your network.
The following examples are software features or commands that can expose your network to risk:
ICMP time stamp or netmask requests
Sendmail expand or verify commands
Ident protocol services that identify the owner of a running process.
In addition to identifying misconfigurations in default settings, JSA Vulnerability Manager can identify a broader range of misconfigurations such as in the following cases:
Unrestricted NetBios file sharing
DNS zone transfers
FTP World writable directories
Default administration accounts that have no passwords
NFS World exportable directories
Vendor flaws is a broad category that includes events such as buffer overflows, string format issues, directory transversals, and cross-site scripting. Vulnerabilities that require a patch or an upgrade fix are included in this category.