Considering it is National Cyber Security Awareness Month, and if you are on this forum then you are odviously at least a little bit of a forward thinker, I wanted to start the discussion on vulnerability scanning your local network, your cloud network (if you run multiple servers in the cloud and they talk locally, you have a cloud network), and your actual web apps (websites) themselves.
So, does anyone do it? With any regularity? Automated it? Think it’s a waste of time? Pay someone else to handle it?
I personally have automated a few things (worked them into Trellis, which means I have roles, but they are rough around the edges cuz I never showed them to anyone) that I have running on all my servers.
I run LMD (Linux Malware Detect) with ClamAV as the scanner engine, the article is for RHEL but if your gonna run the scanner than you can figure out how to change yum to apt-get.
I use Lynis (Security Auditing which runs on your server and tells you how horrible you are) every once in awhile, normally when I first set up a server, then occasionally after big updates and such.
I try to run Rkhunter but the false positives drive me insane so I mostly stopped using it.
Also I use Metasploit Framework to run small scale pen testing on my local network and on my web apps, it will do port scans, SQL exploits, try uploading malware onto your server type stuff, plus a lot more.
I’m by no means a hardcore hacker or pen-tester wannabe (I know my role in the world and that isn’t currently it), but I feel like I really want to take the Offensive Security Pen Testing w/ Kali Linux Cert because they let you loose in their own custom cloud pen testing lab it a ton of vulnerable machines and networks and you just have to get down and make your way through them.
Anyone else dabble in pen-testing their websites or servers? Do you all think it’s something worth knowing about yourself or should you just get a WAF (Cloudflare, Sucuri, Wordfence) and forget about the bots and people trying to break into your stuff every second of every day because that’s what you pay those people for.