External Scan - An external vulnerability scan is a scan that is conducted from outside of the network. These scans target WAN IP addresses, scanning perimeter defences like websites, web applications, and network firewalls for weaknesses. CyberCNS provides external scans with configurable profiles so that you have control over the depth of the scan that needs to be performed.
In order for the external scan to work the IP and hostname will be scanned from the following IP Addresses based on the region. Your region is the suffix on your portal URL. E.g. If your URL is portaluseast2.mycybercns.com then your region is useast2. The IPs are as listed below.
Region | Originating IP Address for External Scan |
---|---|
USWEST2 | 44.231.123.15 |
EUCENTRAL1 | 35.158.55.215 |
EUWEST2 | 13.41.172.255 |
APSOUTHEAST2 | 54.206.202.191 |
USEAST2 | 3.22.165.174 |
Running External Scans using CyberCNS
Choose a company for which you need to run a scan, and navigate to External Scan to create a profile.
Profiles
Users can create different profiles based on the requirement and attach them to assets to be scanned for external scans.
In the profile sections, you can create your own profiles and can add these profiles in the Configurations section.
There are three Default Profiles, that are
🔹 Quick Scan: This covers the top 1000 ports defined by IANA, which covers up to 65% risk profile.
🔸 Detailed Scan: This covers the top 3500 ports defined by IANA, which covers up to 94% risk profile.
🔹 Deep Scan: This will scan all 65535 ports, this can take 10 minutes to hours.
CyberCNS uses Connect Scan protocol for default profiles.
If you want to create your own Custom Profiles click on +Add.
In the profiles section, enter the Profile Name as required and select the Port Scan Type.
There are two types of Ports, those are Top Ports and Custom Ports.
Top Ports
In Top ports, you can choose the number of ports(100, 500, 1000, 3000, 5000, 10000, and 65535 ports) as required.
Choose the Protocols as required.
🔹 Sync
🔸 Connect
🔹 Xmas Scan
Choose the Service Detections as required and click on Save.
Once the profile is created successfully, you can either Edit or Delete the created profile in case required.
Configurations
When the profile is created, navigate to the Configurations section and click on +Add to add the External Scan Endpoints.
Select the Discovery Type as required.
🔹 IP Range: Discovery Type selected as IP Range, then please provide the Start IP and End IP of the range selected.
🔸 Static IP: Discovery Type selected as Static IP, then need to provide a single IP address to scan.
🔹 Domain Name: Discovery Type, selected as Domain Name, then need to provide a Domain Name.
The created profile can be chosen here if required, if not can select the Scan profile.
Enter the secure ports for the required IP address.
To add multiple ports, enter a port and press comma or press enter to add.
Once all the details are provided, click on Save.
Select the checkbox of Exclude from scanning in case an IP exclusion is required.
Select the Scan Later option, to save the credentials and scan later.
To start the scan, select the checkbox to Scan the added IP and then click on Scan Now under Global Actions, or under the Action select the option Scan Now.
There is an option to Edit or Delete the Discovery Type using the Action column. Any Discovery Type can be edited or deleted if needed.
Jobs
All the jobs for the external scan will be shown in the Jobs tab. This will include the information like Job status.
When the scan begins, navigate to the Jobs section to check the Job Completion.
Results
All the Results for the external scan are shown in the Results tab.
Once the scan is completed, navigate to the Results section, to view the details of the added IP.
Information such as Ports Scan, Protocol Scan, Service Detections, OverAll Grade, Open Ports, Vulnerabilities, and Operating System Details will be displayed.
Custom Ports
For custom ports, enter multiple ports of your own by adding commas. Choose the Protocols as required from below:
🔹 Sync
🔸 Connect
🔹 Xmas Scan
Choose the Service Detections as required and click on Save.
For the added IP can get the details based on the Selected profile.
Overall Grade, Open Ports, Vulnerabilities, Operating System Details, Common SSL Vulnerabilities, and Certificate details will be displayed.
One can download the individual External Scan result by clicking on the download icon( ).
Web Vulnerabilities
Click View Details under the Vulnerabilities section to get more information about the vulnerabilities.
Details such as Category, CVSS, Severity, Remediation, Impact and Description are captured for Vulnerabilities.
SSL Attacks and Certificates
Common SSL Vulnerabilities like DROWN, POODLE & HEARTBLEED are checked for.
SSL Certificates if any are found on the system, the details as shown below will be available in this section.
This completes the documentation for External Scan.