The security scan does not look at what is actively listening or connecting to but rather what potentially can be connected to. It means that the firewall should be set to block things like MS RPC and such. What we do is have a listening server that listens and connects to all protocol ports. The data collector will attempt to connect to our listener. If we can, then the firewall is not filtering that protocol in particular.
The Outbound Security Reports says that certain protocols are not filtered. Does that mean someone is connecting to that?
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- Scan Range for External Vulnerability Scan
- External Vulnerability Scan Preparation and Explanation
- Data Breach Liability - What does the PII scan look for?
- What is the purpose of the Outbound Vulnerability Report?
- How often are external vulnerability scan definitions updated?
- Does the website section of the security report mean someone is visiting those sites?
- Why are we limited to 50 IP addresses when scheduling an External Vulnerability scan?
- What are CPE, HOST-T and IT-Grundshultz ports on the Vulnerability Scan Detail report?
- The Outbound Security Reports says that certain protocols are not filtered. Does that mean someone is connecting to that?
- Outbound Security Report - User Controls explained
- See more