McAfee MTP08EMB3RUA Product Guide - Page 149
Types of scans, Scanning standards, Severity levels for vulnerabilities
UPC - 731944568133
View all McAfee MTP08EMB3RUA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 149 highlights
Using Vulnerability Scanning Types of scans 9 • Application servers - These act as the interface between the web server and the back-end databases and legacy systems. Hackers exploit vulnerabilities in these servers and their scripts to get access to internal databases that could potentially store private data. Some website configurations do not include application servers; the web server itself is configured to act in an application server capacity. • Domain name servers (DNS) - These resolve Internet addresses by translating domain names into IP addresses. Merchants or service providers might use their own DNS server or a DNS service provided by their ISP. If DNS servers are vulnerable, hackers can potentially spoof a merchant or service provider web page and collect private information. • Email servers - These typically exist in the DMZ and can be vulnerable to hacker attacks. They are a critical element to maintaining overall website security. • Load balancers - These increase the performance and the availability of an environment by spreading the traffic load across multiple physical servers. If your environment uses a load balancer, you should scan all individual servers behind the load balancer. Types of scans There are two basic types of scans. • Discovery scans - Identify which devices to scan: • DNS Discovery identifies active IP addresses within a domain. • Network Discovery identifies active IP addresses and open ports within a network. • Device audits - Examine a single host, IP address, or domain name for open ports and vulnerabilities. Scanning standards Vulnerability scans are based on these standards: • McAfee SECURE™ standard - Meets the website security vulnerabilities audit requirements mandated by HIPAA, GRAMM-LEACH-BILEY, SARBANES-OXLEY, and other federal legislation. • PCI standard - Complies with credit card issuers by meeting the vulnerability scanning requirements of the Payment Card Industry (PCI) data security standard (DSS). Devices that process payment card information must be scanned and show compliance with this standard quarterly. Severity levels for vulnerabilities Vulnerabilities can be assigned different levels of severity by the different standards. Because of this, it is possible for devices to be compliant with the McAfee SECURE standard but not the PCI standard, which has specific requirements developed for devices that process payment card data. Security level 5 (Urgent) 4 (Critical) Description Provide intruders with remote root or remote administrator capabilities. By exploiting these types of vulnerabilities, hackers can compromise the entire host. This category includes vulnerabilities that provide hackers full file-system read and write capabilities, and the ability for remote execution of commands as a root or administrator user. The presence of backdoors and Trojans also qualifies as an urgent vulnerability. Provide intruders with remote user capabilities, but not remote administrator or root user capabilities. Critical vulnerabilities give hackers partial access to file systems (for example, full read access without full write access). Vulnerabilities that expose highly sensitive information also qualify as critical vulnerabilities McAfee Total Protection Service 5.1.5 Product Guide 149