Scan options affect the way the service performs vulnerability scans on target hosts. Specifically, scan options affect how the service gathers information about target hosts and performs vulnerability assessment. These options appear on the Scan tab when you create or edit an option profile.
Scan Options: Ports | Scan Dead Hosts | Performance | Load Balancer Detection | Password Brute Forcing | Vulnerability Detection | Authentication | Additional Options | Share Enumeration
TCP Ports. Select which TCP ports should be scanned. Your options are: None, Full, Standard Scan, Light Scan, and Additional (for user-specified ports). To see a list of the ports included in a standard scan, click View list next to Standard Scan. To see a list of the ports included in a light scan, click View list next to Light Scan. To specify additional ports, select the Additional check box and enter the port numbers in the field provided. (Initial Setting: Standard Scan)
UDP Ports. Select which UDP ports should be scanned. Your options are: None, Full, Standard Scan, Light Scan, and Additional (for user-specified ports). To see a list of the ports included in a standard scan, click View list next to Standard Scan. To see a list of the ports included in a light scan, click View list next to Light Scan. To specify additional ports, select the Additional check box and enter the port numbers in the field provided. (Initial Setting: Standard Scan)
When you select "Full", the scanner first determines if it is feasible to perform full UDP port scan on target systems. For hosts behind a fire wall configured to block or drop most UDP packets and for hosts that have a limit on the transmission rate of ICMP Port Unreachable packets (e.g., one ICMP packet per second), full UDP port scanning time will be significantly increased. In these cases, the scanner automatically performs a standard scan on the default UDP ports.
Perform 3 way Handshake. When you enable this option, the scanning service performs a 3-way handshake with target hosts. After a connection between the service and the target host is established, the connection will be closed. This option should be enabled only if you have a configuration that does not allow an SYN packet to be followed by an RST packet. Also, when this is enabled, TCP based OS detection is not performed on target hosts. Without TCP based OS detection, the service may not be able to identify the operating system installed on target hosts and perform OS-specific vulnerability checks. (Initial Setting: Disabled)
Authoritative Option. When you enable this option, the results from light port scans and scans on customized port lists affect the status for all vulnerabilities on target hosts, not just those detected on the scanned ports. See Authoritative Scan Option for more information. (Initial Setting: Disabled)
To determine if a host is alive or dead, the scanning engine checks usual services on the host, such as SMTP, SSH and HTTP, and tries to ping it. If none of the services respond, the host is declared dead and no further processing is done. This option may substantially increase the scan time. (Initial Setting: Disabled)
The performance level determines the number of hosts to scan in parallel, the number of processes to run in parallel against each host, and the delay between groups of packets sent to each host. Click Configure to change the overall performance level or customize performance settings. See Configure Scan Performance Settings for more information. (Initial Setting: Normal)
When you select this option, the scanning engine checks each host to determine if it's a load balancer. When the scanning engine detects a load balancer, it attempts to determine the number of Web servers behind it and reports QID #86189 "Presence of a Load-Balancing Device Detected" in your results. (Initial Setting: Disabled)
You have these password brute forcing options:
System. When selected, the scanning engine attempts to guess the password corresponding to each detected login ID on each target host scanned. Select the level of brute forcing you prefer. Options range from "Minimal" to "Exhaustive".
Custom. When selected, the scanning engine uses the brute force lists saved in the option profile to test user-provided login/password combinations on target hosts.
See About Password Brute Forcing for more information.
(Initial Setting: No Brute Forcing)
Specify which vulnerabilities should be scanned for. You can perform a complete scan, a custom scan (based on saved search lists) or select vulnerabilities to scan at run time. You may also choose to include basic host information checks and OVAL checks in the scan, and exclude specific vulnerabilities from the scan. See Vulnerability Detection for information. (Initial Setting: Complete)
When you enable and properly configure authentication, the scanning engine can log in to each target host at the time of the scan and obtain system information that would otherwise not be available, enabling the service to perform more in-depth vulnerability analysis. You may enable authentication for one or more of the following types: Windows, Unix/Cisco IOS, Oracle, Oracle Listener, and SNMP. Credentials specified in authentication records for the selected type(s) will be used to perform trusted scanning on target hosts. See About Trusted Scanning for more information. (Initial Setting: Disabled)
Note: The option Windows Share Enumeration is only available if the Dissolvable Agent is accepted for the subscription. A Manager can accept the Dissolvable Agent from the Dissolvable Agent Setup page (Setup > Dissolvable Agent).
When you select Windows Share Enumeration, the scanning engine checks Windows shares that are readable by Everyone and returns the number of files for each share on each host. For a vulnerability scan this security test is performed using QID 90635. Please be sure these configurations are enabled: 1) QID 90635 is included in the Vulnerability Detection section, and 2) a Windows authentication record is defined. See Windows Share Enumeration. (Initial Setting: Disabled)
Windows Share Enumeration requires Windows authentication. If you select Windows Share Enumeration, the service automatically selects the Windows authentication option in the Authentication section of the current option profile.