The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

SecureWorks Scanning Module

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

• Perform internal and external network scans also asset discovery

• Quickly identify whether your scanning exposure increased or decreased over a period of time

• Expedite remediation utilizing the provided exposure synopsis and solutions

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Vulnerability Scanning Summary

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Remediation

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Synopsis, Description and Solutions

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Vulnerability Scanning Scheduler

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Types of Scans

a) Default: similar to the Commonports_ping which scans approximately 4,500 ports that are frequently listening (such as ports 22, 80, 443, 445, etc.). Before attempting to scan a given host a ping must be returned.

b) Discovery: profile will not perform a port scans only ping the specified networks/hosts and provide a report containing hosts that responded to the ping.

c) Commonports_noping :similar to the default scan the only difference is that All target IPs will be port scanned and they do not have to return a ping. This implies a longer time to completion, as every IP will be port scanned for ~4,500 ports

d) Allports_ping: this scan is ran against all ~65,000 ports on every target IP. Before attempting to scan a given host a ping must be returned.

e) Allports_noping : this scan is leverage all ~65,000 ports on every target IP. All target IPs will be portscanned; they do not have to return a ping. This implies a significantly longer time to completion, as every IP will be portscanned for ~65,000 ports. A scan of a /24 network can be expected to take close to 24 hours.

f) Allports_noping-Exceedingly_Verbose : scans all ~65,000 ports on every target IP. All target IPs will be portscanned; they do not have to return a ping. This implies a significantly longer time to completion, as every IP will be portscanned for ~65,000 ports. A scan of a /24 network can be expected to take close to 24 hours. This profile is designed specifically to return multiple low-risk exposures for every host scanned.

g) OS_Detection : Scans a few ports in an effort to fingerprint the OS. Before attempting to scan a given host a ping must be returned.

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Pending/Completed Scans

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Active Scan Progress

The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.

Conclusion

Secure Operations Center 877-838-7960 soc@secureworks.com