Sorry if this is a stupid question but here goes. If you allow all kinds of exceptions (EDR/Web Proxy for external scanners), IDS, etc) for your vulnerability scanners (internal and external), doesn’t this leave open the possibility that these devices can be be compromised and used by threat actors for reconnaissance?

​

If so, what kind of additional protections do you put on them. Realizing that they are most likely linux servers with a less vulnerable attack surface than say Windows boxes? Maybe things like higher degree of monitoring, separate VLAN, more frequent ssh key rotation?

​

Or I am way off base on this?

Share This Discussion

1 Comment

  • Realistic-Sample-146

    November 15, 2021

    A little off, you generally whitelist their source IP addresses so for you to be at risk means the vendor had to have the system compromised that’s used to perform the testing then launch a successful attack against you.

    Some people still scan their internal networks but for it to be taken advantage of so done would have to hack an internal system, others use agents to collect and report on.

    Most people have these solutions hardened as well, with MFA and there would be much simpler ways to identify vulnerable systems that doesn’t involve attacking a tool controlled by a security team.

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.