December 6, 2022
The UK National Cyber Security Centre (NCSC) has started scanning anything connected to the internet in the UK in search of vulnerabilities to help system owners fix their security posture.Scanning for vulnerabilities is standard for companies, and smart routers even carry dedicated security solutions to perform the same task for consumers. Discovering vulnerabilities ahead of…

The UK National Cyber Security Centre (NCSC) has started scanning anything connected to the internet in the UK in search of vulnerabilities to help system owners fix their security posture.

Scanning for vulnerabilities is standard for companies, and smart routers even carry dedicated security solutions to perform the same task for consumers. Discovering vulnerabilities ahead of time lets system owners patch systems, replace hardware or take other actions before they pose a security risk.

The NCSC’s approach is proactive, as they have already begun scanning all internet-facing devices and hardware, which could cover targets ranging from home routers to internet-exposed corporate infrastructure.

“These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact,” said the agency. “The NCSC uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure, and track their remediation over time.”

“To identify whether a vulnerability exists on a system, we first need to identify the existence of specific associated protocols or services,” the NCSC added. “We do this by interacting with the system in much the same way a web browser or other network client typically would and then analysing the response that is received.”

They basically create custom queries that let them asses if a device, server or anything else is vulnerable to known exploits. Depending on the answer, the agency can determine whether the hardware is patched or not.

To ensure the process is transparent, NCSC explained that the scans use standard and freely available network tools running within a dedicated cloud-hosted environment. All scans come from only two IP addresses:

· 18.171.7.246
· 35.177.10.231

This detail is essential because web admins might notice network scans, and some security solutions will likely even notify users of unwanted scans. The agency says it’s not keeping the information collected and only doing this to have an accurate map of the vulnerabilities across the UK internet. Of course, asking the agency to opt out of the program is also possible if you don’t want to be scanned.

Source