Passive and active scanners
First of all, it is good to know that we use various scanners for our security monitor service. One of them scans your web applications for vulnerabilities, the other checks all your network traffic, yet another keeps an eye on your servers - and there are many more. These different (virtual) scanners can be divided into two different categories: passive and active. For example, we use a passive scanner to monitor the network traffic of your organisation. We install this scanner into your network, after which you do not have to do anything anymore. You can compare it to a policeman who keeps a close eye on what is happening on the streets and who intervenes when necessary. For example, the scanner looks at what you send via your network and which application you use to do so. He sees that you send an e-mail via Outlook and which version of this e-mail program you are using for instance.
You can compare an active scan with an agent who approaches you without any immediate reason and asks what is in your backpack. This type of scanner does not monitor your network traffic, but checks computers and individual systems, such as PCs and databases, for vulnerabilities. We also install these scanners for you, but unlike the passive scanner, we put it to work with a certain interval; for example weekly on a Sunday. The reason we recommend performing these scans on weekends or evenings is that your employees also request information from the computer or system during the day and during the week. If you put the scanner to work at that time to check for vulnerabilities, the computers and / or systems may become overloaded.
The different Qbit Security Monitor modules
In short, our security monitor consists of different types of scans, all of which check a different component of your network infrastructure. At Qbit, the different scans are devided under three separate modules: the network security, the application security and the network monitoring module. For the network security module, we use an active scan that identifies vulnerabilities or misconfigurations in all individual systems and computers that your organisation uses, such as servers, routers, PCs and firewalls. For example, the scan may discover that you have missed certain system updates or that the version you are using contains a bug, which is a potential entry point for a hacker.
With the application security module, we scan all your web applications, such as your intranet, your payroll program or your own website. The (active) scanner identifies and reports known security vulnerabilities within these types of web applications. A common problem is cross site scripting (XSS). In that case, a hacker places, for example, a code in the contact form on your website, with which he recieves the data of your potential customers on his computer.
Finally, we use a passive scanner for the network monitoring module that continuously monitors your network traffic and alarms as soon as it detects an abnormality. For example, large companies have different networks on which different systems and / or programs run. Our scanner monitors if the internet traffic actually goes via the right network and alarms when this is not the case. Consider, for example, a large hospital that processes a lot of sensitive patient data. For such an organisation, it is wise to use a separate network for the patient portal and hospital equipment and one for other internet traffic, for example a separate network on which staff use WhatsApp. This ensures that you do not expose critical systems or equipment to threats, such as malware that can infect the network via phones or laptops.
To specify the above, we will give a few examples of vulnerabilities that we often encounter and what our advise would be to get rid of them:
Outdated software such as an old version of Windows or Chrome can contain vulnerabilities. Of course we recommend a software update in this case, but in some cases this is not possible. Sometimes an old version of an application is needed to keep certain processes running within an organisation. For example, heart monitors in a hospital or production lines in a factory. You cannot update this equipment very easily. The specialists of Qbit help you to repair the vulnerability in a suitable way.
Known vulnerabilities in applications are credential leaks, like leaked passwords. We often see this when an organisation uses old services such as Telnet, with which you can remotely log in to a machine to control it. We recommend disabling such old services, especially if they are connected to the internet. For example, instead of Telnet, we recommend using a VPN in combination with Secure Shell (SSH). SSH is a network protocol that allows secure communication between two computers by encrypting the data.
Weaker forms of encryption - in other words: poor encryption of data that you exchange via network protocols. A network protocol is a computer prescription that describes how to transfer information from one computer to another. So, it is a technique to connect computers to each other within a network. When we encounter weaker forms of encryption, such as SSL3.0 or TLS1.0, we advise to disable it and use a newer version like TLS1.2 or 1.3.
In conclusion: there is a lot involved in monitoring the network infrastructure of your organisation. Do you want to stay up to date on the security level of your organisation, so that you can do business without worries and your employees or colleagues can work pleasantly? Please do not hesitate to contact us. Our security experts look at what your organisation needs and adjust the security monitor service accordingly.