Knowledge Base Article

Network Detective Vulnerability Scan

Identify threats and evaluate risk beyond system monitoring, firewalls, and anti-malware.

Relevance

Last Review: February 17, 2020

Product(s): Network Detective

Author(s): Chris Todd

Delta

A cyberist created this article using the patented Delta Method by modernizing a typical approach.

Reference

Summary

Vulnerability scans identify threats and evaluate risk beyond system monitoring, firewalls, and anti-malware. The generated security reports provide management review and auditor compliance, while demonstrating customer privacy protection.

A common industry scam is the free network assessment offer where a vulnerability scan is run as a scare tactic. A vulnerability scan is useless without context of a system plan, monitoring reports, standard operating procedures, and compliance policies.

Requirements

  • Network Detective Application for importing vulnerability scans to generate reports and Network/Security Data Collector for running scans are downloaded from https://www.rapidfiretools.com/nd
  • Other Rapidfire Tools are NOT covered in this document including: Exchange and SQL Assessments, PCI and HIPAA Compliance, Inspector, Reporter, Cyber Hawk, and Add-ons
  • Push deploy tool and instructions for Mac, Linux, and VMWare are not covered in this document
  • .NET 4.5.2 Framework and Windows Installer 4.5 or greater are required on the computer running any Network Detective software
  • E-mail address and password are required for Network Detective Application login
  • Branding dimensions for report cover logo are 600 x 150 pixels and optionally header logo may be smaller at 300 x 75 pixels
  • Recommended reports are PowerPoint, Consolidated Risk, and Full Detail
  • False positive or errant results must be evaluated for web filtering, updates, and antivirus definitions
  • Old or unused computers, users (not logged in over 30 days), and groups lower security score
  • Telnet and FTP on printers are flagged as open ports lowering security score
  • Internet Speed Test and Whois check are unreliable and you may want to disable
  • Wifi data is often excluded as a separate subnet and unreachable
  • Wifi data is often excluded as a separate subnet and unreachable
  • USB is often excluded as blocked by Group Policy in managed environments
  • Domain administrator credentials are required for the Network/Security Data Collector
  • Network/Security Data Collector installation is recommended on a Hpyerv host or non-critical server or administrator workstation
  • Domain name and internal IP address range are required for Active Directory/Network scan
  • Windows Management Instrumentation, Remote Registry, and PING must be enabled by Group Policy in Windows Firewall for data collection scanning
  • Public IP address must be entered for the External Vulnerability Scan
  • External domain name is required for Darkweb scan
  • On an exception basis, an optional local scan may be run on unreachable computers without the network box checked and the results merged with the network scan
  • Network scan may run a minimum of 2 to 4 hours which impacts network performance and should be performed during non-business hours

Network Detective Setup

  1. Download and install Network Detective from: https://www.rapidfiretools.com/nd
  2. Open Network Detective and login with assigned credentials
  3. Apply the latest updates for security and feature improvements if prompted
  4. Select Preferences and set global report defaults, theme/style, and logo

Network/Security Assessment Steps

  1. Open Network Detective and login with assigned credentials
  2. Create Site by Company Name
  3. Click on Start Project and select both Network Assessment and Security Assessment
  4. Add Assessment Label of Baseline-YYYYMMDD or Quarterly-YYYYMMDD
  5. Click the active Security Assessment for the site, select Initiate External Scan and enter the public IP range of the perimeter firewall which will take approximately 1 – 2 hours
  6. Go to the physical site to scan, download Network\Security Data Collector from: https://www.rapidfiretools.com/nd
  7. Unzip the files and Run as an Administrator
  8. Select Network Data Collector and Security Data Collector
  9. Next select Active Directory and local Domain, then enter Domain Administrator username and password and internal network IP range to scan
  10. Enter External Domains for Dark Web scan for compromised passwords
  11. Use Defaults for SNMP unless a custom community name is documented and provided
  12. Deselect all categories to opt out of User Control Tests, unless data collection is run on a workstation with web filtering
  13. Enable File Scanner for Personally Identifiable Information
  14. Verify and Run the Output Assessment File by company initials and date like XXX-YYYYMMDD (Zip file used next for Network Detective import)

Import Scans and Generate Reports

  • Open Network Detective and login with assigned credentials
  • Select Site desired, Import Scans browsing to output file above, and Create Reports for the active assessment
  • Initial baseline scan is often a low security score and will likely need be run 1 – 2 more times after problem remediation and configuration exclusion before reviewing with management
  • Security Risk reports must be reviewed in person along with associated work and action plans
  • Vulnerability scans are recommended quarterly to annually for most industry compliance