This tip was submitted to the searchSecurity Tip Exchange by user Brian Clark. Let other users know how useful it is by rating the tip below.
One low-cost way to improve the security of a network is to scan all of the servers and workstations on the network for known vulnerabilities, then apply vendor-supplied patches appropriately. A lot of attention is given to perimeter security and not enough to internal security.
One such tool to do the scanning is an open-source scanner called
. It runs well on Linux and can generate HTML-formatted reports for your entire network, along with suggested fixes for each vulnerability that it finds. It scans for thousands of known vulnerabilities in all common operation systems and applications, such as all versions of Windows, IIS, Solaris, Linux and even MacOS X.
The Nessus software is free. So is Linux. Even a novice Linux user can set-up a low-end PC with Red Hat Linux with it's easy to use graphical installer. Then
download the Nessus installer RPM
Configure the scanner per the instructions on the nessus.org page, and start scanning. You can scan a whole subnet at once.