Tools

Preparing for the vulnerability scan job

Tools

The Tools menu provides vulnerability scanning as well as viewing the files that are on your FortiAnalyzer unit. These tools help administrators either when issues appear or when trying to determine if there are any vulnerabilities on targeted hosts.

The Vulnerability Scan feature scans for open TCP and/or UDP ports on your designated target hosts. If you provide Vulnerability Scan with administrative login credentials for the target hosts, Vulnerability Scan will also log in to audit installed software for vulnerabilities such as missing patches, incorrect permissions, local exploits, and buffer overflows. When the vulnerability scan job is complete, the FortiAnalyzer unit generates a report that describes the discovered security issues and their known solutions.

Vulnerability Scan includes remote vulnerability scan (RVS) modules suitable for scanning many types of hosts, including those running Microsoft Windows or Unix variants such as Linux and Apple Mac OS X, as well as a variety of applications and services/daemons. For more information about software and vulnerability checks supported by the scan modules, see “Viewing vulnerability scan modules” on page 161.

File Explorer provides information about what files are on your FortiAnalyzer unit. Accessing these files helps administrators when trying to solve an issue with support’s help. File Explorer does not appear for ADOM users.

This section includes the following topics:

Preparing for the vulnerability scan job

Viewing vulnerability scan modules

Configuring vulnerability scan jobs

Viewing vulnerability scan reports

File Explorer

Note: Vulnerability Scan is available on the FortiAnalyzer-100A and B units.

Preparing for the vulnerability scan job

For best results, before running a vulnerability scan job, you will want to plan for the type of scans that you want to perform. You may also need to configure each target host and any intermediate NAT or security devices to allow the vulnerability scan to properly reach the target hosts.

For a full scan, using all vulnerability scan modules specified in the vulnerability scan job, you must configure the vulnerability scan job with administrator or root login credentials to the target host; without administrator or root login credentials, the vulnerability scan may be limited to a port scan, or may be unable to accurately complete certain probes, as modules are limited by the privileges of the account that you configure in the vulnerability scan job. For example, users

FortiAnalyzer Version 3.0 MR7 Administration Guide

 

05-30007-0082-20080908

157

Page 167
Image 167
Fortinet 3.0 MR7 manual Tools, Preparing for the vulnerability scan job, 157