Scan -- Public IP -- NAT'ed hosts
Answeredhi all
new to AlertLogic.
we have setup a weekly External scan against a public IP. This public IP is NAT'ed inside to several servers.
Question: Will this scan get to all NAT'ed servers or stop when hitting the "first" one?
Thanks
-
Official comment
Secura Operations -
A standard external scan policy is configured to scan only IP addresses. It can scan a public IP address NAT'ed to multiple servers on the backend. For example, if an FTP server is discovered on port 21 and it is NAT'ed to server A, and an SSH server is discovered on port 22 that is NAT'ed to server B, both services will be fully assessed for vulnerabilities. However, standard external scan policies are limited to a single service per port. If you run multiple web applications over port 80 or 443, then a standard external scan policy is limited to scanning only the web application that accepts requests using the IP address. It will not scan the other web applications.
If your desire is to scan multiple web applications that all resolve to the same public IP address but are NAT'ed to different servers on the backend, then we suggest utilizing our external PCI scan policy. An external PCI scan policy can be configured to scan both IP addresses as well as FQDNs. This scan policy type is also much more extensive on its assessment of the web applications and will ensure each web application is fully assessed.If this does not quite answer your question, please let us know!
-
Hi Secura Operations - Thanks for reaching out! We are working on getting a quality answer to your question and will follow up very soon.
0 -
Hi Kirsten
Thank you for your reply.
Just to fully clarify:
Server A has FTP enabled on tcp/21
Server B also has FTP enabled on tcp/21
Both server NAT'ed behind same Pub IP.
Will the scan assess vulnerabilities on both?
Thanks
0 -
Let's see if we can clarify further. If each FTP server only responds to URL requests, then a standard external scan policy will not scan your FTP servers. However, you should be able to use an external PCI scan policy to scan both FTP servers. PCI scan policies allow you to configure both hostnames as well as IP addresses to be scanned.
0
Please sign in to leave a comment.
Comments
4 comments