PVS Trust Relationships

by Josef Weiss
March 11, 2014

This dashboard presents trust relationships between clients and servers that have been passively gathered via PVS plugins 3 and 15. These plugins collect data on internal client trusted client connections and internal server trusted connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual components. Viewing plugin output provides insight into devices that are establishing trusted connections to each other.

It is comprised of 4 components, that use plugin 3 (Internal client trusted connection) and 15 (Internal server trusted connection) to evaluate trust relationships.

  • Client matrix component which collects data on internal trusted client connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual component. The most common command and control ports are displayed.
  • Server matrix component, which collects data on internal trusted server connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual component. The most common command and control ports are displayed.
  • Malware matrix component, which collects data on internal client trusted client connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual component based on the TCP ports of common malware that are known to establish command and control sessions between hosts.
  • This trend component graphs data on internal client trusted client and server connections over a 90 day period.

The dashboard and its components are available in the SecurityCenter 4.7 Dashboard app feed, an app store of dashboards, reports, and assets. The dashboard requirements are:

  • SecurityCenter 4.7.1
  • Passive Vulnerability Scanner 4.0.0