Security Services
Automated security scanning
Last updated
Was this helpful?
Automated security scanning
Last updated
Was this helpful?
The Security Services tab, under the Admin -> Workgroup menu enables you to schedule weekly scans of your network to identify open ports and locally connected machines.
To use this feature, you will need the Control Devices permission.
There are two types of scans implemented at the moment: External and Internal.
External scans will check for open ports on the network a device is connected to that can be accessed via the internet. A list of open ports will be reported. This is similar to the Devices -> Discovery -> Open Services feature.
Internal scans will check the local network a device is connected to for other hosts. A list of MAC addresses, IP addresses and short descriptions will be reported. This is similar to the Devices -> Discovery -> Network Scan feature.
Internal and External scans will be scheduled to run on Saturday at midnight (00:00) UTC time each week.
To enable or disable an individual scan at a single plant, you can toggle the "Enabled" column of the device.
Scans on many devices can be enabled and/or disabled by using the check-boxes. Select all and the device filter box. Once a device has been selected, the buttons at the top of the table can be used to enable/disable internal and/or external scans on all selected devices.
Once a scan has been scheduled, "Scan scheduled" should be displayed in the report table.
Individual scans can be scheduled for execution by clicking the "play" button in the Actions column. This button is not available if the scan has already been scheduled, or is currently in progress.
Scans on multiple devices can be scheduled by selecting the desired devices and choosing an option from the "Run scans" menu button at the top of the page.
Scans initiated via this interface start at the back of the queue. Additionally, external scans can take several hours to run on some networks. As such, it may take several days for ad-hoc scan results to become available, especially if a large number of scheduled weekly scans are still awaiting execution.
Once scheduled scans have run, the latest set of results will be displayed in the table:
For external scans, the number of open ports will be displayed in red.
Click on this number to view the full list of open ports:
Some networks may be protected by an Intrusion Detection System (IDS). These systems can interfere with network scanning tools by returning large numbers of open ports and slowing down responses to network requests made by the scan, for example.
Where we suspect an IDS is in use, it will be flagged in the external scan results.
For internal scans, the number of hosts found will be displayed in secondary (faded blue in colour). Click on the number to view details for all hosts:
Scans that fail for any reason will be retried up to three times. If these retries are unsuccessful, the scan will report "Scan failed".
Open ports and detected hosts will be logged to the security_scans table, which can be accessed via the search interface.
