AnsweredAssumed Answered

Network Scanning Policy?

Question asked by JeffT on Nov 18, 2014
Latest reply on Nov 20, 2014 by Jonathan Trull


I'd like to know how everyone else is handling this.

 

Currently, we very routinely do a full scan of our entire internal IP address range. Currently, we do some authenticated scanning, and will do more soon.

Simply stated - if it is on our network, it gets scanned - period.

 

Problem:

I've just been told of one system (SAN storage array management port) that doesn't handle vulnerability scan well. This is posted in the products release notes as a Known Issue ("Controller may reset if the management port is scanned by a network vulnerability scanner") - recommended workaround is to set management IP address to non-routable, effectively taking management interface off-line which would likely remove the ability to monitor and alert on system status. It is likely that I will be asked to exclude this system from scanning. This would set a precedent for others to be so excluded. It strikes me that such a problem constitues a DoS vulnerabilty in the product that should be corrected.

 

I understand the problem with a system not handling scan activities, but if we don't scan it, we won't know about the vulnerability, and thus cannot make a decision to accept the risk of leaving that vulnerability.

 

What has been your stance regarding this situation? What has been your response/results for such situations?

Outcomes