IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCSC project will help UK businesses identify security vulnerabilities

The scripts will be developed and reviewed regularly to target the most pervasive issues in enterprise security

The UK's National Cyber Security Centre (NCSC) has launched the Scanning Made Easy (SME) trial project to help businesses quickly and easily identify security vulnerabilities in their systems.

SME will see various scripts being offered to businesses for free allowing them to easily identify a range of specific critical vulnerabilities. The aim is to make patching more straightforward for businesses, especially ones with fewer cyber security capabilities compared to larger firms. 

The NCSC said it won't be releasing scripts for every single vulnerability but said they will be continually developed and reviewed for security issues that "are consistently causing headaches for system administrators".

The scripts will be written by the NCSC's i100 partners (i100 is an initiative that promotes collaboration between the NCSC and outside industry talent) and will conform to the cyber organisation's SME developer guidelines which defines what the script is able to do and how it verifies a vulnerability.

"It is important that anyone running the scripts knows what they do," the NCSC said.

Each script will be written using the NMAP Scripting Engine, one of NMAP's most powerful tools designed for developers to easily create and share scripts to automate a variety of networking tasks in the industry-standard network mapping tool.

Related Resource

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Man at his computer next to title card - whitepaper from ServiceNowFree download

"When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network," the NCSC said.. "To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results.

"SME was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them."

The first script SME has released is for Exim message transfer agent (MTA) remote code execution (RCE) vulnerabilities, sometimes known as '21Nails' or otherwise tracked as CVE-2020-28017 through CVE-2020-28026.

Businesses can download the script via GitHub and are advised to run the script regardless of whether they think they have Exim MTA - "you might be surprised by what you find installed on your network," it said. Once it has run, the script will display easy-to-read results, a description of the vulnerability, and a link to the appropriate vendor's security advisory. 

Businesses are also encouraged to build their own scripts, in accordance with the NCSC's SME developer guidelines, and submit them to the cyber organisation for review to expand the program further.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022