Why is the Government Scanning Your Servers? | Probrand

Why is the Government Scanning Your Servers?

The Role of Cloud Computing in IT Services

The UK government might be scanning your computers - but don't worry. Rather than some nefarious scheme to hack its own citizens, it's a valiant attempt to keep the whole country safe from cyber attacks.

The National Cyber Security Centre, which is part of the GCHQ intelligence agency, has launched a new initiative: the NCSC internet scanning capability. It's an attempt to find out how vulnerable the UK is to cyber attack. It scans computers across the UK to see if they're susceptible to attack.

How the scan works

By embracing this level of diversity, IT support services can transform potential hurdles into sustainable competitive advantages, establishing themselves as indispensable partners in the global business ecosystem.

The Expanding Scope of IT Support

The scanning initiative works by communicating with internet-connected servers that it finds running in the UK. It sends tailored requests to those servers and stores the information that they send in response. That information can tell them valuable things about what the server is running, and the version of that software. That might help the NCSC to determine that your server hasn't been updated to protect it from a specific attack against that software.

The NCSC is unlikely to contact you directly and scold you for not having the latest version of Exchange, but this does help the government to understand the UK's security posture overall. The scanning service also complements some other services that the NCSC already runs under a broad banner known as Active Cyber Defence (ACD). This is a service that works with UK hosting companies to remove malware and phishing exploits that could infect computers in the UK.

The Centre also runs an early warning service that uses third-party threat intelligence feeds to identify UK computer systems that might be compromised. The NCSC can then warn those companies, enabling them to rectify the problem. Organisations must sign up to the service, providing their IP addresses and domain name information.

How to opt out

The thing that might worry some companies is that the NCSC is scanning computers without asking. As it points out, though, this information is already available to anyone who knows where to find your server online. In fact, check your logs and you're likely to find thousands of scans from other unknown parties every day. These scanners can be anything from hackers looking for equipment with specific vulnerabilities through to researchers assessing software usage.

You can tell which of these scans come from the NCSC because it tells you the two IP addresses that it always scans from. If you don't want it to scan, you can either block those addresses or just opt out by asking it not to scan you. Or if you want to limit the information you give out to all scanners, you can configure your server to return the bare minimum in response to requests.

Understanding the initiative's limits

This government scanning initiative isn't an intrusion so much as a country-wide health check. For other more aggressive approaches to national cybersecurity, look to the US, where a court permitted the FBI to patch vulnerable Exchange servers without asking. Not everyone was comfortable with this idea of unilaterally enforced protection. In the UK, the authorities are stopping at scans and are not crossing the system boundary to tinker with systems unasked.

What if you want people to patch your systems and ensure that you have the latest protection? For that, you'll need a trusted partner. This is one of the many services that Probrand offers. Talk to us today to learn how we scan customer systems 24/7, taking immediate action when we sense danger to ensure that your computers stay free of digital toxins.