Types Of Scans - McAfee TSA00M005PAA - Total Protection Service Product Manual

Using the SaaS Vulnerability Scanning Service

Types of scans

To ensure scans that are thorough in scope, we recommend adding your domain name
as a device. If you have purchased a single domain license, you are entitled to scan all IP
addresses in that domain. To scan multiple IP addresses in separate domains, you must
purchase additional licenses.
About active devices
We recommend scanning all active devices. Active devices are those that are involved in, or
connected to networks involved in, collecting, transmitting, processing, or storing sensitive
information.
NOTE: Compliance with the PCI certification standard requires that you scan all active devices.
Examples of active devices you should scan are:
• Filtering devices — These include firewalls or external routers that are used to filter
traffic. If using a firewall or router to establish a DMZ (a buffer zone between the outside
public Internet and the private network), these devices must be scanned for vulnerabilities.
• Web servers — These allow Internet users to view web pages and interact with your
websites. Because these servers are fully accessible from the public Internet, scanning for
vulnerabilities is critical.
• Application servers — These act as the interface between the web server and the back-
end databases and legacy systems. Hackers exploit vulnerabilities in these servers and their
scripts to get access to internal databases that could potentially store private data. Some
website configurations do not include application servers; the web server itself is configured
to act in an application server capacity.
• Domain name servers (DNS) — These resolve Internet addresses by translating domain
names into IP addresses. Merchants or service providers might use their own DNS server or
a DNS service provided by their ISP. If DNS servers are vulnerable, hackers can potentially
spoof a merchant or service provider web page and collect private information.
• Email servers — These typically exist in the DMZ and can be vulnerable to hacker attacks.
They are a critical element to maintaining overall website security.
• Load balancers — These increase the performance and the availability of an environment
by spreading the traffic load across multiple physical servers. If your environment uses a
load balancer, you should scan all individual servers behind the load balancer.
Types of scans
There are two basic types of scans.
• Discovery scans — Identify which devices to scan:
• DNS Discovery identifies active IP addresses within a domain.
• Network Discovery identifies active IP addresses and open ports within a network.
• Device audits — Examine a single host, IP address, or domain name for open ports
and vulnerabilities.
Scanning standards
Vulnerability scans are based on these standards:
• PCI standard — Complies with credit card issuers by meeting the vulnerability scanning
requirements of the Payment Card Industry (PCI) data security standard (DSS). Devices
that process payment card information must be scanned and show compliance with this
standard quarterly. Used for the PCI certification program.
McAfee Total Protection Service Product Guide
124