icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons

PVS Trust Relationships

by Josef Weiss
March 11, 2014

This dashboard presents trust relationships between clients and servers that have been passively gathered via PVS plugins 3 and 15. These plugins collect data on internal client trusted client connections and internal server trusted connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual components. Viewing plugin output provides insight into devices that are establishing trusted connections to each other.

It is comprised of 4 components, that use plugin 3 (Internal client trusted connection) and 15 (Internal server trusted connection) to evaluate trust relationships.

  • Client matrix component which collects data on internal trusted client connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual component. The most common command and control ports are displayed.
  • Server matrix component, which collects data on internal trusted server connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual component. The most common command and control ports are displayed.
  • Malware matrix component, which collects data on internal client trusted client connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual component based on the TCP ports of common malware that are known to establish command and control sessions between hosts.
  • This trend component graphs data on internal client trusted client and server connections over a 90 day period.

The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments.

The dashboard requirements are:

  • SecurityCenter 4.7.1
  • Passive Vulnerability Scanner 4.0.0