The Enterprise Assessment is a full blended assessment of a single IP address or system. Assessments use both automated and manual techniques to obtain a view of a system's vulnerabilities. Each contact within the client's organisation will receive a customised report showing vulnerability results only for those systems over which they have responsibility (least privilege). |
The port or vulnerability is new, i.e. it appears on the current scan and did not appear in the previous scan. | |
The vulnerability is on a list supplied by the client of vulnerabilities they consider high-priority. | |
An urgent vulnerability where the deadline has passed. |
Trend getting better | |
Trend not changing | |
Trend getting worse, High risk or Overdue | |
Medium risk or Urgent | |
Low risk | |
System detected, no open services | |
Address scanned, no system detected | |
Address not scanned |
Description | Systems can be assigned a 'Criticality' classification which indicates their value to your organisation. This information will usually be derived from a business impact assessment. The rating is presented in the reports as a graphic like the ones shown below. The rating can accommodate up to five distinct criticality classifications to reflect those used within your business. If you use fewer than five levels then these can be accounted for, e.g. a two level classification would correspond to either just the light blue bar being lit (least critical) and all bars being lit (most critical). In some reports you can sort the results by the level of criticality, and this can be done by clicking the column heading (in the same way as the other columns). |
---|---|
Appearance |
Lowest Highest |
Purpose | Shows high level trends for the system population's vulnerability results. |
---|---|
Audience | Senior management or executives who want a pictorial view of the vulnerability status and history of their organisation. |
Benefits | Shows trends that can contribute to a CISO's dashboard or metrics. Provides a view, via the Show Detail button, of the number of new vulnerabilities that are affecting the organisation and the rate at which vulnerabilities are being fixed. In turn these detail charts can be indicators of platform 'cost of ownership' and organisational remediation trends. |
Pie Chart | Shows the number and proportion of high (red), medium (yellow) and low (blue) vulnerabilities affecting the system population this scan. |
Bar Chart | Shows a rolling twelve scan history of the number of total, high, medium and low vulnerabilities that have affected the system population. |
Show Details Button |
Expands [+], or collapses [-] the report view to show pie and bar chart trends for fixed vulnerabilities and new vulnerabilities. 'Fixed' vulnerabilities are those that were detected during the previous assessment but were not detected during the current one. 'New' vulnerabilities are those that were detected during the current assessment but not in the immediately preceding assessment. |
Urgent History | This bar chart shows the history of urgent and overdue vulnerabilities for the system population. There is no corresponding pie chart, because these informational statistics are not mutually exclusive. |
Purpose | Lists the responding systems which are not being vulnerability scanned. |
---|---|
Audience | Technical management and staff whom are interested in ensuring all responding systems are vulnerability scanned. |
Benefits | Provides an immediate list of candidates for regular vulnerability scanning. |
Key | Cells with a red background indicate a system with one or more 'high risk' ports; cells with a blue background indicate a system with one or more 'low risk' ports. Systems which responded during the scan and had no services detected are shown in dark blue. |
Summary Information | List hosts discovered during a subnet scan with exposed ports, which are not vulnerability scanned. Displays the greatest risk level associated with an exposed port on the given host. |
Purpose | A single pictorial overview of the high-level organisational risks. |
---|---|
Audience | Management who want to track overall organisational risk levels via a series of high-level metrics. |
Benefits | Useful for monitoring compliance to corporate risk targets and contributing to management dashboards. In selecting a set of meaningful metrics; setting relevant targets; and monitoring the area enclosed by these metrics a simple view of organisational risk trends can be discerned. |
Radar Diagram |
The radar diagram presents the results of various metrics that summarise various aspects of risk due to vulnerabilities. All the metrics are normalised to percentages. It is possible to view the results of the previous month in the radar diagram by checking the 'Show previous month' check box. This overlays last months results on the diagram. You can view your historical state by clicking the 'Show History' button. This will display the historical state of your risk profile. |
Metrics |
The metrics used are:
|
Customisation | Whilst we generate default targets for these metrics you can specify your own target levels. It is possible for us to customise the metrics offered, either to add additional ones or to remove those you find irrelevant. If you require this, please let us know. |
Purpose | Lists all systems scanned and acts as an index, or jump-off point, to the System Detail reports. |
---|---|
Audience | Technical managers or systems or facilities owners who want an overview of which of their systems have security issues. |
Benefits | Shows an ordered list of all systems scanned and summarises their security status. Provides various summary trend statistics that indicate if the situation is improving, static or worsening. The vulnerability list indicates if any systems have specific vulnerabilities that may be of particular interest. |
Trend Symbols | Upward pointing arrowhead symbol indicates the trend is increasing. Downward pointing arrowhead symbol indicates the trend is decreasing. A diamond indicates the trend is static. Symbols coloured red indicate the trend is worsening. Symbols coloured green indicate the trend is improving. Amber indicates no change. |
Vulnerability Statistics |
The first column of statistics shows the number and severity of all vulnerabilities discovered and the number of new vulnerabilities discovered (i.e. vulnerabilities present this scan that were not present last scan). It also displays statistics for informational indexes, such as Urgent. The second column of statistics shows for each severity of vulnerability the number and percentage of systems that had that severity of vulnerability as its worst type. For example, if 13% of systems are shown as having low risk vulnerabilities this means they do not have any vulnerabilities of a higher severity (i.e. medium or high). The third column shows the type of assessment that was performed (Professional, Enterprise); the start and end dates/times of the assessment; the total number of systems assessed this scan; and the number of new systems assessed this scan. |
Summary of Results Table |
Shows an list of all systems assessed. The default ordering is first by severity of the worst vulnerability; then by the number of vulnerabilities; then by severity of the worst port; then by the number of ports. For each system scanned the table displays:
While this table is sorted to highlight what is usually the most important information, it is possible to sort the table by clicking on the column headings. This facility allows you to extract as much information as possible from the table, by presenting the results in the way that best suits you. |
All Vulnerabilities Found Table | Shows a unique list of all vulnerabilities discovered. The default ordering is by severity. For each vulnerability the table displays:
While this table is sorted to highlight what is usually the most important information, it is possible to sort the table by clicking on the column headings. This facility allows you to extract as much information as possible from the table, by presenting the results in the way that best suits you. |
Purpose | Provides a detailed list and description of ports and vulnerabilities that have been discovered on the system assessed. |
---|---|
Audience | Technical staff and system owners responsible for rectifying security issues. Firewall or network administrators should be equally interested in the 'ports' section of the report. |
Benefits | Highlights key security issues, remediation strategies and vulnerability references allowing technical staff to prioritise their corrective efforts. |
Summary Information | The top of the system detail page shows the system's IP address and any of the optional information below, if previously provided by the customer:
|
Groups and Contacts | Lists all the groups of which this system is a member (see Groups). This section also lists the email addresses of all contacts who have been associated with this system and shows their role as defined by the customer. Clicking the contact email address will start your email editor. If the customer has not associated any groups or contacts with a system, then this section will not be shown. |
Scan Information | This section shows additional information related to the automated scanning phase of the assessment. The details are folded away when first viewing the page and can be shown by clicking the small button on the left with the plus sign. Shown here are the start and end times that automated scanning took place against this system. The type of scan is also shown. |
Ports Section | Has two subsections: Open Ports Found and Closed Ports. For each of these subsections the table displays:
|
Vulnerabilities Section | Like the Ports Section this also has two subsections: Vulnerabilities Found and Vulnerabilities Fixed Since Last Scan. Each subsection displays a list of vulnerabilities ordered by severity. Each vulnerability is described in its own table:
|
Historical Information | Bar charts showing rolling twelve scan histories for the number of Open Ports, Vulnerabilities and Fixed Vulnerabilities on this particular system. The Vulnerabilities chart is stacked to discriminate between 'new' vulnerabilities (i.e. ones first detected on this system this scan) and 'old' vulnerabilities (i.e. ones that were first detected in prior scans and are still present). |
Stoplisted Vulnerabilities |
These are vulnerabilities the client has nominated as unimportant and no longer wishes them to be included in the main body of the report. Stoplisted vulnerabilities do not contribute to statistics or trending figures. Stoplisted vulnerabilities are not colour coded so as to de-emphasise their importance reminding the user that they are not considered a risk. Stoplisted vulnerabilities have an audit trail attached to them indicating the email ID of the contact who 'stopped' the vulnerability; the duration the vulnerability will remain stoplisted; and the reason for the stoplisting. |
Purpose | Lists all vulnerabilities that have been discovered, cross referenced by vulnerable systems and CVE identities. |
---|---|
Audience | Technical managers responsible for organising staff remediation efforts. Technical staff who need to verify which systems are vulnerable to specific exploits/CVEs. |
Benefits | Allows management to prioritise the remediation efforts of staff by identifying which systems are vulnerable to which exploit. Enables vulnerabilities to searched and located by CVE identity. |
Vulnerability Tabs | The vulnerabilities page is organised into four tabs. The tabs show 'All' vulnerabilities, 'New' vulnerabilities, 'Fixed' vulnerabilities and 'Stoplists'. The 'All' tab lists all vulnerabilities that were detected across all hosts in this scan. The 'New' tab shows vulnerabilities which were not detected in the previous scan but which were detected in the current scan. The 'Fixed' tab shows vulnerabilities which were detected in the previous scan but not in the current one. The 'Stoplists' tab lists vulnerabilities which the client has nominated as unimportant and no longer reported in the main body of the report. The list also shows other information about the stoplist including who asked for the vulnerability to be 'stopped', why and how long for. |
Trend Symbols | Upward pointing arrowhead symbol indicates the trend is increasing. Downward pointing arrowhead symbol indicates the trend is decreasing. A diamond indicates the trend is static. Symbols coloured red indicate the trend is worsening. Symbols coloured green indicate the trend is improving. Amber indicates no change. |
Vulnerability Statistics |
The first column of statistics shows the number and severity of all vulnerabilities discovered and the number of new vulnerabilities discovered (i.e. vulnerabilities present this scan that were not present last scan). It also displays statistics for informational indexes, such as Urgent. The second column of statistics shows for each severity of vulnerability the number and percentage of systems that had that severity of vulnerability as its worst type. For example 13% of systems had low risk vulnerabilities means 13% of systems did not have vulnerabilities of a higher severity (i.e. medium of high). The third column shows the type of assessment that was performed (Professional, Enterprise); the start and end dates/times of the assessment; the total number of systems assessed this scan; and the number of new systems assessed this scan. |
CVE Compatibility Statement |
Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures. CVE names result from open and collaborative discussions of the CVE Editorial Board. The Board identifies which vulnerabilities or exposures will be included in CVE, then determines the common name, description, and references for each entry. CVE 'candidates' are those vulnerabilities or exposures under consideration for acceptance into CVE. Candidates are assigned special numbers to distinguish them from CVE entries. The number, also referred to as a name, is an encoding of the year that the candidate number was assigned and a unique number N for the Nth candidate assigned that year, e.g. CAN-1999-0067. If the CVE Editorial Board accepts the candidate, an official CVE entry is created that includes the description and references. The candidate number is converted into a CVE name by replacing the 'CAN' with 'CVE'. For example, when the Editorial Board accepted the candidate CAN-1999-0067, the candidate number was converted to CVE-1999-0067, and the resulting new entry was added to CVE. Our vulnerability assessment service is CVE compliant, and where appropriate in our vulnerability descriptions, you will see references of the form CVE-XXXX-XXXX and CAN-XXXX-XXXX. These refer to the standard identifiers for vulnerabilities in the CVE database. The CVE references (and candidate references) in the reports are links which, when clicked, will take you to the canonical description of the CVE entry on the mitre.org website (MITRE is the company that manages the CVE database). In some cases, a single reported vulnerability will refer to multiple CVE entries in order to reduce the amount of information presented to users. This can happen for example when a number of versions of a piece of software have had vulnerabilities, so upgrading to a recent version would solve several issues. |
CVE Filtering | You can check which systems in a report are affected by a vulnerability with a particular CVE name using the 'Find CVE' search box. Entering the CVE name (e.g. CVE-1999-0024 or CAN-1999-0629) and pressing the 'Filter' button will display a list of all vulnerabilities (and affected systems) that match the CVE name. Searches will return both CVE names and candidate names even if the prefix is entered incorrectly. Clicking the "Reset" button clears the search field and re-displays all vulnerabilities. |
CVE-MAP-NOMATCH | A placeholder reference which indicates that a vulnerability does not have a directly applicable CVE reference but does have a CVSS score and vector. |
Expand / Collapse All | A set of controls that allow the user to expand and collapse the vulnerability descriptions, systems lists and graphs. |
Vulnerability Descriptions | Each vulnerability is described in its own table:
|
Purpose | Lists all TCP, UDP and ICMP services that have been discovered across the target system population, cross referenced by system. |
---|---|
Audience | Technical managers responsible for organising staff remediation efforts. Technical staff who need to verify which services are visible on which systems. |
Benefits | Allows management to prioritise the remediation of efforts staff by identifying which systems are offering which services. |
TCP Open Ports | Lists all open TCP ports that respond to the standard TCP connect three-way packet handshake. Open ports are listed in ascending numerical (decimal) order. Each port also shows its standard service name. Clicking a port number link will scroll the page down to show those systems that have that port open. |
UDP Open Ports | Lists all responding UDP services. Open ports are listed in ascending numerical (decimal) order. Each port also shows its standard service name. Clicking a port number link will scroll the page down to show those systems that have that port open. |
ICMP Open Ports | Lists all responding ICMP services. ICMP services are listed in ascending numerical (decimal) order. The name of each service is listed next its number. Clicking a service number link will scroll the page down to show those systems that offer that service. |
"New Services" page | This page lists only those ports which are new in the current scan. The data is presented in the same way as in the main Ports report, including a "Systems by Port Cross Reference" section limited to new ports only. This view highlights new systems, or new services on existing systems within the population. |
Systems by Port Cross Reference | Each responding port or service is listed in its own table:
|
Purpose | Highlights vulnerability remediation issues. |
---|---|
Audience | Management who need to identify vulnerability remediation deficiencies or highlight organisational exposure levels. |
Benefits | Precisely identifies recurring security issues. All unfixed vulnerabilities are identified and shown grouped by system, by type of vulnerability and by responsible contact. This enables security, or other, management to focus attention on risk 'hotspots'. This report can also serve to justify investment in areas of the organisation that are not rectifying vulnerabilities in a timely manner, or are suffering resource shortages. |
"Unfixed" Vulnerabilities | A vulnerability is considered unfixed if it has been detected on a particular system in at least 2 consecutive scans (i.e., it has recurred at least once). New vulnerabilities (ones which have only been detected once so far) will not appear in this report and will not count towards any of the totals. Stoplisted vulnerabilities are also not counted or displayed. |
Line Graph |
The line graph summarises how many systems have unfixed vulnerabilities of various ages and severities. If a system has unfixed vulnerabilities of different ages and severities, it will be counted multiple times in the graph, but never more than once per risk severity (line) per scan. For example, if a system has one high risk vulnerability that has remained unfixed for 3 scans; another, different, high risk vulnerability that has remained unfixed for 6 scans; and a medium risk vulnerability that had remained unfixed for 3 scans it will be counted once on high risk line at 3 scans, once on the high risk line at 6 scans and once on the medium risk line at 3 scans. A vulnerability on a system that has remained unfixed for, say, 4 scans is not considered (counted) as having been unfixed for 3 scans, 2 scans and 1 scan. The right-most column of the graph is shaded to indicate that it covers a range of scans, not a single scan like the other columns. |
Risk Selectors | The tabs attached to the top of line graph can be used to filter out lower severity vulnerabilities. If you are using the urgent vulnerabilities facility, then there will be a selector for "Overdue By Age", see below. |
Ordered by Host |
The first table below the line graph shows a unique list of all the systems that have unfixed vulnerabilities. By default it is ordered first by severity, then by the age of the oldest unfixed vulnerability of that severity. For example, a system with unfixed high risk vulnerabilities aged 6 scans, 4 scans and 2 scans, and unfixed medium risk and low risk vulnerabilities will only be listed once in the table. It will appear in the high risk (red) section of the table. For each system scanned the table displays:
While this table is sorted to highlight what is usually the most important information, it is possible to sort the table by clicking on the column headings. This facility allows you to extract as much information as possible from the table, by presenting the results in the way that best suits you. |
Ordered by Vulnerability |
The second table shows a list of all unique vulnerabilities that have been unfixed for at least one scan. This is intended to give you a feel for which vulnerabilities are causing most of the problems. By default it is ordered first by severity, then by scans outstanding. For each outstanding vulnerability the table displays:
While this table is sorted to highlight what is usually the most important information, it is possible to sort the table by clicking on the column headings. This facility allows you to extract as much information as possible from the table, by presenting the results in the way that best suits you. |
Ordered by Contact |
This table breaks down by contact the on-going risk resulting from unaddressed vulnerabilities. It only appears if contact information has been provided and shows all contacts who have systems with at least one unfixed vulnerability. The report contains one summary row per contact. Each summary row has an attached detail section which is folded away by default. When expanded, this section shows all the metrics for each system which add up to the individual's overall stats. The report is sortable by any of its columns. These are:
All counts and metrics take into account the currently selected minimum severity. When the "High risk only" tab is selected, only high-risk vulnerabilities are considered when calculating totals, the age of the oldest vulnerabilities and the Months of Exposure. When "High and medium risk" is selected, the totals and the value for "Longest" will take into account Medium as well as High severities equally. E.g., if a system has 1 High of age 3 and 1 Medium of age 5, the value reported for "Longest" will be 5 and the Total number will be 2. "Months of Exposure" will be 8. The same applies when "High, medium and low risk" is selected - All severities are treated equally in the calculations. Totals include Lows and "Longest" will display the age of the oldest Low vulnerability, if its age is greater than that of the oldest Medium or High. No formulas such as "1 high equals 2 lows" are applied anywhere. |
Overdue |
This is an alternative view of the 'Unfixed by Age' report which is enabled for customers using the 'overdue' facility. This facility allows specifying deadline dates for the resolution of specific vulnerabilities, either per system or organisation-wide. The 'overdue' tab only displays hosts and contacts with vulnerabilities for which deadlines have been set and broken. The value displayed for 'Longest' is the number of Months the longest-existing overdue vulnerability on a system is past the due-date. The 'Months of Exposure' represents the sum of the ages of overdue vulnerabilities since they were first detected, not taking into account the amount of time they have been overdue. |
Purpose | Shows which contacts are responsible for which systems; the vulnerability status of each contact's systems; and the extent of their remediation efforts. |
---|---|
Audience | Managers who want to verify who is responsible for a system's security and track the extent of a contact's remediation workload. |
Benefits | Identifies which contact is responsible for a system's security and the number of systems for which they are responsible. The statistics next to the contacts names highlight the status of the organisation's remediation programme and where it may be constrained. For example, if a contact has not fixed any vulnerabilities it could be because have been redeployed onto another project; are short of resources or tools; or they are tardy; etc. signifying that the remediation programme may be stalling. |
Trend Symbols | Upward pointing arrowhead symbol indicates the trend is increasing. Downward pointing arrowhead symbol indicates the trend is decreasing. A diamond indicates the trend is static. Symbols coloured red indicated the trend is worsening. Symbols coloured green indicate the trend is improving. Amber indicates no change. |
Viewing Option Buttons | Two buttons that allow the user to collapse and expand the view for all contacts, to include or exclude the list of systems for which contacts have responsibility. |
Contact Cross Reference Table | Lists the email address of each contact that gets vulnerability reports. For each contact the list of systems for which they are responsible is also shown. The table, in expanded format includes:
|
Purpose | To segment vulnerability results by customer-defined group thereby allowing comparisons to be made across groups. |
---|---|
Audience | Managers who want visibility of the 'security status' of parts of their organisation. |
Benefits | Provides visibility of the relative vulnerability status of groups and allows comparisons to be made between groups. Enables management to apply peer pressure between groups thereby assisting enterprise-wide remediation efforts. Groups can represent organisational boundaries within an organisation, for example, geographic, departmental or otherwise. If a group reflects a type of platform, e.g. Windows systems, vulnerability results can be used to contribute to overall TCO calculations, or help the enterprise drive vendor quality improvements. |
Trend Symbols | Upward pointing arrowhead symbol indicates the trend is increasing. Downward pointing arrowhead symbol indicates the trend is decreasing. A diamond indicates the trend is static. Symbols coloured red indicated the trend is worsening. Symbols coloured green indicate the trend is improving. Amber indicates no change. |
Group Comparison |
The group comparison report provides a `league' table for each type of group ordered by the amount of risk, or exposure, they contribute to your organisation's total exposure. The position of each group within the league table is ordered by exposure resulting from: first, high risk vulnerabilities, then medium risk vulnerabilities, then low risk vulnerabilities. Each group's remediation status, i.e. within or outside it's target, for this and the previous scan is also shown. You can enable or disable the display of any chosen type of group using the check boxes provided. Each group occupies a row in the league table showing:
|
Group Summary |
The group summary report provides a high-level overview of key data items for each group you have specified. It consists of a table for each type of group that includes:
|
Purpose | To show a rolling twelve scan history of trends for the number of open ports and vulnerabilities on each system tested. |
---|---|
Audience | Managers and technicians who want visibility of port and vulnerability trends for systems for which they are responsible. |
Benefits | Provides a view of the 'hot spots' that have occurred over the previous twelve scan period and indicates on which systems the current (this period's) hot spots are. |
Trending Colours | A cell with a background colour of:
|
RAG Chart | Within this table each system assessed is listed with its domain name (if it has one) and its IP address. If the system has no domain name just its IP address is listed. Clicking the domain name (or IP address) link will display the System Detail report for that system. The top row for the system shows the trend for the number of open ports; the bottom row shows the trend for the number of vulnerabilities. |
Purpose | To highlight issues with the administrative data provided by customers thereby ensuring assessment information remains current. |
---|---|
Audience | Management and administrative staff responsible for overseeing the effectiveness and smooth running of the vulnerability assessment contract. |
Benefits | Shows which systems have not responded to vulnerability probes for three or more consecutive scans. This enables IP addresses to be 'recovered' and vulnerability assessments to be retargeted to responding systems. Issues with the domain name of systems under assessment or the email address of report recipients are also highlighted. |
Trend Symbols | Upward pointing arrowhead symbol indicates the trend is increasing. Downward pointing arrowhead symbol indicates the trend is decreasing. A diamond indicates the trend is static. Symbols coloured red indicated the trend is worsening. Symbols coloured green indicate the trend is improving. Amber indicates no change. |
Summary Statistics | The following statistics are provided:
|
Viewing Option Buttons | Two buttons that allow the user to collapse and expand the view for all contacts, to include or exclude the list of systems with 'issues'. |
Issues Table |
This table is organised by contact to make it easy to delegate issues to the relevant system owners. The blue coloured area shows a summary for each contact: a button [-/+] that allows the system summary for the contact to be collapsed or expanded; their email address; job title/role; number of systems with no ports; any DNS problems; whether their email is bouncing; and a link to send a mail. Clicking this link will open a 'compose' window in the user's default mail program with the subject and text shown in the Email Template section. Expanding the system summary view for the contact shows:
|
Email Template |
Clicking the Send email link provides a convenient way for a security administrator to email affected contacts. The form at the bottom of the report allows customisation of the email that is sent. The tag '$$SERVERS' is replaced by the relevant contact's list of affected systems. On clicking a "Send email" link, the browser will open a mail composition window with some fields already filled-in. The message can be edited as desired before sending. Messages are sent though your mail client as usual. Note: There is a limitation in Internet Explorer that prevents long message bodies being passed to the composition window. In this case the body will appear empty, but the text will be copied to the clipboard so it can be pasted in. Netscape does not have this limitation. |
Stoplisting | In some situations systems with zero open ports or DNS anomalies are expected and understood. A system can be stoplisted for "DNS anomalies" or for "zero open ports" in the same way as for a vulnerability. While the stoplist is in place the affected system will not appear in this report at all. |
The Network Discovery Assessment is partial assessment of a range of IP addresses. Its purpose is to identify active systems in the client's address range and assure the client that their configuration remains as intended. |
Purpose | Shows high level trends for the number of systems within a subnet responding to network probes. |
---|---|
Audience | Management and technical staff who want a pictorial view of the number of systems visible from the Internet. |
Benefits | Shows trends that can contribute to a CISO's dashboard or metrics. Provides a view of the numbers of responding systems within an organisations address ranges and the proportion of those systems which could present a high risk. |
Pie Chart | Shows the number and proportion of high risk (red) and standard (blue) systems that have responded to this assessment. The number of IP addresses that are unused, or not responding, is also shown (light grey). |
Bar Chart | Shows a rolling twelve scan history of the total number of systems found (grey bar); the number of those systems with high risk services visible (red bar); and the total number of responding systems that are not fully vulnerability scanned (blue line), i.e. are not part of the organisation's Enterprise vulnerability assessment schedule. |
Purpose | Shows which systems within an organisation's address space are visible from the Internet. |
---|---|
Audience | Technical management and staff who want to kept track of Internet reachable systems within their organisation. |
Benefits | Confirms that the systems an organisation shows to the Internet are as intended. Highlights systems not supposed to be visible to the Internet. Shows systems considered to be 'high risk'. |
Summary Information | Shows:
|
Summary (Key) Table | This table gives a key for the colour coding of the cells in the network map and provides some relevant statistics:
|
Network Details | The box above each network map contains:
|
Network Map |
The network map shows a matrix of up to 256 contiguous IP addresses (often referred to as a "class C subnet"). Each cell represents the IP address corresponding to last octet of the IP address. Clicking the link in a cell will display the Subnet Detail report. The cells are colour-coded as follows:
|
Purpose | Provides a list and description of ports on a system that have responded to Network Discovery probes. |
---|---|
Audience | Technical staff, such as firewall and network administrators and system owners, responsible monitoring those services that are visible to the Internet and rectifying resultant security issues. |
Benefits | Highlights which services are visible to the Internet thereby alerting technical staff to anomalies in their number or type. |
Summary Information | Lists the system's IP address and domain name (if any); type of scan; the start and end dates/times of the assessment; and a customer defined reference field (can be any text string, such as an asset number). |
Ports Section | Has two subsections: Open Ports Found and Closed Ports. For each of these subsections the table displays:
|
Purpose | For systems that have been Network Discovery scanned a concise list is provided of only those systems where a change has been detected in their port configuration. This includes systems newly appearing in, or disappearing off, a network address range. |
---|---|
Audience | Technical management and staff who need a view of what network changes have occurred since the last scan. |
Benefits | Provides an immediate indication of a change in the risk exposure of a network segment. Assures network managers that the configuration of their network (or systems attached to it) is not changing unexpectedly. This report can also be useful in identifying changes that have circumvented standard change control procedures. |
Trend Symbols | Upward pointing arrowhead symbol indicates the trend is increasing. Downward pointing arrowhead symbol indicates the trend is decreasing. A diamond indicates the trend is static. Symbols coloured red indicated the trend is worsening. Symbols coloured green indicate the trend is improving. Amber indicates no change. |
Summary Information | Lists the number of subnet address ranges where differences have been detected this scan; the total number of systems with differences; the number of systems where one or more new 'high risk' ports have been detected; the number of systems where one of more 'high risk' ports detected during the last assessment are no longer present; the number of systems where one or more new 'low risk' ports have been detected; the number of systems where one of more 'low risk' ports detected during the last assessment are no longer present. |
Key | Cells with a red background colour indicate a change in one or more 'high risk' ports; cells with a blue background indicate a change in one or more 'low risk' ports; cells with a green stripe through them indicate the IP address is already part of an Enterprise assessment schedule; a '+' in the cell indicates an increase in ports detected; a '-' in the cell indicates a decrease in ports detected |
Viewing Option Buttons | The first button opens the 'New Systems' report (see description below). The next two buttons allow the user to collapse and expand the view for all subnet address ranges, to include or exclude the list of IP address where changes have been detected. |
Network Difference Maps | Differences within each network address range are described in a table:
|
Purpose | Identifies systems that have been discovered since the last assessment, via Network Discovery assessment or systems that have been added to your vulnerability assessment schedule. |
---|---|
Audience | Technical management and staff who need a view of what network changes have occurred since the last scan. |
Benefits | Provides an immediate indication of new systems that have appeared in an organisation's address space since the last assessment was performed. Allows network managers to confirm that the configuration of their network (or systems attached to it) is not changing unexpectedly. This report can also be useful in identifying changes that have circumvented standard change control procedures. |
Trend Symbols | Upward pointing arrowhead symbol indicates the trend is increasing. Downward pointing arrowhead symbol indicates the trend is decreasing. A diamond indicates the trend is static. Symbols coloured red indicated the trend is worsening. Symbols coloured green indicate the trend is improving. Amber indicates no change. |
Summary Information | Lists the total number of new systems appearing since the last assessment (either discovered by us or added by you to your assessment schedule); the total number of new systems which are not being vulnerability scanned; total number of subnet ranges which have new systems; total number of systems you have added to your vulnerability assessment schedule. |
Key | Cells with a red background colour indicate a new system with one or more 'high risk' ports; cells with a blue background indicate a new system with one or more 'low risk' ports; cells with a green stripe through them indicate the IP address is already part of an Enterprise assessment schedule. |
Viewing Option Buttons | Two buttons that allow the user to collapse and expand the view for all subnet address ranges, to include or exclude the list of IP address where new systems have been detected. |
Network Maps |
New systems within each network address range are described in a table:
|
Subnet Not Scanned Network Map | The final Network Map may be entitled 'Subnet Not Scanned'. In this case new systems that you have added to your vulnerability assessment schedule but are not part of any Network Discovery assessment are described in a table:
|
Purpose | Lists all TCP, UDP and ICMP services that have been discovered across the target system population, cross referenced by system. |
---|---|
Audience | Technical managers responsible for organising staff remediation efforts. Technical staff who need to verify which services are visible on which systems. |
Benefits | Allows management to prioritise the remediation of efforts staff by identifying which systems are offering which services. |
TCP Open Ports | Lists all open TCP ports that respond to the standard TCP connect three-way packet handshake. Open ports are listed in ascending numerical (decimal) order. Each port also shows its standard service name. Clicking a port number link will scroll the page down to show those systems that have that port open. |
UDP Open Ports | Lists all responding UDP services. Open ports are listed in ascending numerical (decimal) order. Each port also shows its standard service name. Clicking a port number link will scroll the page down to show those systems that have that port open. |
ICMP Open Ports | Lists all responding ICMP services. ICMP services are listed in ascending numerical (decimal) order. The name of each service is listed next its number. Clicking a service number link will scroll the page down to show those systems that offer that service. |
"New Services" page | This page lists only those ports which are new in the current network discovery scan. The data is presented in the same way as in the main Subnet Ports report, including a "Systems by Port Cross Reference" section limited to new ports only. This view highlights new systems, or new services on existing systems within the population. |
Systems by Port Cross Reference | Each responding port or service is listed in its own table:
|
Browser Support for Reports | We recommend viewing the reports using a maximised window with Microsoft Internet Explorer 6.0 in 1024x768 screen area. For best results make sure JavaScript is enabled when reading the reports (normally this is turned on by default). |
---|---|
Printing Reports | For best results when printing the reports, please ensure you have printing of background colours turned on. In Internet Explorer this can be achieved by selecting 'Tools' -> 'Internet Options...' then clicking on the 'Advanced' tab. In the 'Printing' section make sure the box 'Print background colors and images' is checked. |