<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname;   }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <h2>Device Scans</h2> <p>Security scans against devices test for known vulnerabilities in their local network processes. It is a technique often used by attackers to detect potential security holes. In order to detect such holes before them and in order to improve the general security of devices connected to CERN networks, the Security Team is currently using a series of different vulnerability scanners:</p> <ul> <li>The standard "<a href="http://www.nmap.org">Nmap</a>" and "<a ref="http://www.openvas.org/">OpenVAS</a>" are used for a general assessment of locally running services. This scanner is part of the <a href="/services/en/network_scans.shtml">regular network scans</a>; <li>The widely used "<a href="https://www.zaproxy.org/">ZAP</a>" tool as well as a home-grown "Web Applicaiton Detection" scanner are generally employed for checking the security of and detecting vulnerabilities on websites (see the <a href="/services/en/web_scans.shtml">Web application scan</a>); <li>All are employed for checking requests for openings in CERN's <a href="/services/en/firewall.shtml">outer perimeter firewall</a>. </ul> <p>If security holes are found, instructions to fix them will be sent to the person responsible for the system, whose name can be viewed and updated at <a href="http://network.cern.ch">Network Connection Request Form</a>. (This requires that the "Responsible" or "Main User" are correctly registered).</p> <h4>Why are security scans useful?</h4> <p>Scans conduct basic intrusions attempts which any device should be capable to resist. Software running behind TCP/UDP ports may be exploited by intruders. Taking preventative action against known vulnerabilities avoids the unpleasant and time consuming consequences of a security break-in.</p> <h4>What are the side-effects of a scan?</h4> <p>Caution will be taken to run security scans in the smoothest possible way. However, unforeseen side-effects on network services cannot be excluded. Some examples are:</p> <ul> <li>network services which log connection attempts will have entries in their logs;</li> <li>X display forwarders such as SSH may report connection attempts;</li> <li>under certain rare circumstances special device like Programmable Logic Controller (PLC) might fail due to lack of robustness.</li> </ul> <p>Sensitive devices can be excluded from scanning by informing the Security Team.</p> <h4>What can system administrators do?</h4> <p>System administrators are requested to check that correct data is registered for their systems at <a href="http://network.cern.ch">Network Connection Request Form</a>. To securely configure your systems we advise you to:</p> <ul> <li>disable non-essential network processes;</li> <li>secure active network services, and</li> <li>pro-actively install security patches.</li> </ul> <p>Also follow the good practises listed <a href="/recommendations/en/index.shtml">here</a>. </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <ul class="sidemenu"> <li><a href="/home/en/privacy_statement.shtml">Privacy Statement</a></li> </ul> <h3>Computer Security Incident Response</h3> <ul class="sidemenu"> <li><a href="/services/en/emergency.shtml">Emergencies</a> <li><a href="/services/en/sems.shtml">Self-mitigation portal</a></li> </ul> <h3>Consulting, Pentesting & Reviews</h3> <ul class="sidemenu"> <li><a href="/services/en/reviews.shtml">...on request</a> <li><a href="/services/en/whitehats.shtml">CERN WhiteHat Challenge</a> </ul> <h3>Host-Based Intrusion Detection</h3> <ul class="sidemenu"> <li><a href="/services/en/csl.shtml">Central security logging</a></li> <li><a href="/services/en/password_dumps.shtml">Password Dump Notifications</a></li> <li><a href="/services/en/receipts.shtml">Remote Login Notifications</a></li> </ul> <h3>Traffic Control & Monitoring</h3> <ul class="sidemenu"> <li><a href="/services/en/dns.shtml">DNS analysis</a></li> <li><a href="/services/en/ids.shtml">Network-based intrusion detection</a></li> <li><a href="/services/en/firewall.shtml">The CERN outer perimeter firewall</a></li> <li><a href="/services/en/dnim.shtml">Statistical traffic analysis</a></li> <li><a href="/services/en/spam.shtml">SPAM filtering</a></li> </ul> <h3>Vulnerability Scans</h3> <ul class="sidemenu"> <li><a href="/services/en/device_scans.shtml">Device scans</a></li> <li><a href="/services/en/network_scans.shtml">Network scans</a></li> <li><a href="/services/en/passwords.shtml">Password cracking</a></li> <li><a href="/services/en/web_scans.shtml">Web application scans</a></li> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>