A perimeter scan, used by administrators and attackers, is meant to find vulnerabilities like misconfigurations on hosts and outdated software. Payment Card Industry Security Standards Council (PCI SSC) released the 11.2 requirement that expects external vulnerability scans be run after any significant network change, on top of scheduled quarterly scan to minimize risk. Just a single update to a system can cause holes in a networks security; for this reason, organization’s use the Threatcare Suite to perform continuous security controls testing and gap analysis.
A perimeter scan can operate as an authenticated or unauthenticated scan, which respectively means credentials were or were not used during the scan.
An authenticated perimeter scan often produce accurate results with fewer false positives and false negatives. This perimeter scan method allows the user to log into the target host and perform actions like but not subject to:
- Reading configuration details
- Remote code execution vulnerability
- Querying databases for current patches and installed software
- Enumerating list of local host
- Local privilege escalation vulnerability
From the hacker’s perspective, once the following information like current patches and installed software has been retrieved from the target host, attackers can cross examined the discovered versions against the most current to validate accessible vulnerabilities. Administrators leveraging and authenticated perimeter scan provide themselves with quality reports and a list of defects to improve on that an unauthenticated scan would not provide.
Unauthenticated perimeter scans use probing services that listen for network connections. Gaining information toward targeted hosts using an unauthenticated scan narrows the scope of discovery down to a few tactics like banner grabbing. When a successful connection is made to a listening transmission control protocol (TCP) socket, the received banners displayed by the responding servers expose the version of software running on the targeted hosts. This allows an attacker to take this information and check it against known vulnerabilities.
Continuously check security controls and defense-in-depth is working with the Threatcare Suite. Contact us to schedule a free demo today.