You can be practicing perfect online security, using the best VPN, as well as top rated antivirus software, and still have a need for vulnerability scanning. There’s no way that you can keep up with all the malware and computer viruses out there on your own.
Vulnerability scanning apps will automate your security auditing for you by searching for thousands different security risks. Here are 4 free vulnerability scanning apps to choose from.
Retina CS Community from BeyondTrust can handle vulnerability scanning for Microsoft, and its third-party applications such as Firefox and Adobe. It supports finding vulnerabilities on:
- Mobile devices
- Private clouds
- Web applications
- Virtual applications.
You can do all of this for up to 256 IP’s for free.
In order to use it you will need:
- Windows Server 2008 or more recent
- Microsoft SQL 2008 or more recent
- The .Net framework 3.5
- IIS server’s enabled
You should also know that installation on small business servers for domain controllers is not supported by Retina CS Community. One of the most useful things about it is that it will support different user profiles. This allows you to change the assessment to suit your job. You can also choose to specify an IP range to be scanned.
This is a free offering from a commercial vendor, meaning that BeyondTrust offers a full version as well if you enjoy this. It is not open source like other vulnerability scanning software talked about here, but it will patch and scan up to 256 IP’s for free, all while supporting a number of different devices. Not bad for no money.
Free vulnerability scanning: Microsoft Baseline Security Analyzer
You can use this tool to perform remote or local scans on Windows servers and desktops. Microsoft Baseline Security Analyzer can identify:
- Any missing security patches
- Missing service packs
- Common security misconfigurations.
The new Version 2.3 will support:
- Windows 8
- Windows 8.1
- Windows Server 2012
- Windows Server 2012 R2
- Everything down to Windows XP
It has been designed by Windows to be easy to use and understand. Once you open it you have the option of selecting a single Windows machine that you want to scan. Simply choose the computer’s name from a list, or you can choose to scan a specific IP address. You can even choose what to scan for, such as:
- Weak passwords
- Windows updates
- SQL administrative vulnerabilities
- IIS administrative vulnerabilities
Once your vulnerability scans are done you are given separate reports for each machine that you have scanned. They receive an overall security classification, as well as details from different categories. If a vulnerability is found you can click on it to quickly read even more detailed results. Your results are saved automatically so you can refer to them later, you can also print them if you need to.
Free vulnerability scanning: SecureCheq
You can use SecureCheq, from tripwire, to perform local scans on your Windows servers or desktops. It will identify a number of insecure advanced Windows settings, this will include COBIT, ISO, and CIS. Its primary role is to focus on the common configuration errors related to:
- OS hardening
- Communication security
- Data protection
- User account activity
- Audit logging.
When you use the free version you can only do 24 settings at once. The full version can do four times this. You will also only receive your results and a pass or fail. You’ll have to click a link to be sent to references about the vulnerability, as well as a summary and repair suggestion.
It is best to use it with Microsoft Baseline Security Analyzer for basis vulnerabilities, and then follow up with SecureCheq for more advanced threats.
Free vulnerability scanning: OpenVAS
OpenVAS stands for Open Vulnerability Assessment System. This free network security scanner has most of its components licensed under the GNU General Public License. The scanner doesn’t work on Windows machines, only Linux, but they do offer clients for Windows if you need one. Its main component is delivered through a number of Linux packages, or it can be downloaded as a virtual appliance if you want to test it.
OpenVAS’ Main component is the security scanner. This is the part that is going to actually scan and receive an updated Network Vulnerability Test feed on a daily basis. At this time, it has more than 33,000 tests to scan your computer with.
While this vulnerability scanning software is not the quickest to use, it does have the most features, which is particularly notable since it is free. You can:
- Schedule your scans
- Do multiple scans at once
- See false positive management results as well.
The main drawback is that Linux is required for the main component. If you like it, it is part of the Greenbone Network of products so you can upgrade to a more comprehensive paid version.