Sangfor Community»Categories Products Network Secure (NGAF) NGAF Passive Vulnerability Scan

NGAF Passive Vulnerability Scan

views: 3846 | comments: 13 | added to Favorites 0
Lights on | 提示:支持键盘翻页<-左 右->
    组图打开中,请稍候......
Created: 31 Oct 2023 10:18

Summary:

Last edited by AimanHakim 31 Oct 2023 10:19. Hi guys, I have a problem regarding the passive vulnerability scanning for the Business Asset Security. Even though I've enabled the passive scanning in ...

Reply

jerome_itable Posted 09 Nov 2023 08:14
Yes, it is possible that the scanned servers are so well protected that there is no output generated. This is because passive vulnerability scanners only collect information that is passively available on the network, such as network traffic and logs. If the servers are configured to not disclose any information about their vulnerabilities, then the passive scanner will not be able to identify any vulnerabilities.

Here are some possible reasons why the passive vulnerability scanner might not be generating any output:

    The servers are not responding to the scanner's probes. This could be because the servers are not configured to respond to probes, or because the scanner is not sending probes to the correct ports.
    The servers are using encryption to protect their traffic. This will prevent the scanner from being able to read the traffic and identify any vulnerabilities.
    The servers are using firewalls to block the scanner's probes. This could be because the firewalls are not configured to allow traffic from the scanner, or because the scanner is not using the correct IP addresses or ports.

If you are concerned that your servers might be so well protected that they are not being properly scanned, you could try using an active vulnerability scanner. Active scanners send probes directly to the servers, which can help to identify vulnerabilities that would not be detected by a passive scanner.

Here are some additional things you can do to troubleshoot the problem:

    Check the scanner's logs to see if there are any errors being reported. This could help to identify the cause of the problem.
    Make sure that the scanner is configured correctly. This includes checking that the scanner is using the correct IP addresses, ports, and credentials.
    Try scanning the servers from a different network segment. This could help to rule out any problems with the network configuration.
Farina Ahmed Posted 08 Nov 2023 17:58
To troubleshoot this, ensure that the passive scanning configuration is correctly set up within the default template for Basic Protection and Detection and Response. Verify that the network traffic is properly reaching the scanning tool within the defined policy scope. Check if there are any firewall rules or network configurations in the virtual untrust (WAN) and trust (LAN) zones that might be blocking or interfering with the scanning process. Reviewing these settings and confirming the correct configuration of both the scanning tool and network zones should help identify and resolve the problem.
Happpy Posted 08 Nov 2023 15:45
Check for any logs or diagnostics related to the passive scanning process. They can provide insight into any errors or issues that might be occurring.
Fuji12 Posted 08 Nov 2023 15:44
Try reaching out to the support team for the specific security software you're using. They might be able to provide more specific guidance based on the software's capabilities and your configuration.
Jigen87 Posted 08 Nov 2023 15:43
Passive scanning relies on network traffic to identify vulnerabilities. If there is minimal or no network activity on the servers you're scanning, this can also result in limited or no data.
damulagski Posted 08 Nov 2023 15:43
Passive scanning may take some time to collect sufficient data and identify vulnerabilities. The lack of immediate results doesn't necessarily mean something is wrong. Give it some time to collect data and generate reports.
JoanaPatricia Posted 08 Nov 2023 15:42
It's possible that the servers you are scanning are indeed well-protected and have no known vulnerabilities. Passive scanning relies on identifying vulnerabilities based on the network traffic and behavior. If your servers are up-to-date with patches and well-secured, there may be no vulnerabilities to report.
Rica Cortez Posted 08 Nov 2023 15:42
Servers must be identify first and make an object
Carem Posted 08 Nov 2023 15:40
Confirm that the firewall rules are correctly configured to allow the traffic needed for passive scanning. If the traffic is blocked, the scanning data won't be collected. Ensure that the scanning traffic is allowed in your security policy.
soneosansan Posted 08 Nov 2023 15:39
Ensure that the passive vulnerability scanning feature is correctly configured in your security policy. Double-check the policy settings, and make sure that the passive scanning feature is properly enabled.
RegiBoy Posted 08 Nov 2023 15:29
The scanned servers may be well-protected, resulting in no output being generated by the passive vulnerability scanning. Passive vulnerability scanning relies on analyzing network traffic and documents to gather information about the systems and software versions in use by a company