Netcraft Hosted Scanning Service

Screen Shot 2015-07-28 at 11.42.49

The Netcraft Hosted Scanning Service offers the ability to run vulnerability scans along with a variety of port scans against large, disparate networks. Scans can be run from machines located inside your data centres, or from the cloud. The scanning service is managed by a web interface and can be accessed using a JSON-based API.

Ideally suited to hosting companies and large organisations, this service makes managing large networks easier, providing the tools and scalability needed to monitor varied, disparate networks for security problems through port scanning and vulnerability detection.

When firewalls are managed by different teams, or even by customers, and with web-visible applications being frequently probed by attackers, pro-active detection and resolution of security problems is essential. Widespread, high-severity vulnerabilities like Heartbleed demonstrate the need for timely security scanning: a large number of affected sites failed to react quickly, and many even reacted incorrectly.

The service handles large network ranges by scaling up the number of scanning machines, automatically splitting up large scans, and selecting scanning machines as required based on their distance from the targeted IP address range. Netcraft-controlled scanning machines are installed in your data centres or hosted in the cloud, located outside of any trusted network, for fast, and accurate results.

Overview of the architecture of Netcraft's Hosted Scanning Service

Overview of the architecture of Netcraft’s Hosted Scanning Service

Scanning

Audited By Netcraft

Screen Shot 2015-07-28 at 15.18.07

The Audited by Netcraft service is an automated vulnerability scanning designed to pro-actively defend web-accessible network infrastructure by finding vulnerabilities. Tests can be run on-demand, requested using the web interface or the API, or they can be scheduled to run either weekly, monthly, or quarterly.

With a wide scope, the Audited by Netcraft service can identify well-known vulnerabilities in network server software, web-based vulnerabilities in bespoke applications — such as cross-site scripting and SQL injection — as well as vulnerabilities caused by misconfiguration.

The results of the Audited by Netcraft scan are presented in an easily-accessible HTML report, with details of the vulnerabilities found, advisories, and links to remediation steps. These reports can be made available to your customers.

Port Scanning

Port scans, usually the first step in a vulnerability scan, can be run separately to determine the available TCP and UDP services on a scanned network. Useful for providing high-level assessments of a network, they can also help validate that firewall rule changes have worked as expected.

As well as full port scans (probing all possible TCP ports and all known UDP services), scans can be limited to a handful of well-known ports. With a smaller set of ports to probe, well-known port scans can be completed in a fraction of the time required for a full scan. The set of well-known ports includes ftp (tcp port 21), http (tcp port 80), dns (udp port 53), smtp (tcp port 25), and ntp (udp port 123). Alternatively, port scans can be configured to probe a user-defined list of ports.

A scan of HTTP and HTTPS services on ports 80 and 443 is also available, giving details of the HTTP response codes and where appropriate details of the SSL certificate.

Management

Web Interface

The web interface can be used to manage both ad-hoc and repeating scans, covering both Audited by Netcraft vulnerability scans and port scans. As well as managing individual scans, summary and billing data is available showing an overview of activity over user-defined time periods.

Access to the web interface is controlled using user accounts, and has the ability to provide reports that are accessible to specific users who may not have access to the interface otherwise — for example, hosting companies can allow their customers to access Audited by Netcraft reports that pertain to their infrastructure.

API

Screen Shot 2015-07-28 at 13.11.23

The JSON-based API can be used to interact with the service programmatically, scheduling both Audited by Netcraft scans and port scans. Access to the API is secured using SSL client certificates.

As well as offering methods to start, stop, and schedule scans the API provides the ability to compute the difference between two port scans, for example an ICMP scan difference is shown below:

{
    "scan1": {
        "changed": {"10.0.0.1": {
            "state": {"from": "down", "to": "up" } }
         },
        "removed": { "10.0.0.2": {"state": "up" } },
        "added": { "10.0.0.3": {"state": "up" } }
    }
}

For more information, please contact us by email or phone +44 (0) 1225 447500.