2 Read Before Use

The Greenbone Cloud Service uses a full-featured vulnerability scanner. While the vulnerability scanner has been designed to minimize any adverse effects on the network environment, it still needs to interact and communicate with the target systems being analyzed during a scan. This includes probes via different protocols (e.g., HTTP, FTP) to all exposed services for service detection.

Note

It is the fundamental task of the Greenbone Cloud Service to find and identify otherwise undetected vulnerabilities. To a certain extent the scanner has to behave like a real attacker would.

While the default and recommended settings reduce the impact of the vulnerability scanner on the environment to a minimum, unwanted side effects may still occur. By using the scanner settings the side effects can be controlled and refined.

Note

Be aware of the following general side effects:

  • Log and alert messages may show up on the target systems.

  • Log and alert messages may show up on network devices, monitoring solutions, firewalls and intrusion detection and prevention systems.

  • Firewall rules and other intrusion prevention measures may be triggered.

  • Scans may increase latency on the target and/or the scanned network. In extreme cases, this may result in situations similar to a denial of service (DoS) attack.

  • Scans may trigger bugs in fragile or insecure applications resulting in faults or crashes.

  • Embedded systems and elements of operational technology with weak network stacks are especially subject to possible crashes or even broken devices.

  • Logins (e.g., via SSH or FTP) are done against the target systems for banner-grabbing purposes.

  • Scans may result in user accounts being locked due to the testing of default user name/password combinations.

Since the behavior described above is expected, desired, or even required for vulnerability scanning, the scanner’s IP address(es) should be included in the list of allowed connections on the affected system. Information on creating such a list is available from the documentation or support of the respective system/service.

Remember that triggering faults, crashes or locking with default settings means that an attacker can do the very same at unplanned times and to an unplanned extent. Finding out about it earlier than the attacker is the key to resilience.

While the side effects are very rare when using the default and recommended settings, the vulnerability scanner allows the configuration of invasive behavior and thus will increase the probability of the effects listed above.

Note

Be aware of these facts and verify the required authorization to execute scans before using the Greenbone Cloud Service to scan the target systems.