Categories Of JSA Vulnerability Manager Vulnerability Checks

Risky Default Settings

By leaving some default settings in place, you can make your network vulnerable to attacks. The following situations are examples that can make your network vulnerable:

• Leaving sample pages or scripts on an IIS installation

• Not changing the default password on a 3Com Hub/Switch

• Leaving "public" or "private" as an SNMP community name on an SNMP enabled device

• Not setting the sa login password on an MS-SQL server

Software Features

Some software settings for systems or applications are designed to aid usability but these settings can introduce risk to your network. For example, the Microsoft NetBIOS protocol is useful in internal networks, but if it is exposed to the Internet or an untrusted network segment it introduces risk to your network.

The following examples are software features or commands that can expose your network to risk:

• ICMP time stamp or netmask requests

• Sendmail expand or verify commands

• Ident protocol services that identify the owner of a running process.

Misconfiguration

In addition to identifying misconfigurations in default settings, JSA Vulnerability Manager can identify a broader range of misconfigurations such as in the following cases:

• SMTP Relay

• Unrestricted NetBios file sharing

• DNS zone transfers

• FTP World writable directories

• Default administration accounts that have no passwords

• NFS World exportable directories

Vendor Flaws

Vendor flaws is a broad category that includes events such as buffer overflows, string format issues, directory transversals, and cross-site scripting. Vulnerabilities that require a patch or an upgrade fix are included in this category.