McAfee MTP10EMB3RAA Processor Guide - Page 124
About active devices, Scanning standards
UPC - 731944587981
View all McAfee MTP10EMB3RAA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 124 highlights
Using the SaaS Vulnerability Scanning Service Types of scans To ensure scans that are thorough in scope, we recommend adding your domain name as a device. If you have purchased a single domain license, you are entitled to scan all IP addresses in that domain. To scan multiple IP addresses in separate domains, you must purchase additional licenses. About active devices We recommend scanning all active devices. Active devices are those that are involved in, or connected to networks involved in, collecting, transmitting, processing, or storing sensitive information. NOTE: Compliance with the PCI certification standard requires that you scan all active devices. Examples of active devices you should scan are: • F iltering devices - These include firewalls or external routers that are used to filter traffic. If using a firewall or router to establish a DMZ (a buffer zone between the outside public Internet and the private network), these devices must be scanned for vulnerabilities. • W eb servers - These allow Internet users to view web pages and interact with your websites. Because these servers are fully accessible from the public Internet, scanning for vulnerabilities is critical. • A pplication servers - These act as the interface between the web server and the backend databases and legacy systems. Hackers exploit vulnerabilities in these servers and their scripts to get access to internal databases that could potentially store private data. Some website configurations do not include application servers; the web server itself is configured to act in an application server capacity. • D omain name servers (DNS) - These resolve Internet addresses by translating domain names into IP addresses. Merchants or service providers might use their own DNS server or a DNS service provided by their ISP. If DNS servers are vulnerable, hackers can potentially spoof a merchant or service provider web page and collect private information. • E mail servers - These typically exist in the DMZ and can be vulnerable to hacker attacks. They are a critical element to maintaining overall website security. • L oad balancers - These increase the performance and the availability of an environment by spreading the traffic load across multiple physical servers. If your environment uses a load balancer, you should scan all individual servers behind the load balancer. Types of scans There are two basic types of scans. • D iscovery scans - Identify which devices to scan: • D NS Discovery identifies active IP addresses within a domain. • N etwork Discovery identifies active IP addresses and open ports within a network. • D evice audits - Examine a single host, IP address, or domain name for open ports and vulnerabilities. Scanning standards Vulnerability scans are based on these standards: • P CI standard - Complies with credit card issuers by meeting the vulnerability scanning requirements of the Payment Card Industry (PCI) data security standard (DSS). Devices that process payment card information must be scanned and show compliance with this standard quarterly. Used for the PCI certification program. McAfee Total Protection Service Product Guide 124