CIS Network Security Group

CIS Network
Security Team

TAMU Vulnerability Scan Results Explained
Vulnerability Scan Resource
When the Network Security Team performs a vulnerability scan against your host, whether to open a port in the firewall, or to check for a possible problem, Nessus is the scanner used. The scan produces a report which shows the services running on that machine, and vulnerabilites found in those services, if any. By services, we mean http, ssh, etc... All vulnerabilities for a service will be listed together, in one section.
An example of a vulnerability reported is:
    Synopsis :

    The remote service encrypts traffic using a protocol with known
    weaknesses.

    Description :

    The remote service accepts connections encrypted using SSL 2.0, which
    reportedly suffers from several cryptographic flaws and has been
    deprecated for several years.  An attacker may be able to exploit
    these issues to conduct man-in-the-middle attacks or decrypt
    communications between the affected service and clients.

    See also :

    http://www.schneier.com/paper-ssl.pdf

    Solution :

    Consult the application's documentation to disable SSL 2.0 and use SSL
    3.0 or TLS 1.0 instead.

    Risk factor :

    Medium / CVSS Base Score : 5.0
    (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Within the vulnerability reported is the short and long description of the vulnerability itself, along with a suggested solution. The solution should be implemented as soon as possible, and will be required if the vulnerability prevents a port from being opened through the campus firewall.
Also included in the report will be the 'Risk Factor' of the vulnerability. This will be either Low, Medium or High. A Medium or High vulnerability will normally prevent a requested port from being opened. A Low Vulnerability is usually informational, but still should be considered and reviewed to fully secure a machine.
Other items to note:

CVE Reports -- Some vulnerabilities will report a CVE number, such as CVE-2002-0419. This is an identifier for a Common Vulnerability and Exposure. You can look up the identifier reported to learn more about that particular vulnerability.

Plugin Output -- This section of a vulnerability report shows the output of the test against your server for that particular issue.

Trace and or Track Methods -- Many webservers report these methods enabled. This flaw allows for cross-site scripting and the methods will need to be disabled before having port 80 or 443 open through the firewall.

SSL v2.0 -- Many servers report using SSL 2.0 for encryption. This method encrypts traffic using a protocol with known weaknesses. Services using SSL 2.0 will not be opened through the campus firewall. SSL 3.0 or TLS 1.0 will be required.

For any questions concerning this output, or the solutions, please let us know. The best way to reach the CIS Network Security Team is at security@net.tamu.edu.

CIS Network Security Team - Texas A&M University
Send comments to security@net.tamu.edu