Answer:
a) Viruses
Explanation:
Vulnerability assessment is performed by variety of tools and these can be protocol analyzer, vulnerability scanner, Honeypots, port scanners, honey nets and banner grabbing tools.
Port scanners : they are used to scan the ports which can be exploited by attackers. Most of TCP/IP applications communicate using different ports and attackers can exploit these ports if they are found vulnerable. for example : ports like 80 and 443 are commonly used for HTTP and SSL communication. 22 is used for SSH and if they are open to world then it will allow attackers to use those to get the entry into the system.
Protocol Analyzers : They are used to analyze the packet captures. tools like wireshark, tshark, these tools will help user to decode HTTP/SSL/HTTPS/FTP/RSTP or any application protocols communication. this will help user to understand any unwanted or non-anticipated traffic.
Vulnerability Scanners : They are used to detect the vulnerabilities in the network or systems. these will help administrators to get the alerts whenever there are unanticipated activity. It will have two types of scanners one is active scanner and other is passive scanner. Active scanners will keep on sending probes at the fixed time slots and passibe scanners will be in listening mode all the time. These scanners will alert when a new nodes comes up or goes down or if any system gets compromised.
Honeypots and Honey nets : They are devices or softwares which are having limited security. These devices are made vulnerable purposefully so that attackers can try and attack. This will help softwares to detect the attackers when they try to exploit these open vulnerabilities. They are deceptions created with purpose.
Banner grabbing Tools : These are tools which will capture the banner information like HTTP protocol version, underlying operating system, open ssl versions being used, server software and similar information. these are important as it will open up potential vulnerabilities in the underlying software. for ex : SSLv3 has a vulnerability known to world and can be exploited by anyone.
