Manuals
/
Brands
/
Computer Equipment
/
Network Router
/
IBM Partner Pavilion
/
Computer Equipment
/
Network Router
IBM Partner Pavilion
2.3 manual
1
1
187
187
Download
187 pages, 799.13 Kb
IBM Proventia Network Enterpri
se Scanner
User Gu
ide
V
ersio
n 2.3
Contents
Main
Page
Trademarks and Disclaimer
Page
Contents
Trademarks and Disclaimer ......iii About this book...........vii
Part 1. Scanning from the Proventia Manager ..............1
Chapter 1. Ad hoc scanning in the Proventia Manager ..........3
Chapter 2. Interpreting scan results in the Proventia Manager ........21
Part 3. Maintenance........139
Part 4. Appendixes ........163
About this book
Related publications
Publications
viii
License agreement
Technical support contacts
Page
Page
Chapter 1. Ad hoc scanning in the Proventia Manager
Section A: Network configuration
Section B: Policy configuration
Section A: Network configuration
Configuring the management network interface
4
Configuring the scanning network interface
Configuring scanning interface DNS settings
6
Assigning perspective to a scanning interface
Configuring routes for perspective
Section B: Policy configuration
Defining assets for a discovery scan
8
Displaying assessment checks by groups
Displaying information about assessment checks
10
Selecting assessment checks with filters
Configuring common assessment settings for an Assessment policy
12
9. Configure options for using OS information in the Use of OS Information section:
14
12. Configure the options for locking out accounts in the Account Lockout Control section:
Page
Defining assessment credentials for a policy
16
Important: To avoid locking an account, do not add the account more than once.
Defining the service names associated with TCP and UDP ports
18
Defining ports or assets to exclude from a scan
Configuring and saving a scan policy in the Proventia Manager
20
Chapter 2. Interpreting scan results in the Proventia Manager
Running an ad hoc scan
22
Monitoring the status of a scan
Viewing the results of an ad hoc scan
Exporting scan results from Proventia Manager
24
Purging scan data from the database
Page
Part 2. Scanning from the SiteProtector Console
Chapters
Page
Chapter 3. Enterprise Scanner policies
Policy inheritance with Enterprise Scanner policies
General inheritance behavior
30
Inheritance with Enterprise Scanner policies
Inheritance indicators
Deploying an Enterprise Scanner policy from the policy repository
Migrating a locally managed Enterprise Scanner agent into SiteProtector
32
Viewing asset or agent policies for Enterprise Scanner
Getting vulnerability help for a SiteProtector Console without Internet access
34
Agent policies for Enterprise Scanner
Agent policy descriptions for Enterprise Scanner
Contents of an agent policy
Policy inheritance with agent policies
Network Locations policy
What is perspective?
36
Default perspective
When to use additional perspectives
Assigning perspective to a scanning interface
Configuring routes for perspective
Notification policy
Event notification settings for Enterprise Scanner
38
Configuring advanced parameters for event notification
Access policy
Networking policy
Configuring the management network interface
40
Configuring the scanning network interface
Configuring scanning interface DNS settings
42
Services policy
Time policy
44
Update Settings policy
Asset policies for Enterprise Scanner
Asset policy descriptions for Enterprise Scanner
Scope of scanning
Contents of an asset policy
Discovery policy
Policy contents
46
Defining assets to discover
Before you begin
Assessment policy
Displaying information about assessment checks
48
Displaying assessment checks by groups
Selecting assessment checks with filters
50
Configuring common assessment settings
8. Configure options for using OS information in the Use of OS Information section:
52
11. Configure the options for locking out accounts in the Account Lockout Control section:
54
Assessment Credentials policy
Defining assessment credentials for a policy
Important: To avoid locking an account, do not add the account more than once.
56
Scan Control policy
What is perspective?
Defining scanning cycles and assigning perspectives to scans
58
Scan Window policy
Important consideration for multiple agents
Defining when scanning is allowed
60
Scan Exclusion policy
Defining ports or assets to exclude from a scan
Network Services policy
Default settings
62
Policy inheritance
Service definition
Configuring a Network Services policy
Ad Hoc Scan Control policy
Configuration options
64
Running an ad hoc discovery scan with Enterprise Scanner
Running an ad hoc assessment scan with Enterprise Scanner
66
Chapter 4. Understanding scanning processes in SiteProtector
What is perspective?
Perspective identifies network location
68
Default perspective
Technical requirements
Defining perspectives
Perspectives in policies
70
Scan jobs and related terms
Definitions
Assets with unassigned criticality
Scheduled and running scans
The importance of tasks and subtasks
Types of tasks
Common management tasks
Base management tasks
Tasks per type of scan
Priorities for running tasks
Criticality and assessment tasks
Task prioritization
Stages of a scanning process
74
Dynamic prioritization
The process for a scanning cycle
The following table describes the general process for a scanning cycle:
Optimizing cycle duration, scan windows, and subtasks for Enterprise
Size of scan windows
76
Calibration considerations
Discovery cycle duration
Achieving the right balance
Page
Chapter 5. Background scanning in SiteProtector
Determining when background scans run
Scanning refresh cycle
80
Important points about refresh cycles
Scanning windows
How policies apply to ad hoc and background scans
Asset policies and ad hoc scans
Changing assessment and discovery policies
Scan Control policy
Scan window and refresh cycle examples
82
Background scanning checklists for Enterprise Scanner
Checklist for background discovery scanning
Checklist for background assessment scanning
Enabling background scanning
84
Defining when scanning is allowed
86
Defining ports or assets to exclude from a scan
Defining network services
88
Defining assessment credentials for a policy
Important: To avoid inadvertently locking an account, do not add the account more than once.
90
Page
Viewing your scan jobs
Viewing discovery job results
92
Viewing assessment job results
Page
Chapter 7. Managing scans in SiteProtector
Stopping and restarting scan jobs
Impact of stopping scan jobs
96
Impact of restarting scan jobs
Suspending and enabling all background scans
Minimum scanning requirements
98
Registration and authentication
Steps to initiate a scan
The following table provides a brief reminder of the steps needed to initiate a scan:
Scanning behaviors for ad hoc scans
Inheritance
Priority
Troubleshooting scanning behaviors for ad hoc scans
Expected scanning behaviors for background scans
100
Page
102
Chapter 8. Interpreting scan results in SiteProtector
OS identification (OSID) certainty
What determines certainty?
104
Sources of OSID
Certainty of OSID sources
How OSID is updated in Enterprise Scanner
Conditions for reassessing OSID
Exception
Rules for updating OSID
About user-supplied OSIDs
Setting up a Summary view for vulnerability management
Summary page for vulnerability management
106
Vulnerability management options
Page
Viewing vulnerabilities in the SiteProtector Console using Enterprise
About vulnerability assessment
108
Creating custom views
Viewing vulnerabilities by asset in Enterprise Scanner
Page
110
Viewing vulnerabilities by detail in Enterprise Scanner
112
Viewing vulnerabilities by object in Enterprise Scanner
Viewing vulnerabilities by target operating system in Enterprise Scanner
Use this view to identify weaknesses that affect specific operating systems.
114
You can analyze specific operating systems that are more affectedby vulnerabilities.
Viewing vulnerabilities by vulnerability name in Enterprise
116
Running reports in the SiteProtector Console
Types of assessment reports
Report descriptions
118
Viewing an Enterprise Scanner report in the SiteProtector Console
Page
Chapter 9. Logs and alerts
Log files and alert notification
Two types of log files
122
Two types of information
Log size
System logs
Use the System Event Log page in the Proventia Manager to examine entries in the system logs.
System log descriptions
The following table describes the system logs for Enterprise Scanner:
Getting log status information
Enterprise Scanner (ES) logs
124
Log descriptions
Changing logging detail
Downloading Enterprise Scanner (ES) log files
126
Alerts log
Risk level icons
Event information icons
Downloading and saving an Alerts log
128
Clearing the Alerts log
Finding specific events in the Alerts log
130
Page
Page
Page
Ticketing and Enterprise Scanner
Tickets
134
Vulnerability auto ticketing
Custom categories
Remediation process overview for Enterprise Scanner
Scanning recommendations
Remediation tasks for Enterprise Scanner
Task overview
136
Page
138
Page
Page
Chapter 11. Performing routine maintenance
Shutting down your Enterprise Scanner
142
Removing an agent from SiteProtector
Options for backing up Enterprise Scanner
Types of backups
144
If you restore a system before you make backups
Date of last system backup
Backing up configuration settings
Making full system backups
146
Chapter 12. Updating Enterprise Scanner
XPU basics
148
Types of updates
The following table describes the contents of firmware and assessment content updates:
Update locations
Updating options
Update options
Installation options with scheduled updates
Rollbacks and backups
Configuring explicit-trust authentication with an XPU server
150
Configuring an Alternate Update location
5. Click Save Changes.
152
Configuring an HTTP Proxy
Configuring notification options for XPUs
Scheduling a one-time firmware update
Configuring automatic updates
154
Page
Manually installing updates
156
Page
Proventia Manager Home page
158
System status
The system status group box describes the current status of the system:
Network interface status
Updates status
The update status group box provides the latest update information of the appliance:
Protection status
The protection status area provides the current operational status of the modules for the appliance:
Viewing agent status in the SiteProtector Console
Viewing agent status
160
Viewing the status of the CAM modules
Troubleshooting the Enterprise Scanner sensor
162
Page
Page
Appendix. Safety, environmental, and electronic emissions notices
DANGER notices
CAUTION notices
166
Product handling information
Product safety labels
World trade safety information
168
Laser safety information
Laser compliance
Product recycling and disposal
Battery return program
170
Page
Electronic emissions notices
172
Page
174
Page
Page
Index A
B
C
D
E
F
G
178
H
I
T
U
V
W
X