by David Schwalenberg
July 30, 2014
This report presents information on possible questionable web content hosted on the network, and can assist in finding malicious web sites installed on the network.
For a given web server, active web application scanning is no guarantee that all hosted web sites will be found. There may be no links between two web sites hosted on the same web server. Similarly, scanning a network for all ports to look for web servers that may have been installed as part of a botnet is difficult to do in real time. Because of this, it's very common for malicious web servers to be set up on university, home user, and any type of large networks.
This report presents all web servers passively detected on the network, as well as questionable content that the web servers might be hosting and trend lines for detected web sites that contain keywords not expected for the local network.
The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Monitoring. The report requirements are:
- SecurityCenter 4.8
- Nessus 5.2.7
- PVS 4.0.2
- This report requires “Full Text Search” to be enabled for each analyzed repository.
For the related SecurityCenter dashboard, see the Questionable Hosting dashboard.