FlockBox

Advanced Networking and Design

Hawk CVE Scanner


Automated host discovery and port scans of any network are a must these days for security and/or compliance (PCI, HIPAA, etc.) reasons. Hawk runs in either a VM (virtual machine) or on appliance hardware and scans the LAN and all defined subnets for CVEs (Common Vulnerabilities and Exposures, or cataloged security issues).

All of our products use either Linux or FreeBSD, and Hawk is no exception. Our managed service includes weekly scanning of all reachable subnets. Discovered hosts and all open ports are interrogated for known security holes and outdated network software, and all scanning data is automatically collected and uploaded to FlockBox servers, where the data is analyzed via automation and sophisticated scripts. Additionally, the raw data is inspected manually for any additional anomalies or security issues, as warranted. Reports are compiled each week and are emailed to the customer, or whenever new hosts are detected on the network. Vulnerabilities and rogue devices are therefore easily and quickly identified, for further action by the vendor or their customers. Hawk can be of significant benefit as part of any organization's layered IT security strategy.

Further, we monitor and maintain the Linux operating system and all software that runs on the Hawk appliances, and all patching and remediation is performed as swiftly as practical. If your organization maintains a patching schedule or Change Advisory Board, we will adhere to those schedules, or in the absence of such we will patch Hawk within days or hours of any security advisories. The last thing we want to do is bring insecure appliances onto your network and thus become a liability ourselves.

An example report can be downloaded here. This report shows a portion of a scan that was performed at FlockBox on our office and lab network. Host 192.168.2.1 shows a number of critical and high CVEs, but investigation revealed that the actual installed versions of Samba and Asterisk were not vulnerable due to the stated reasons and were thus excluded. Host 192.168.2.220 (not shown in detail) has the same installed software, but the exclusions were not yet put in place.

Regular vulnerability scanning and remediation is a valuable part of a sound network strategy, along with software and operating system patching, firewalls, virus/malware detection and removal, and other tools. Expert FlockBox system administrators stand ready to advise and/or assist your techs or admins with any security or other issue that may arise.