McAfee MTP10EMB3RAA Processor Guide - Page 124

About active devices, Scanning standards

Get McAfee MTP10EMB3RAA - Total Protection 2010 PDF manuals and user guides
UPC - 731944587981
View all McAfee MTP10EMB3RAA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 124 highlights

Using the SaaS Vulnerability Scanning Service Types of scans To ensure scans that are thorough in scope, we recommend adding your domain name as a device. If you have purchased a single domain license, you are entitled to scan all IP addresses in that domain. To scan multiple IP addresses in separate domains, you must purchase additional licenses. About active devices We recommend scanning all active devices. Active devices are those that are involved in, or connected to networks involved in, collecting, transmitting, processing, or storing sensitive information. NOTE: Compliance with the PCI certification standard requires that you scan all active devices. Examples of active devices you should scan are: • F iltering devices - These include firewalls or external routers that are used to filter traffic. If using a firewall or router to establish a DMZ (a buffer zone between the outside public Internet and the private network), these devices must be scanned for vulnerabilities. • W  eb servers - These allow Internet users to view web pages and interact with your websites. Because these servers are fully accessible from the public Internet, scanning for vulnerabilities is critical. • A pplication servers - These act as the interface between the web server and the backend databases and legacy systems. Hackers exploit vulnerabilities in these servers and their scripts to get access to internal databases that could potentially store private data. Some website configurations do not include application servers; the web server itself is configured to act in an application server capacity. • D omain name servers (DNS) - These resolve Internet addresses by translating domain names into IP addresses. Merchants or service providers might use their own DNS server or a DNS service provided by their ISP. If DNS servers are vulnerable, hackers can potentially spoof a merchant or service provider web page and collect private information. • E mail servers - These typically exist in the DMZ and can be vulnerable to hacker attacks. They are a critical element to maintaining overall website security. • L oad balancers - These increase the performance and the availability of an environment by spreading the traffic load across multiple physical servers. If your environment uses a load balancer, you should scan all individual servers behind the load balancer. Types of scans There are two basic types of scans. • D iscovery scans - Identify which devices to scan: • D NS Discovery identifies active IP addresses within a domain. • N etwork Discovery identifies active IP addresses and open ports within a network. • D evice audits - Examine a single host, IP address, or domain name for open ports and vulnerabilities. Scanning standards Vulnerability scans are based on these standards: • P CI standard - Complies with credit card issuers by meeting the vulnerability scanning requirements of the Payment Card Industry (PCI) data security standard (DSS). Devices that process payment card information must be scanned and show compliance with this standard quarterly. Used for the PCI certification program. McAfee Total Protection Service Product Guide 124

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
McAfee Total Protection Service Product Guide
124
To ensure scans that are thorough in scope, we recommend adding your domain name
as a device. If you have purchased a single domain license, you are entitled to scan all IP
addresses in that domain. To scan multiple IP addresses in separate domains, you must
purchase additional licenses.
About active devices
We recommend scanning all active devices. Active devices are those that are involved in, or
connected to networks involved in, collecting, transmitting, processing, or storing sensitive
information.
NOTE:
Compliance with the PCI certification standard requires that you scan all active devices.
Examples of active devices you should scan are:
Filtering devices
— These include firewalls or external routers that are used to filter
traffic. If using a firewall or router to establish a DMZ (a buffer zone between the outside
public Internet and the private network), these devices must be scanned for vulnerabilities.
Web servers
— These allow Internet users to view web pages and interact with your
websites. Because these servers are fully accessible from the public Internet, scanning for
vulnerabilities is critical.
Application servers
— These act as the interface between the web server and the back-
end databases and legacy systems. Hackers exploit vulnerabilities in these servers and their
scripts to get access to internal databases that could potentially store private data. Some
website configurations do not include application servers; the web server itself is configured
to act in an application server capacity.
Domain name servers (DNS)
— These resolve Internet addresses by translating domain
names into IP addresses. Merchants or service providers might use their own DNS server or
a DNS service provided by their ISP. If DNS servers are vulnerable, hackers can potentially
spoof a merchant or service provider web page and collect private information.
Email servers
— These typically exist in the DMZ and can be vulnerable to hacker attacks.
They are a critical element to maintaining overall website security.
Load balancers
— These increase the performance and the availability of an environment
by spreading the traffic load across multiple physical servers. If your environment uses a
load balancer, you should scan all individual servers behind the load balancer.
Types of scans
There are two basic types of scans.
Discovery scans
— Identify which devices to scan:
DNS Discovery identifies active IP addresses within a domain.
Network Discovery identifies active IP addresses and open ports within a network.
Device audits
— Examine a single host, IP address, or domain name for open ports
and vulnerabilities.
Scanning standards
Vulnerability scans are based on these standards:
PCI standard
— Complies with credit card issuers by meeting the vulnerability scanning
requirements of the Payment Card Industry (PCI) data security standard (DSS). Devices
that process payment card information must be scanned and show compliance with this
standard quarterly. Used for the PCI certification program.
Using the SaaS Vulnerability Scanning Service
Types of scans