Upload
allen-kennedy
View
216
Download
0
Embed Size (px)
Citation preview
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
SecureWorks Scanning Module
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• Perform internal and external network scans also asset discovery
• Quickly identify whether your scanning exposure increased or decreased over a period of time
• Expedite remediation utilizing the provided exposure synopsis and solutions
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Vulnerability Scanning Summary
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Remediation
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Synopsis, Description and Solutions
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Vulnerability Scanning Scheduler
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Types of Scans
a) Default: similar to the Commonports_ping which scans approximately 4,500 ports that are frequently listening (such as ports 22, 80, 443, 445, etc.). Before attempting to scan a given host a ping must be returned.
b) Discovery: profile will not perform a port scans only ping the specified networks/hosts and provide a report containing hosts that responded to the ping.
c) Commonports_noping :similar to the default scan the only difference is that All target IPs will be port scanned and they do not have to return a ping. This implies a longer time to completion, as every IP will be port scanned for ~4,500 ports
d) Allports_ping: this scan is ran against all ~65,000 ports on every target IP. Before attempting to scan a given host a ping must be returned.
e) Allports_noping : this scan is leverage all ~65,000 ports on every target IP. All target IPs will be portscanned; they do not have to return a ping. This implies a significantly longer time to completion, as every IP will be portscanned for ~65,000 ports. A scan of a /24 network can be expected to take close to 24 hours.
f) Allports_noping-Exceedingly_Verbose : scans all ~65,000 ports on every target IP. All target IPs will be portscanned; they do not have to return a ping. This implies a significantly longer time to completion, as every IP will be portscanned for ~65,000 ports. A scan of a /24 network can be expected to take close to 24 hours. This profile is designed specifically to return multiple low-risk exposures for every host scanned.
g) OS_Detection : Scans a few ports in an effort to fingerprint the OS. Before attempting to scan a given host a ping must be returned.
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Pending/Completed Scans
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Active Scan Progress
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Conclusion
Secure Operations Center 877-838-7960 [email protected]