What does the scan profile settings mean?

Here is information about the different settings for scan profiles. All recommended settings are preselected when setting up a new scan profile.

General information

General information

Name
Enter a name, e.g. Standard scan or Scan for business crucial servers.

Owner
The owner of the policy.

Details
Any comments that you want to add.

Scan settings

Ports coverage
Please read this article:
http://support.holmsecurity.com/hc/en-us/articles/212609249

Additional ports
Here you can add additional ports that are not included in Ports coverage.

Perform 3-way handshake
A three-way-handshake is a method used in a TCP/IP network to create a connection between a local host/client and server. It is a three-step method that requires both the client and server to exchange SYN and ACK (acknowledgment) packets before actual data communication begins.

Read more (external link):
https://www.techopedia.com/definition/10339/three-way-handshake

Include dead hosts in scans
To determine if a host is alive or dead, the scanning engine initiates either a TCP-ACK scan on some popular ports (including SMTP, SSH and HTTP) or pings it with an ICMP ping or both. If there is no response, the host is declared dead and no further processing is done unless this option is enabled. Enabling this option may substantially increase scanning time.

Scan intensity
This is a setting that changes the values for a number of different settings mentioned below. We recommend that you use medium intensity. Choosing Custom makes you set each parameter manually.

Hosts to scan in parallel
Number of scans performed in parallel.

Total processes
Maximal number of security checks that will be launched at the same time against each host.

Packet (burst) delay
The delay between NMAP sending out packages.

  • Automatic (recommended)
    Dynamically adjusted while the scan runs, depends on network quality and speed tested machine answers.
  • Minimum
    10 ms delay.
  • Medium
    100 ms delay.
  • Maximum
    400 ms delay.

Intensity
Sets the NMAP Timing Policy till polite, normal or aggressive.

Read more (external link):
https://nmap.org/book/man-performance.html

Password brute forcing
When having password brute forcing enabled the scan will try to make login using common usernames and passwords for a number of different services that can be found here:
http://support.holmsecurity.com/hc/en-us/articles/115000454169/

Vulnerability detection
Complete
runs a complete vulnerability assessment. You can choose to exclude specific categories and vulnerabilities. When choosing Custom you can select specific categories and vulnerabilities.

Authentication

Here you can enter a new authentication record or chose an existing for Windows and Linux/Unix. Notice that you can only have one authentication record per profile and operating system.

Host discovery

Standard scan (20 ports)
Testing the TCP ports with TCP ACK packet to see if the host is reachable or. The following ports are scanned by default. You can add any additional ports.

  • 21, 22, 23, 25, 53, 80, 110, 111, 135, 139, 143, 443, 445, 993, 995, 1723, 3306, 3389, 5900, 8080

ICMP
A test that sends a regular ICMP ping to check if the host is reachable.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.