About the Full Scan Plus Policy

Full Scan Plus executes the OpenVAS NVTs, as well as the tools of the existing Full Scan policy. As a result, vulnerability detection is enhanced where unauthenticated scans are required and time permits to run those additional tests.

You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your Juniper Customer Support.

Note:

Note: You must install the Full Scan Plus policy RPM to use this scan policy.

The Full Scan Plus policy uses a daily updated feed of about 50,000 individual Network Vulnerability Tests (NVT) provided by the OpenVAS open source project.

By default, the policy discovers network assets by using a FAST scan port range. An authenticated scan is run when credentials are provided.

A full scan has the following phases:

Scan type	Description
Discovery scan	Discovers network assets, and then scans ports to identify key asset characteristics, such as operating system, device type, and services. Vulnerabilities are not scanned.
Uncredentialed scan	Checks services that do not require credentials, for example, reading banners and responses for version information, SSL certificate expiry, testing default accounts, and testing responses for vulnerabilities. Note: The most powerful feature of the Full Scan Plus scan is its comprehensive uncredentialed scan, which runs more tests that the Full Scan, which are provided by the open source community. This scan is more detailed than the Full Scan but it takes longer and uses more resources. Run this scan during quiet periods in your network, ideally overnight or at weekends.
Credentialed scan	JSA Vulnerability Manager logs on to the asset and gathers information about the installed application inventory and required configuration, and raises or suppresses vulnerabilities

Scan type

Description

Discovery scan

Discovers network assets, and then scans ports to identify key asset characteristics, such as operating system, device type, and services. Vulnerabilities are not scanned.

Uncredentialed scan

Checks services that do not require credentials, for example, reading banners and responses for version information, SSL certificate expiry, testing default accounts, and testing responses for vulnerabilities.

Note:

The most powerful feature of the Full Scan Plus scan is its comprehensive uncredentialed scan, which runs more tests that the Full Scan, which are provided by the open source community. This scan is more detailed than the Full Scan but it takes longer and uses more resources.

Run this scan during quiet periods in your network, ideally overnight or at weekends.

Credentialed scan

JSA Vulnerability Manager logs on to the asset and gathers information about the installed application inventory and required configuration, and raises or suppresses vulnerabilities