If you click View Report, the following screen appears.
The View Report will have the following columns.
- Time - shows the Date and Time of the performed Scan.
- Target - shows the IP address for which scan has been performed.
- Status - shows whether the scan has been completely performed or not. If completely performed then the Status is shown Finished. If not completely performed, then the status remains Failure.
To view the report, click on any one of the Date and Time listed under the Time column. The following screen with the summary appears.
Report in details
If you click GO TO REPORT LIST in the Audit Report Screen, the following Screen appears.
In the Report List the IP which has been scanned, would be shown at the top of list.
The Report list displays the sum of all vulnerabilities found during the scan, and that followed by detailed description of each of the vulnerabilities, which states the reason for not permitting to enter the server.
The Synopsis in the report tells the end user about the security hole. For example: if the protocol is encrypted, if debugging is enabled etc. Based on the synopsis a vulnerability description is given. The vulnerability description in the report, suggests the Solution, Risk Factor and CVE.
When there is a security warning / Vulnerability found, the report suggests you to take some action by giving a set of rules to be configured for the specific port/service vulnerability.
Risk Factor - Low | Medium | High
In the report list, the Risk Factor shows the severity of the vulnerability. Here, NVD provides severity rankings of "Low", "Medium", and "High" in addition to the numeric CVSS scores but these qualitative rankings are simply mapped from the numeric CVSS scores:
- Vulnerabilities are labeled "Low" severity if they have a CVSS base score of 0.0-3.9.
- Vulnerabilities are labeled "Medium" severity if they have a base CVSS score of 4.0-6.9.
- Vulnerabilities are labeled "High" severity if they have a CVSS base score of 7.0-10.0.
The CVE list provides an index of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
Examples of universal vulnerabilities include:
- phf (remote command execution as user "nobody")
- rpc.ttdbserverd (remote command execution as root)
- world-writeable password file (modification of system-critical data)
- default password (remote command execution or other access)
- denial of service problems that allow an attacker to cause a Blue Screen of Death
- smurf (denial of service by flooding a network)
Examples of exposures include:
- running services such as finger (useful for information gathering, though it works as advertised)
- inappropriate settings for Windows NT auditing policies (where "inappropriate" is enterprise-specific)
- running services that are common attack points (e.g., HTTP, FTP, or SMTP)
- use of applications or services that can be successfully attacked by brute force methods (e.g., use of trivially broken encryption, or a small key space)
Each CVE name includes the following:
- CVE identifier number (i.e., "CVE-1999-0067").
- Indication of "entry" or "candidate" status.
- Brief description of the security vulnerability or exposure.
- Any pertinent references (i.e., vulnerability reports and advisories or OVAL-ID).
Compare Reports function allows administrators to conduct before and after comparisons of the health of their servers. If you want to compare two reports then navigate to View Report and select any two reports you want compare and click Compare Reports.
The following screen would appear if you compare two reports.
The comparative Report gives all the information regarding the Date and Time you scanned the IP with number of hosts audited, security holes found, security warning etc., also with a Risk Factor Comparison Chart, which helps you to compare the risk level you had before with now.