Skip to main content
Skip table of contents

Scan Policies

Purpose

This document describes how to set up Scan Policies through the Common Portal.

Introduction

Scan policies describe the technical parameters of a scan including port scan settings, network port specific settings and checks that should run.

Policy Settings

Scan Policies outline the settings that are used when running the Vulnerability Assessment against assets. They do not control which assets get scanned or when, but rather focus on how the scan should be performed.

When configuring a scan both a scan policy and a override scan policy can be selected, this means that the bulk of the configurations can be done in one policy and then have another policy that just changes the ports or credentials that is only applied to a specific subset of targets.

To facilitate this each setting in the scan policy has a toggle associated with it, which determines whether that setting is applied to the scan or not.

The way this works is that any setting that does not have the toggle will inherit from the underlying policy. for this the flow would be like this

  1. Default settings from the system.

  2. Settings in the configured scan policy which have the toggle enabled.

  3. Settings in the override scan policy which have the toggle enabled.

Example

If you have not configured TCP-ports in any of your scan policies the system default is used.
If port 22-122 is configured in your scan policy the ports 22-122 is used.
If port 22-122 is configured in your scan policy and port 10-50 in your override scan policy port 10-50 is scanned.

However, if port 22-122 is configured in the scan policy, and a ssh credential is configured in the override policy, both settings will have effect and port 22-122 is scanned and with a credential configured.

Portal_Scan_Policies.png

Option

Description

Built in

Policies that are included by the vendor.

Created

Time past since policy was created.

Created by

Who created the policy.

Customer ID

Customer identification number.

ID

Policy identification number.

Name

Name of the policy.

Tags

Tags connected to the policy. See Tags for more information about tags.

Updated

Time past since policy was updated.

Updated by

Who updated the policy.

Creating a Policy

To create a plicy

  1. Go to Configuration > Scan Policies.

  2. Click the green (plus) icon in the bottom right corner on screen to open the settings view to create a new policy.

    Portal_Scan_Policies_Create_New.png


  3. Fill in the settings for the policy and press the blue SAVE button in the lower right corner.
    The new policy is marked with a red NEW badge.

Settings

These are the general settings that control aspects of the scan not otherwise categorized.

General Settings

The name of the policy. The name field is mandatory and requires an input to save the policy.

Safe checks only

Enabling unsafe vulnerability checks allows the scanner to perform checks which may potentially damage data or disrupt services on the remote host.

  • Safe checks only.

  • Include unsafe checks.

Try Default credentials

Perform login attempts through all protocol, such as SSH, SMB, POP3 using default credentials.

Filter out fallback kernels

Only use the current kernel version when finding vulnerabilities.

Limited authenticated assessment with found credentials

Perform a limited authenticated scan against the target (over SSH and/or SMB) using found default credentials.

Virtual hosts

  • Add IP as virtual host.

  • Add hostname as virtual host.

  • Add reverse DNS as virtual host.

Port Scan

Port scanning is a technique used to identify open ports and services running on a networked device or server. A port scan involves sending packets of data to a range of ports on a target device and analyzing the responses received. If a port responds, it indicates that a service is running on that port. By analyzing the type of service and its version number, an attacker can identify vulnerabilities and potential attack vectors.

Port scan speed

Three different modes are available which initiates the scan in different packets per second (pps) rates where normal is the “base” speed, but when running more sweeps the speed will be lowered proportionally.

Select from:

  • Normal (200 pps)

  • Fast (400 pps)

  • Very fast (600 pps)

Higher speed makes the scan go faster but can somewhat increase the probability of packet loss which could make the scan actually take longer because the scanner running more sweeps to compensate for apparent packet loss. In most cases of running an individual scan against a singular target running with very fast would have a negligible negative effect.

However, if running many scans from the same place against targets that share the same network path the impact on packet loss probability is more likely to rise.

TCP port range

Enter the port range you would like to scan in the following format: 443,-250,65000-,110-143,!80

The above would translate into scanning ports 443, 1-79, 81-250, 65000-65535 and 110-143. Valid keywords to put into this field are def and none.

It is also possible to exclude specific ports by adding a ! followed by the port number.

The default value for this field is def, which instructs OUTSCAN to perform a port scan on its default list of TCP ports. This default port list contains approximately 5500 TCP ports.

UDP port range

Enter the port range you would like to scan in the following format: 443,-250,65000-,110-143,!80

The above would translate into scanning ports 443, 1-79, 81-250, 65000-65535 and 110-143. Valid keywords to put into this field are def and none.

It is also possible to exclude specific ports by adding a "!" followed by the port number.

The default value for this field is def, which tells OUTSCAN to port scan its default list of UDP ports. The default port list contains approximately 100 UDP ports.

Warning

Scheduling large amounts ports in UDP scanning will have an affect on the overall scan time. Roughly it can take about an hour per 20.000 ports in best case.


Authenticated Portscan

Use authenticated details when determining if ports are open on the device. The quick option will utilize the open port details without a verification scan to confirm that the ports are really open. The verify option will port scan the authenticated details to determine that the port actually is available externally on the device.

Select from:

  • Off

  • Quick

  • Verify

Fallback to normal port scan

Fallback to normal port scan if no ports are found using authenticated port scan.

SSH port

From which open port (if multiple) is the port details used in the scan gathered.

Trust

Transport Layer Security (TLS) is a cryptographic protocol that provides secure connection with the website's server using a digital certificate. A trusted Certificate Authority (CA) is recognized by your web browser and operating system as a legitimate and trustworthy organization. When connecting to a website using HTTPS, it checks the digital certificate presented by the website against a list of trusted CAs. If the digital certificate is issued by a trusted CA, a secure connection with the website is established.

TLS Trusted CA

Enabling the TLS Trusted CA requires you to provide a certificate file in PEM format.

Credentials

This settings refers to authenticated scans with provided credentials and associated controls.

Enable Remote Registry

Enable remote registry for duration of scan over SMB.

Use Custom Credentials

Custom credentials selects credentials from the available SSH and SMB credentials.

To create SSH and SMB, see SSH Credentials and SMB Credentials document.

Selected Credentials

The selected credentials for the specific policy are listed and can be removed clicking the bin icon.

When using Portal for Network scan, users can select multiple credentials when creating the policy, including several of the same type.

However, if multiple credentials with the same type are selected, only the first created credential is used. Not only for SMB, but also for SSH and VMware vSphere credentials.

Adding a Tag to the Policy

Tagging allows to group and filter data based on a user-defined value.

To add a tag to the policy:

  1. Select the policy by checking the box on the left hand side.



  2. At the bottom, click the edit tags Icon_Edit_Tag.png.png icon.



    or right click and select Edit tags from the context menu.



  3. Name a new tag and click (plus) to add the new tag or select one from the drop-down menu.


  4. Press the blue SUBMIT button to save the tag.


  5. The tag is added to the policy under the Tags column.

For more information on managing tags, see Tags.

Removing a Tag

To remove a tag, click the X on the right hand side of the tag.

For more information on managing tags, see Tags.

Deleting a Policy

To delete a Policy:

  1. Select the policy by checking the box on the left hand side.



  2. Click the Bin Icon_Delete.png icon in the lower right corner of the screen,



    or right click the policy you want to remove and click Delete in the context menu.



  3. Click the red DELETE button in the verification view to remove the policy.

Related Article




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.