External Vulnerability Scanning

External vulnerability scanning looks for holes in your network firewall(s), where malicious outsiders can break in and attack your network whereas an internal vulnerability scan operates inside your practice’s firewall(s) to identify real and potential vulnerabilities inside your practice network.Tier3MD_Facts_Keyboard

As part of HIPAA compliance program and HIPAA security assessments, Tier3MD will perform external vulnerability scanning on your network.  You will receive detailed reports showing security holes and warnings and informational items including CVSS scores as scanned from outside the target network. External vulnerabilities could allow a malicious attacker access to the internal network. By running the external vulnerability scan, you can identify and re-mediate vulnerabilities that will allow these hackers to gain access to your network.

External vulnerability scanning is a fairly simple process and will give you great insight as to how secure your external network is.  External vulnerability scanning can be run once a year, or twice a year.  They are easy to run and cost effective, so it may be a good idea to run them twice per year.


How does a scan work?

A scan, whether internal or external, doesn’t traverse every network file like an antivirus product. It must be configured to scan certain interfaces, like internal or external IP addresses (ports and services), for vulnerabilities.  A vulnerability scan is designed to be nonintrusive. It simply scans and provides a logged summary of alerts for you to act on. Unlike penetration testing, a vulnerability scan doesn’t exploit vulnerabilities in your network.

An external vulnerability scan looks for vulnerabilities at your network perimeter or website from the outside looking in, similar to having a home alarm system on the outside of your house. An internal vulnerability scan looks for network vulnerabilities locally (from the inside looking in), similar to having motion detectors inside your house.  If you would like more information on external vulnerability scanning, contact Tier3MD.