Data Recovery Digest

Vulnerability scanning isn’t exactly new. It’s a viable way to identify and diagnose network or system issues that aren’t readily available. Techniques like this have been used for years in areas like computer security and digital forensics, and it’s the effectiveness of modern vulnerability scanning is only improving with time.

But it’s safe to say that nobody expected an entire country – and certainly not one like the United Kingdom – to begin scanning all internet-connected devices that are currently hosted within their borders. However, that’s exactly what’s happening thanks to a new initiative that is spearheaded by the UK’s National Cyber Security Centre, or NCSC.

Although it’s similar to another launched in Norway in 2021, comprehensive vulnerability scanning on this level is unprecedented.

Vulnerability Scanning on a Grand Scale

The NCSC isn’t trying to be secretive about their actions. In fact, it’s highly publicized. According to the NCSC, the initiative has three primary goals:

• Gain a better understanding of the state of UK’s cybersecurity as a whole
• Inform users about security postures, methodologies, and tools
• Make it easier to respond to any attacks on the country’s cyber-infrastructure as quickly and efficiently as possible

As mentioned, the NCSC’s scans cover any internet-connected system that is hosted in the UK. They’ve noted that their scanning tools are highly standardized and freely available, so users can see for themselves what kind of data they might be able to access. Moreover, the NCSC has stated that all of their connections are made via one of two IP addresses:

• 18.171.7.248
• 35.177.10.21

Representatives with the NCSC also stated that they’ll begin by implementing smaller, simpler scans at the beginning of the program. Over the course of time, they’ll steadily increase the complexity of the scans – while keeping the general public informed with every step. All of their activities are also completed on a standard schedule for maximum transparency.

Moreover, the NCSC’s probes will use the various internet-connected devices to connect various bits of information. In the case of web servers, for example, their probes will collect and store the entire HTTP response, including headers, that corresponds with a valid HTTP request. Other services will have different datasets collected.

A recent statement, issued by the NCSC, said in part: "We design our requests to collect the smallest amount of technical information required to validate the presence/version and/or vulnerability of a piece of software. We also design requests to limit the amount of personal data within the response. In the unlikely event that we do discover information that is personal or otherwise sensitive, we take steps to remove the data and prevent it from being captured again in the future."

Opting Out of the NCSC’s Vulnerability Scanning

But individual organizations aren’t exactly forced to participate in the NCSC’s vulnerability scanning. In fact, they make it easy for server owners and administrators to opt out of the initiative. For those who don’t want to participate, simply email {{mailto:scanning@nscsc.gov.uk|scanning@nscsc.gov.uk}} with a full list of the IP addresses you want to exclude from the initiative.