DragonSoft Security Associates
www.dragonsoft.com
A Discussion and comparison of Network-based and Host-based Vulnerability Tools
When you using DragonSoft Secure Scanner to detect Oracle Dababase Server vulnerabilities, You have to setup correctly.

Information Security is the number one challenge for IT managers and there are more and more vulnerability and exposures discovered. However, we could find out the vulnerability efficiently through vulnerability assessment and we could execute patch and prevention. In this article, we provide a discussion and comparison about network-based and host-based VA scanners.

Categories of Vulnerability Assessments

Network-based
The network-based vulnerability assessment do audit through network. It has five main functions:
  • First, network discovery could scan every equipment and host on network and find out the unknown or unauthorized equipment or host.
  • Second, it could scan which service is working on network and examine what ports are opened.
  • Third, it could find out vulnerability and exposure quickly.
  • Fourth, it provides the references of vulnerability to assist technical managers to patch their systems.
  • Fifth, it could produce examining complete reports and provide security and risk information for enterprise efficiently.
    Notes:
  • First, most firewalls will resist ports and then these firewalls will affect the result of examination.
  • Second, some of the Windows vulnerabilities require Registry access to determine. Please supply a proper credential to the VA tool you used.

    Advantages: its advantages include the deployment centralized management and doing industrial vulnerability assessment easily.
    Disadvantage: its disadvantage includes the examination authorized of the targets.
Host-based
In the host-based vulnerability assessment tool, the scanner is set on the inspected host, and it has completely authority to access more privilege to examine the host but the network could only inspect from outside through the network. It has three main functions:
  1. It could examine the incorrect set for file authority on the host.
  2. It could examine the improper setting of the software. (For example, password is too simple.)
  3. The unauthorized installation of software. For example, an employee may install some kind of remote control or VPN software on her/his workstation.
The managers could consider installing network vulnerability assessment in more important server or host; they could examine the vulnerability of high risk and install patch program. The managers' purpose is that give the users of company a comfortable and safe network environment.
    Its advantage: it has more scanning methods and it could scan more vulnerability. Its disadvantage: it is hard to centralized management.
Behind the Vulnerability Assessment- Vulnerability Database
No matter to the Network-based or Host-based vulnerability assessments, both need the latest vulnerability database. With this database, it could gather different vulnerability information for examination to find out vulnerability and exposures quickly. Moreover, with latest vulnerability database any time, it could be sure that the result of examination is the most correct.

DragonSoft Provides the Solution
From the beginning, DragonSoft is devoted to the researcher and development of vulnerability assessment for network security. In order to provide the complete solutions, we supply the Network-based and Host-based Vulnerability Assessment for IT managers to choose. Both have its advantages and disadvantages. Customers could use both to make up the shortage of each one to offer the enterprise the most complete risk assessment.

DragonSoft System Security (DSS)¡GIt belongs to the Network Vulnerability Assessment. It could examine vulnerabilities of the network service and provide intact risk assessment for IT managers to examine the enterprises completely and conduct the next improvement plans.

DragonSoft System Security Manager(DSSM)¡GIt belongs to the Server Vulnerability Assessment. At present, it could inspect the security of the system, search vulnerabilities, check IDs and passwords, and provide related patch to be downloaded toward the server. The program could download the programs and be patched directly. In the further versions, t a centralized control center program will be added to ease the vulnerability management process.

Related Websites
DragonSoft Secure Scanner (introduce our products)
System Security Manager (introduce our products)
About DragonSoft Security Associates, Inc.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.