Managing Scan Devices - McAfee TSA00M005PAA - Total Protection Service Product Manual

Using the SaaS Vulnerability Scanning Service

Managing scan devices

• McAfee SECURE standard — Meets the website security vulnerabilities audit
requirements mandated by HIPAA, GRAMM-LEACH-BILEY, SARBANES-OXLEY, and other
federal legislation. Used for the McAfee SECURE trustmark certification program.
Severity levels for vulnerabilities
Vulnerabilities can be assigned different levels of severity by the different standards. Because
of this, it is possible for devices to be compliant with the McAfee SECURE standard but not the
PCI standard, which has specific requirements developed for devices that process payment
card data.
Security
level
5 (Urgent)
4 (Critical)
3 (High)
2 (Medium)
1 (Low)
Manual and scheduled scans
You can run scans on demand (they are queued and completed within 24 hours of the time
you configure them) or schedule them to occur daily, weekly, or monthly. Manual scans are
available to test vulnerabilities identified in a previous scan that you have taken steps to
resolve. These include non-invasive and "full exploit" scans.
If your subscription includes a certification program, you must comply with the scan frequency
requirements of the program.
Managing scan devices
Use these tasks to set up and manage the devices on which you want to run
vulnerability scans.
Tasks
• Discovering IP addresses in a domain on page 126
The DNS Discovery tool identifies active IP addresses associated with a domain.
• Discovering IP addresses in a network on page 126
The network discovery tool identifies which IP addresses within a network (a specified
range of IP addresses) are active.
125
McAfee Total Protection Service Product Guide
Description
Provide intruders with remote root or remote administrator capabilities. By exploiting
these types of vulnerabilities, hackers can compromise the entire host. This category
includes vulnerabilities that provide hackers full file-system read and write
capabilities, and the ability for remote execution of commands as a root or
administrator user. The presence of backdoors and Trojans also qualifies as an urgent
vulnerability.
Provide intruders with remote user capabilities, but not remote administrator or root
user capabilities. Critical vulnerabilities give hackers partial access to file systems (for
example, full read access without full write access). Vulnerabilities that expose highly
sensitive information also qualify as critical vulnerabilities
Provide hackers with access to specific information stored on the host, including
security settings. These vulnerabilities could result in potential misuse of the host by
intruders. Examples include partial disclosure of file contents, access to certain files
on the host, directory browsing, disclosure of filtering rules and security mechanisms,
susceptibility to denial of service (DoS) attacks, and unauthorized use of services
(such as mail relaying).
Expose some sensitive information from the host, such as precise versions of
services. With this information, hackers could research potential attacks to try
against a host.
Informational, such as open ports.