Scanner (Network Address Vulnerability Monitoring and Scanning System)

2024: Getting Started, Finding 26,000 Critical Vulnerabilities

Roskomnadzor discovered more than 26 thousand critical vulnerabilities in the Russian segment of the Internet using the Security Scanner system, which has been operating in test mode since 2024. This was announced on October 24, 2024 by the director of the Center for Monitoring and Management of the Public Communications Network (CMU SSOP) of Roskomnadzor Sergey Khutortsev.

According to Interfax, the system automatically scans Runet for potential security threats, generates recommendations for their elimination and sends notifications to information system owners, telecom operators and hosting providers. During the operation of the Security Scanner, more than 300 organizations received alerts about possible vulnerabilities.

𝓲

Unsplash

The development of the system is carried out with the participation of the Federal Security Service and the Federal Service for Technical and Export Control. When vulnerabilities are detected and there is no reaction from resource owners, it is possible to temporarily or permanently block through technical means to counter threats.

The system is aimed at cleaning the Russian segment of the Internet from infected devices and malicious software. Special attention is paid to identifying administration errors, unprotected databases and vulnerable ports. The technology allows you to quickly detect security problems, ahead of foreign counterparts in the speed of response.

The need to create a "Security Scanner" was confirmed by the results of an initial analysis conducted in June 2023. The study showed that out of 40 million Russian IP addresses, 11 million are potentially vulnerable according to the databases of the Federal Service for Technical and Export Control and CVE MITRE. At the same time, 5 thousand services had confirmed vulnerabilities.^[1]

2023: Product Announcement

At the end of October 2023, Sergey Khutortsev, director of the Center for Monitoring and Management of the Public Communications Network (CMU SSOP), subordinate to Roskomnadzor, spoke about the development of a system for monitoring and searching for vulnerabilities in the Scanner network addresses.

Roskomnadzor on the basis of CMU SSOP creates a domestic trusted scanning system that will identify the vulnerabilities of Russian information resources, providing an opportunity to quickly eliminate them. In order to protect Russian systems, it is simultaneously planned to take measures to limit scanning by foreign services of the Russian segment of the Internet, the RKN said in a statement.

ILV creates a "Scanner"

The department noted that information security vulnerabilities are often present in Russian information systems, including sites, database systems, mail servers. Their operation leads to compromise of systems and leaks of personal data.

As specified in Roskomnadzor, by the end of October 2023, the Scanner system is in the process of being created. By this time, CMU SSOP conducted the first scan of 100 critical vulnerabilities as part of the exercise.

Scanning the Runet should help identify open ports and services on IP addresses, as well as identify potential vulnerabilities in services, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications. In addition, according to him, reports will be formed describing the identified vulnerabilities, and resource owners will be informed about them. Also, Roskomnadzor and its subordinate structures will be able to control the elimination of identified vulnerabilities and more actively counteract the threat of scanning Russian resources from foreign countries.

Nemkin also cited data, according to which by the end of October 2023 there are 45 million IP addresses in Russia, of which 11.5 million are potentially vulnerable.^[2]

Notes