In cybersecurity, vulnerability scans are a critical component of a comprehensive security program. They are automated processes designed to identify and report security flaws in systems, applications, and networks.
These scans can be categorised into two main types: external and internal vulnerability scans. Understanding how each works is essential for protecting an organisation’s digital assets.
External Vulnerability Scans
An external vulnerability scan simulates an attack from an outside actor, i.e. someone with no prior access to the organisation’s network. The scan is typically performed from the internet, targeting publicly exposed assets like web servers, firewalls, and routers. Its primary goal is to identify vulnerabilities that could be exploited by an attacker on the open internet.
How It Works
The process begins with the scanner sending a series of requests to the target systems’ external IP addresses. It systematically probes for known weaknesses, such as:
- Network and Service Probing: The scanner checks for open ports that might be running vulnerable services and looks for common misconfigurations in network devices and web servers, like an improperly configured firewall rule that allows unauthorised traffic.
- Software and Certificate Weaknesses: It checks for outdated software versions with known vulnerabilities and detects expired or improperly configured SSL/TLS certificates, which can compromise secure communication.
- Credential Security: The scan attempts to identify services that are using default or easily guessable login credentials, which are common and high-risk entry points for attackers.
The results of an external scan provide a clear picture of an organisation’s security posture from an outsider’s perspective. It helps prioritise which internet-facing vulnerabilities need immediate attention.
Internal Vulnerability Scans
An internal vulnerability scan, on the other hand, is performed from within the organisation’s network. It simulates an attack from a malicious insider or a threat actor who has already gained access to the internal network. This type of scan is crucial because many of the most damaging attacks originate from inside the network.
How It Works
The internal scan typically uses an agent or a scanning appliance placed on the internal network. It has a much broader scope than an external scan, as it can access and analyse a greater number of devices and systems. The scan looks for vulnerabilities like:
- Patch Management and Endpoint Security: The scanner identifies systems and applications that are missing critical security patches, which are often the initial point of entry for malware.
- Internal Threat Pathways: It checks for privilege escalation flaws that would allow a user to gain higher access levels and identifies lateral movement opportunities, which are paths an attacker could use to move from one compromised system to another.
- Network Infrastructure Security: The scan inspects internal firewalls, routers, and switches for misconfigurations that could expose sensitive data or allow unauthorised access within the network.
An internal scan provides visibility into an organisation’s internal security landscape, helping to secure systems that are not exposed to the public internet but are still critical to the business.
Key Differences and Synergies
The main difference between the two is the perspective from which the scan is conducted. An external scan looks at the “front door” of the network, while an internal scan assesses the “interior” of the house.
Both types of scans are not mutually exclusive; they are complementary. An organisation should perform both regularly to get a complete and accurate view of its security posture. External scans help protect against outside attackers, while internal scans secure the network from insider threats and help contain a breach once it occurs. Combining the results from both provides a comprehensive strategy for identifying, prioritising, and remediating vulnerabilities across the entire digital infrastructure. Regular scanning, along with penetration testing, forms the foundation of a proactive security strategy.
At Mondas, we understand that a complete security posture requires looking at your organisation from every angle. Our comprehensive vulnerability management services include both external and internal scanning, ensuring your digital assets are protected from threats originating both outside and inside your network. Discover more about our approach to Vulnerability Scanning, or contact us today to see if we can audit your current vulnerabilities.
