Best practice

What is best practice for network scan targets?

We recommend scanning IP ranges because of a few reasons. When scanning an IP range you will automatically discover new hosts within the IP range when they come alive. For example if you deploy a new web server it will automatically get scanned.

Another advantage of scanning IP ranges is that you keep track of what host that are responding and what ports that are open. By doing that you will notice if hosts respond, that should not respond, and ports that are open, that should not be open.

Note that our scan engine never scans a host more than once in a single scan run. As an example, if a host exists within an IP range and a tag, and both the IP range and tag is set to a target for a scan run, the host will only be scanned once. 

 

What are the general basics for how a network scan is performed?

Holm Security uses an inference-based scan engine to find vulnerabilities. Each scan begins with a pre-scan module which accurately fingerprints a host. The fingerprinting is performed by sending a series of specially crafted packets to the host and by interpreting the results. Holm Security is able to identify the host operating system, services running and ports opened. Once this information has been captured, the inference-based scan engine selects only the appropriate vulnerability checks to run, runs them, and interprets the results. This approach, consisting of the pre-scan and the inference-based scan engine, accelerates the scanning process, minimizes traffic load on your network and touching your systems, and improves overall accuracy.