Network Inventory

Introduction

Now that we know all of the libraries we’re dependent on in our codebase, we need to take an inventory of all the networked software that’s running on our network. All the reasons we had for needing a library inventory apply here. Ideally, every server and piece of networked software on your network is already inventoried and automatically patched. It is likely, however, that the team responsible for this (maybe you!) is overworked and doesn’t keep an updated list of everything that’s been deployed.

Tools

A lot of tools can help you with this task. Some of these tools are commercial and some are open source. The important thing isn’t the exact tool(s) that you use for this job. The important thing is that you find tools that you’re comfortable with and that you can bring into your workflow. In the interest of accessibility—and to keep the examples within everyone’s budget—we’ll look at an open-source tool.

There’s a second reason we start with an open-source–scanning tool. If you don’t have a diligent patching program in place already, you don’t need to spend big money on a commercial scanning tool. Instead, you can put a Post-it on your mirror that reads, “You are vulnerable because your software is out-of-date,” send me a check for $10,000, and pocket the difference. Jokes aside, those scanning tools have their place; but if you don’t have a patching process in place, rest assured that you have vulnerabilities everywhere.

                                                 Q U I Z