Hackers typically search for and exploit open network ports for nefarious reasons. Atera's Network Discovery lets you scan for open ports on your customers' networks so you can discover and take action on these security vulnerabilities. Check out Activate Network Discovery for complete information on signing up for and setting up Network Discovery.
This article describes:
Set up a security scan
To scan for open ports:
1. Access Network Discovery (on the side panel).
2. Select the relevant customer.
3. Open the Scan Settings.
4. Click Advanced.
The Advanced settings appear.
5. Set the scan frequency.
6. Under Port Range, select the ports you want to scan. Choose from:
- Top 100 ports: This is the default scan for basic device and OS detection.
- Top 1000 ports: This includes the ‘Top 100 ports’ + 1000 most common ports.
- Custom: This includes the ‘Top 100 ports’ + a custom port range and scan speed.
Note: Selecting 'Custom' will make the scan take longer.
If you've selected 'Custom' Port Range, you can specify the desired range, plus customize the following:
a. 'Scan Speed' options include:
-T1 sneaky - Super slow for IDS evasion
-T2 polite - Slow for reduced bandwidth/target-machine resource usage
-T3 normal - Normal speed (the default)
-T4 aggressive - Fast. Assumes the network is reasonably fast and reliable.
-T5 insane - Super fast. Assumes the network is extraordinarily fast, or that you're willing to sacrifice some accuracy for speed.
'TCP' is automatically selected ('TCP and UDP' coming soon)
Manage Security Scans
To view the security scan:
1. Once your scan is complete, access Network Discovery and return to the customer.
2. Select the Security tab.
The Security tab has 3 sub-tabs:
The Devices tab displays a list of all the devices in the scanned network, where you can see each device name, the number of open ports (per device), device type, IP address, manufacturer, and OS platform.
Click anywhere on the Device Name row to expand it and see further details regarding the ports (port number, state, port type, service, and version).
The Open Ports tab displays a list of all open ports related to the devices in the scanned network, and includes the port number, state, port type, service, and number of devices associated with each port number.
Click anywhere on the Port Number row to see the number of devices affected, the device type, IP address, manufacturer, and OS platform.
The Potential CVEs tab displays a list of all potential CVEs, including the Common Vulnerability Scoring System (CVSS), severity, and number of devices affected.
Click the CVE ID for more information.
Note: You'll be redirected to https://vulners.com
Click anywhere on the CVE ID row to see the device name, the IP address, OS platform, port number, port type, service, and version.
For more on Network Discovery, check out these articles:
- Activate Network Discovery
- Optimal network settings
- Set up scans
- Scan agentless networks
- Scan results and actions