Vulnerability Management

Forget Linux Vulnerability Scanning: Get Better Defenses

Vulnerability scanning focuses on weaknesses, or negative aspects of information security. Wouldn't it be better if we focus on the positive, the actual defenses?

Summary of Forget Linux Vulnerability Scanning: Get Better Defenses

Every month or so, I get a few questions about the vulnerability capabilities Lynis has to offer. It made me think about this subject and I realized something: Many security professionals are still focusing too much on vulnerabilities. They want to know their security gaps, so they can know where they stand. While this isn’t a bad approach, there might be a better solution. The solution I will discuss today is to focus on (permanent) processes, instead of vulnerability scanning.

Read the full article…

Linux vulnerabilities: from detection to treatment

How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.

Summary of Linux vulnerabilities: from detection to treatment

If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it.

Read the full article…

Vulnerability Scanning: The Destiny to Disappointment?

Vulnerability management is an important process to deal with vulnerabilities in software and hardware. At the same time it can become challenging very quickly.

Summary of Vulnerability Scanning: The Destiny to Disappointment?

Our digital world is full of hardware and software components. The big difference between the two is the quality. When hardware ships with defects, people will return it and talk badly about it. For software it is fine if things are not perfect from the beginning. It can be improved upon in steps, until most of its users are happy with it. Developers of this software often are some level of pressure.

Read the full article…

Why Auditing and Vulnerability Scanning are Different Things

Why is auditing and vulnerability no the same? In this article we have a look at both and look at the differences.

Summary of Why Auditing and Vulnerability Scanning are Different Things

As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping sweep to detect which systems are alive and providing services.

Read the full article…