Table of Contents
Advertisement
•
Application servers — These act as the interface between the web server and the back-end
databases and legacy systems. Hackers exploit vulnerabilities in these servers and their scripts to
get access to internal databases that could potentially store private data. Some website
configurations do not include application servers; the web server itself is configured to act in an
application server capacity.
•
Domain name servers (DNS) — These resolve Internet addresses by translating domain names
into IP addresses. Merchants or service providers might use their own DNS server or a DNS service
provided by their ISP. If DNS servers are vulnerable, hackers can potentially spoof a merchant or
service provider web page and collect private information.
•
Email servers — These typically exist in the DMZ and can be vulnerable to hacker attacks. They
are a critical element to maintaining overall website security.
•
Load balancers — These increase the performance and the availability of an environment by
spreading the traffic load across multiple physical servers. If your environment uses a load
balancer, you should scan all individual servers behind the load balancer.
Types of scans
There are two basic types of scans.
•
Discovery scans — Identify which devices to scan:
•
DNS Discovery identifies active IP addresses within a domain.
•
Network Discovery identifies active IP addresses and open ports within a network.
•
Device audits — Examine a single host, IP address, or domain name for open ports and
vulnerabilities.
Scanning standards
Vulnerability scans are based on these standards:
•
McAfee SECURE
HIPAA, GRAMM-LEACH-BILEY, SARBANES-OXLEY, and other federal legislation.
•
PCI standard — Complies with credit card issuers by meeting the vulnerability scanning requirements
of the Payment Card Industry (PCI) data security standard (DSS). Devices that process payment
card information must be scanned and show compliance with this standard quarterly.
Severity levels for vulnerabilities
Vulnerabilities can be assigned different levels of severity by the different standards. Because of this,
it is possible for devices to be compliant with the McAfee SECURE standard but not the PCI standard,
which has specific requirements developed for devices that process payment card data.
Security
level
5 (Urgent)
4 (Critical)
™
standard — Meets the website security vulnerabilities audit requirements mandated by
Description
Provide intruders with remote root or remote administrator capabilities. By exploiting
these types of vulnerabilities, hackers can compromise the entire host. This category
includes vulnerabilities that provide hackers full file-system read and write
capabilities, and the ability for remote execution of commands as a root or
administrator user. The presence of backdoors and Trojans also qualifies as an urgent
vulnerability.
Provide intruders with remote user capabilities, but not remote administrator or root
user capabilities. Critical vulnerabilities give hackers partial access to file systems (for
example, full read access without full write access). Vulnerabilities that expose highly
sensitive information also qualify as critical vulnerabilities
Using Vulnerability Scanning
McAfee Total Protection Service 5.1.5 Product Guide
Types of scans
149
9
Advertisement
Table of Contents
