The Difference Between Auditing and Vulnerability Scanning

Technical Auditing and Vulnerability Scanning

Why both look the same, yet have subtle differences

When talking about auditing, I see that most technical people immediately think about vulnerability scanning. While they definitely have things in common, there are also a lot of minor differences. In this blog post I will show them, and also share how technical auditing and vulnerability scanning can work together.

Similarities and Differences

Let’s first determine what makes technical auditing and vulnerability scanning look similar. First of all, both processes have a technical focus with the goal to discover. The output of both is usually a list of issues. The ones performing the tests have both a technical background. But then things get different.

When we talk about technical auditing, we mean performing an in-depth health check of a system. A technical audit looks at different areas of the system, to determine how well it is configured. Vulnerability scanning on the other has the main purpose to detect software flaws. It is often used by penetration testers and other security professionals, to determine how well a system is patched.

OpenVAS and Lynis

In the field of Linux systems, let’s compare OpenVAS and Lynis. The first is an open source vulnerability scanner, the latter an open source auditing scanner. Both tools have the purpose to find weaknesses on the system. Where OpenVAS does a wide range of tests from the network, Lynis runs on the host itself. Both tools will find different findings, depending on the detected services.

If you would only run OpenVAS, you might it detected some services running, like a web server. It will then perform a set of tests against the HTTP or HTTPS port and reveal its findings. Such findings could be weak ciphers used in the SSL/TLS configuration. While that is a good thing, it might be totally missing that your system time is not properly synced. These kind of things can be detected by Lynis. So in the end it does not make sense to compare vulnerability scanners and auditing tools, as their focus is different. If you would compare something, then take Nessus and OpenVAS, and compare those. For Lynis you could compare it with OpenSCAP.

Overview

Similar

  • Technical focus
  • Find weaknesses

Different

  • Audit performs health check, vulnerability scan checks for software weaknesses
  • Audit can be more generic, vulnerability scan focuses on software

 

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package




Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.