What is an external security scan? Why should you care?

If your company has internet access, then you have what is called a public IP address.

This address (a series of four numbers separated by a period i.e. – 123.456.789.111) is assigned to you by your ISP (Internet Service Provider).  It can be assigned either statically (always the same number) or dynamically (your ISP will re-assign it periodically). If you have more than one site or multiple servers publishing services to the internet, you probably have multiple static IP addresses, not just one.

Your public IP address (or addresses) is typically programmed into your company’s firewall or router and acts as its unique address on the public internet. This allows you and your employees to access the internet by letting permitted information to flow through your firewall and to the internet from the individual computers on your network, and allows those outside your network to only access the network resources you want to allow.

In a very real sense, your firewall is your gatekeeper to the world! The firewall must also only allow very specific information and services back onto your network from the outside world and block everything else; that is its job. However, threats are constantly evolving, and the protection offered by your firewall is only as good as its awareness of current threats and how securely it was programmed.

It is for precisely this reason that external security scans are necessary.

An external security scan analyzes your public IP addresses from the outside and looks for ”holes” where malicious entities could break in and attack your network.  If vulnerabilities are found in your firewall or the servers behind it, then these “holes” can be proactively fixed or patched before they can be exploited by the bad guys.

Think of your company as a house . . . in a very bad part of town.  To keep your family secure, you would lock your doors and windows and only let in someone that you know and trust.  In this analogy, an external security scan would check to make sure all of the doors and windows of the house are locked, secure and inaccessible to outside intruders.

Now you may be asking yourself . . . who would want to attack or “hack” our network? A fair question, and one better answered by graphic representation of hacking attempts against targets in the United States as reported by a U.S. security firm. The graphic below shows that in just 45 minutes, the U.S. was the victim of 5,840 cyberattacks. Keep in mind that the actual number of hack attempts are orders of magnitude greater on any given day than reported, and this happens every minute of every day, with the number of hack attempts growing exponentially every year.

AttacksOnUSin45min

One misconception is that most hackers are targeting a specific company. Not true–instead, the vast majority of these hacks originate with hackers scanning large portions of the internet looking for targets of opportunity. In addition to protecting your network in the event that you are specifically targeted, external vulnerability scanning helps you identify and remediate potential issues ahead of time so that you’ll present a smaller “attack surface” to these drive-by attacks.

Returning to the house analogy, you wouldn’t check your security just once, either—you’d want to regularly check to make sure things are still secure from the latest intrusions and threats. To illustrate why this is important in the network security realm, consider some recent history:

In April of 2014, security researchers discovered a major flaw (codenamed Heartbleed) in the OpenSSL library that left millions of web servers vulnerable even when using what were considered to be the most secure web communication protocols. A few months later in September, another major vulnerability (Shellshock) was discovered, affecting tens of thousands of Unix/Linux webservers. Just weeks later, a not-quite-as-serious but still significant vulnerability codenamed POODLE was revealed. While all of these made high profile news at the time, significant vulnerabilities are regularly being discovered, and not all of them make the news. Doing security scans regularly helps ensure that your security posture is up to date for current threats, not just past ones.

BOTTOM LINE: Keep your network and data safe by being proactive and not reactive. Have your network scanned regularly and after any major hardware upgrades or changes to your infrastructure.

GreenLoop offers external security scanning for up to 3 IP addresses for $297/quarter. Contact us for more information or for a free one-time network assessment.

Leave a Reply

Your email address will not be published. Required fields are marked *