1 / 257

System Scanner 4.2

System Scanner 4.2. Course Objectives. By the end of this course you will be able to: Install and Configure System Scanner 4.2 Install X-Press Updates Run Sessions Map Policies Generate ISS provided reports Create a baseline Register exceptions Generate alerts Monitor security issues

alfreda-dawson
Télécharger la présentation

System Scanner 4.2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System Scanner 4.2 System Scanner 4.2

  2. Course Objectives By the end of this course you will be able to: • Install and Configure System Scanner 4.2 • Install X-Press Updates • Run Sessions • Map Policies • Generate ISS provided reports • Create a baseline • Register exceptions • Generate alerts • Monitor security issues • Schedule regular checks • Use the policy editor • Use Group Manager • Use System Scanner Vista System Scanner 4.2

  3. Course Outline – Day 1 Module 1 - Introduction to System Scanner Module 2 - Installing System Scanner Module 3 - Using System Scanner – The Basics Module 4 - System Scanner Architecture Module 5 – Checks, Check Groups, Policies & Sessions Module 6 - Sessions Module 7 - System Scanner Reporting Module 8 – The ISS Methodology and Issued Policies Module 9 – Policy Editor Module 11 – Configuring Alerts Module 12 – Managing the Environment Module 13 – Group Manager Module 14 – System Scanner Vista Module 15 – Installation Issues Module 16 – Course Summary Exam System Scanner 4.2

  4. Module 1 Introduction to System Scanner System Scanner 4.2

  5. Module Objectives When you complete this module you will be able to: • Identify System Scanner’s design philosophy • Identify the need for using System Scanner • Identify ISS Security Levels • Identify System Scanner’s relationship with other ISS products • State the purpose of System Scanner • List the main features and functionality of System Scanner • Describe the architecture of System Scanner System Scanner 4.2

  6. Evolution of System Scanner 4 ISS System Scanner for UNIX (S3) System Scanner 4 Security Manager A superset based on March Information Systems Security Manager Technology. ISS System Scanner for NT (S2) System Scanner 4.2

  7. Design Philosophy • Protect enterprise assets (data and systems) • Ensure security policy compliance • Create secure system configurations • Provide comprehensive reporting, fixing and alerting • Allow flexible run-time options • Based on an easily extensible security knowledge base System Scanner 4.2

  8. IT Security policy IT Security Policy BS 7799 Standards and procedures Implementationguidelines System specific guidelines Other UNIX Windows NT ‘http://www.c-cure.org/’ and ‘http://www2.dti.gov.uk/cii/security.html’ System Scanner 4.2

  9. Enterprise Security Requirements High Security Expensive security, only applied on critical systems More Security Medium Security Moderate costs applied to a medium sized group of important assets Less Security Inexpensive security, broadly based Less Security Security Foundation Security is impossible without a solid understanding of network, assets, and transaction flow System Scanner 4.2

  10. Enterprise Systems Resistance to Accidental or Malicious Service Unavailability More Security Enterprise database servers, e-Business servers, ERP systems Resistance to Internal Attack Internal servers, routers Resistance to Remote Attack All systems, including desktop computers Less Security Discovery, Identification, Classification Entire network System Scanner 4.2

  11. Consequences of Attack E-Business Servers ERP Systems Internet/DMZ Systems Business continuity at risk, strategic systems unavailable resulting in serious productivity loss, loss of reputation More Security Internal Servers Network Routers Loss of availability translates into temporary lowering of productivity Desktop Computers Subversion, malice, or misuse could threaten other computing assets Less Security Discovery, Identification, Classification Security is impossible without a solid understanding of network, assets, and transaction flow System Scanner 4.2

  12. The Structured Approach to Security • Structured approach allows you to focus effort • Levels define and implement most important tasks • First levels define scope of efforts: • What is on the network? • What is it doing? • Internet Scanner classifies systems allowing appropriate subsequent security levels to be established System Scanner 4.2

  13. Defining The ISS Security Levels Business Application Servers DMZ Systems Internal Servers Desktop Computers Routers Level 6–8 Maximum Level 4-5 Medium Level 3 Minimum Level 2 Classify Level 1 Identify System Scanner 4.2

  14. Security Level Benefits Level Definition Benefit Rational planning of a security program can begin. Inventory all systems. 1. Classify systems by what services they offer. Security program focuses efforts on most important systems. 2. Test risk of compromise from simple attacks from unsophisticated attackers, or detect existing compromised systems. Very low cost method to use existing controls to substantially reduce the number of potential attackers, or to detect on-going misuse. 3. Test susceptibility to external system compromise from automated attack tools. Ensure integrity of routers, preserving network availability. Ensure availability and integrity of servers against all but the most sophisticated attackers. 4. Test resistance to password cracking and susceptibility to external compromise from very knowledgeable attackers. Make unauthorized external access toimportant systems extremely difficult, by using available controls to the maximum capability. 5. Test resistance to local users gaining enhanced or system administrator privilege. Restricted information remains confidential. 6. Ensure integrity of Operating System and customer's specific OS configuration. Minimize or avoid loss of availability to critical business services. 7. Minimize or avoid loss of availability to critical business services. Ensure integrity of Business Applications and customer's specific application configuration. 8. System Scanner 4.2

  15. Using the ISS Security Levels • Level 1 & 2 results provide useful information • Accurate network inventory • Accurate inventory of application servers • Level 3 risks are “reasonable” for most people • Problems identified here will be rapidly and inexpensively fixable • Problems not typically open to argument • Since fewer systems are tested at higher levels effort is focused on most important systems • As levels are implemented, broad agreement can be reached as to whether systems value justify further levels • Many systems drop out after level 4having reached the “right” level of security • Higher value systems receive greater attention System Scanner 4.2

  16. ISS Security Products 1 2 3 4 5 6 7 8 Low Security High Security System Scanner 4.2

  17. The Security Gap Security policy / desired security level Actual security level Security gap Security gap Security ‘level’ Actual security level Time System Scanner 4.2

  18. Closing the Security Gap Close the gap Operations (Monitor, Respond) Security policy / desired security level Security gap Baselinethe system Security ‘level’ Monitor Respond Monitor Respond Creation of compliant systems Time System Scanner 4.2

  19. Managing Security Close the Gap Baseline Monitor no Detect? Operations Update Baseline yes Respond System Scanner 4.2

  20. Who are System Scanner Customers? Information Security Managers • Security practitioners responsible for IT security within the enterprise. IT Security Auditors • IT security professionals and auditors responsible for verifying compliance with enterprise security policy. Who already have: • Current security policy signed off at the highest level. • Clear responsibilities defined for IT Security are in place . • Assessment and Solution design in place. • Budget and resources available. • Has other security controls in place. System Scanner 4.2

  21. System Scanner Functionality - Overview • Detects and reports variations to security policy and potential security vulnerabilities • Monitors systems for security vulnerabilities and compliance to policy • Alerts on policy variations and maintains a watch on system integrity • Underpinned by the ISS security knowledge base which is kept up to date on new threats and vulnerabilities by ISS X-Force research • Enterprise security management for UNIX and Windows NT System Scanner 4.2

  22. System Scanner Features • Host based policy compliance and security vulnerability checking • Flexible and adaptable to meet enterprise requirements Checks are rules based • Single point of control for both Unix and Windows NT systems • File and registry integrity checks • Scheduled and automated checking • Comprehensive reporting • Exception alerting - SNMP, Email, other process • Standard structured policies System Scanner 4.2

  23. Functionality in System Scanner 4 • New User Interface • Additional Checks - superset of S2, S3, SM • ODBC database for results • New Reports and report formats • Crystal Reports, HTML, ASCII Text, Interactive • Digital signing of all Checks and Policies • X-Press updates • Flex-Checks - User defined checks System Scanner 4.2

  24. New in System Scanner 4.2 • Automated report generations of scheduled sessions • Automated e-mailing of reports from scheduled and interactive sessions • Revised user interface • Optional web browser interface (System Scanner Vista) • Use the optional Group Manager to create any number of groups of agents, and switch a console between agent groups • Administration reports System Scanner 4.2

  25. System Scanner - Architecture Win 2000 NT Server UNIX Results Knowledge base Console Windows NT Reports Manager ODBC results Agents System Scanner 4.2

  26. Module Review In this module, you covered the following information: • System Scanner’s design philosophy • The need for using System Scanner • ISS Security Levels • System Scanner’s relationship with other ISS products. • The purpose of System Scanner • The main features and functionality of System Scanner • The architecture of System Scanner System Scanner 4.2

  27. Module 2 Installing System Scanner System Scanner 4.2

  28. Module Objectives When you complete this module you will be able to: • Identify system requirements for Windows NT Console • Identify network requirements • State the use of license keys • Determine the use of name resolution • Install a console on Windows NT • Install an agent on Windows NT • Install X-Press Updates • Install a V4 agent on Unix • Add an agent to the console • Identify classes • Perform basic troubleshooting System Scanner 4.2

  29. Windows NT Console Requirements • Pentium 300 MHz (300 MHz or faster recommended) • 128MB RAM (128MB RAM or greater recommended) • Windows NT4 Workstation or Server (Service Pack 6a) • or Windows 2000 - Professional or Server Edition (Service Pack 1) • Windows NTFS file system • 100MB free disk space • Typically 2GB for vulnerability results/reports • Minimum 1024 by 768 graphics resolution • Internet Explorer 5 or later or equivalent for HTML reports • MDAC 2.6 (NOT supported on Windows NT 4.0 Terminal Server) • TCP/IP installed with bi-directional name resolution between agent and console hostnames System Scanner 4.2

  30. NT Agent Requirements • Windows NT4 Workstation, Server or Server Enterprise (Service Pack 4 or 5 or 6a) • Windows NTFS file system • 64MB RAM • 35MB free disk space • Typically 50MB for scan results • TCP/IP installed with bi-directional name resolution between agent and console hostnames System Scanner 4.2

  31. Windows 2000 Agent Requirements • Professional and Server Edition • Windows NTFS file system • 64MB RAM • 35MB free disk space • Typically 50MB for scan results • TCP/IP installed with bi-directional name resolution between agent and console hostnames System Scanner 4.2

  32. Unix Agent Requirements • 32MB RAM/SWAP • 35MB free disk space • Typically 50MB for scan results • TCP/IP installed with bi-directional name resolution between agent and console hostnames System Scanner 4.2

  33. Effective Communication - Ports 0 9 9 9 3.x Agents “WINSOCK” 9991 “ S S L 9991 ” CONSOLE 4.x Agents 9 9 9 2 System Scanner 4.2

  34. License Keys Number of Agents allowed Address range console will be installed on System Scanner 4.2

  35. Copy License Key System Scanner 4.2

  36. Select Installation Type System Scanner 4.2

  37. Initialize the Console System Scanner 4.2

  38. Passphrase System Scanner 4.2

  39. Local Agent Detected System Scanner 4.2

  40. System Scanner 4.2 System Scanner 4.2

  41. X-Press Updates System Scanner 4.2

  42. X-Press Updates for System Scanner 4.2 System Scanner 4.2

  43. Unix Installation #1 In here... Type... Host name <agent_name> Port Leave default: Telnet Term Type Leave default: vt100 • From the Windows Start menu, select Programs, Accessories, Telnet, Telnet.exe. • The Telnet window is displayed. Open the Connect Drop-Down menu, and select Remove System. • The connect dialog box is displayed. In the Host name field, type in the name of the agent being added, and click Connect. System Scanner 4.2

  44. Unix Installation #2 • Log in to the computer as root • Install the ISS SAFE suite CD or download the install_sysscan.sh file from the ISS web site into a directory of your choice • Change the directory For installation via download, change to the directory into which you will download the install file For installation from the CD, change the directory to: <directory>/SystemScanner/Retail/SS40/Agents/<os+version> System Scanner 4.2

  45. Unix Installation #3 • At the command prompt, type sh./install_sysscan.sh. • Page through and read the licence agreement. Enter y at the prompt to confirm your acceptance of the licence agreement, and press Return. • Accept the default directory location (/opt). Press Return. • When the subdirectory has been created, the Auto Configuration instructions are displayed. Accept the default. System Scanner 4.2

  46. Configuration If you select... The program... 1 (fully-interactive) Prompts you to locate or confirm the location of each executable or system file used by theagent. 2 (semi-interactive)Prompts you for only those executable or Defaultsystem files the program cannot locate independently. 3 (autonomous) Does not prompt you to locate executable or system files it cannot locate independently. The program produces an error report if it is unable to locateall files used by the agent. 4 (not at all) Does not attempt to locate executable or system files. No error report is created; it is assumed that allfiles are located in the default locations. 1. Select one of the following: 2. Press Return System Scanner 4.2

  47. Configuration #2 3. The program prompts you to specify any additional directories you want to use. Accept the default, and press Return 4. System Scanner Agent Install auto configuration begins 5. On a default configured machine, accept they are missing. Type Y and press Return. 6. The program prompts you for the names of the console. 7. Type <agent_name> and press Return. 8. The program prompts you for the names of the back up console, and audit console. You can configure these later. For now, press Return twice. System Scanner 4.2

  48. Configuration #3 9. When prompted, enter the port number on which this server should respond to System Scanner console requests. As you accepted the defaults earlier, simply type 9992 and press Return 10. When prompted, enter the port number on which this server should listen for System Scanner console requests. As you accepted the defaults earlier, simply type 9991 and press Return 11. You are then asked whether you would like to create a baseline file. Type N and press Return 12. The installation is now complete. You are asked whether you would like to start the agent daemon immediately 13. Type Y and press Return System Scanner 4.2

  49. Architectural Classes System Scanner 4.2

  50. Examples of Classes Non-Architectural Classes Architectural Classes System Scanner 4.2

More Related