IBM Partner Pavilion 2.3 F, G, H, I, L, M, N, O, P, R, S

Enterprise Scanner report

viewing in SiteProtector Console 119

Enterprise Scanner reports

running in SiteProtector 117

Enterprise Scanner scan module 161

Enterprise Scanner scheduler

module 162

ES logs 122, 124

changing detail 124

ESM blade log 124

ETH0 40

ETH1 40

event notification 38

configuring 38

Event Notification tab 153

explicit-trust 150, 152

F

filename_eventdata.csv 128

filename_eventinfo.csv 128

filename_eventresp.csv 128

fingerprinting 12

fingerprinting (SiteProtector) 51

firmware update 148

install 154

one-time firmware update 154

schedule 154

Full Backup tab 146

full system backups 146

G

get log file 126

getFullLogs 126

getLogs 126

Global perspective (SiteProtector) 68

H

Half-Scan Connections 65

Home page 158

HTML reports

generate from LMI 24

HTTP proxy 153

configuring 153

I

IBM Internet Security Systems

technical support viii

Website viii

IBM ISS Download Center 148, 151

IBM license agreement viii

Interface Log 124

IP range 8, 47, 64

iss-esm process 161

iss-esm.log 124

iss-esmScheduler process 162

iss-esmScheduler-stdout.log 123

iss-esmScheduler.log 124

iss-esmSchedWatch.log 123

iss-esmWatch.log 123

L

LMI Scan Control page 22

Locally Managed Agents node 32

Log File Management page 126

log status 124

Log Status page 124

logs 122

M

Management Interface tab 4, 40

management task 72

manually download 156

manually install 156

migrating local agents 32

N

NAT rules 4, 40

Network Interface Configuration page 4,

5, 6

network interface status 158

network interfaces 40

changing settings 40

network location 36

Network Locations page 7

Network Locations policy 35, 36, 37, 45

Network Locations tab 36

network services 18, 63

Network Services policy 62, 63

Network Services policy

(SiteProtector) 88

network time protocol (NTP) 44

Networking policy 35, 40, 41, 42

Notification policy 35, 38

NTP (Network Time Protocol) 44

O

one-time update 149

operational status 158

OS fingerprinting 8, 12

OS fingerprinting (SiteProtector) 47, 51

OS identification 12, 46, 104, 105

certainty 104

exceptions 105

reassessing 105

rules 105

sources of 104

user-supplied 105

OS identification (SiteProtector) 51

OSID 104, 105

See OS identification

P

packet capturing 65

password guessing checks 12

password guessing checks

(SiteProtector) 51

passwords 39

changing 39

Pause scan icon 23

perspective 5, 41, 57

assigning 7, 37

perspective (continued)

configuring routes for 7, 37

default 36

defining 36

defining routes 36

Network Locations tab 7, 37

selecting for a scan 22

perspective (SiteProtector) 68

adding for an agent 69

in policies 69

network locations 69

user-defined 85

perspectives, assigning 58

policy inheritance 99

Policy Management page 8, 10, 12, 16,

18, 20

port ranges 12

port ranges (SiteProtector) 51

portlets 106

preface vii

protection status 158

Proventia Manager Home page 158

Proxy Server page 153

purging scan data 25

R

remediation 135

remediation tasks 136

Remedy 134

Report view 119

restore 144

Resume scan icon 23

rollbacks 149

root password 39

Routes tab 7, 37

routing 7, 37

routing mode 40

running Enterprise Scanner reports 117

S

safety notices 165

scan

excluding assets from 19, 61, 87

excluding hosts from 19, 61, 87

excluding ports from 19, 61, 87

range of IPs 8

viewing results 24

without full permissions 36

scan (SiteProtector)

allowed 86

initiating 98

range of IPs 47

Scan Control policy 45, 57, 58

Scan Control policy (SiteProtector) 84

scan cycle duration 76

Scan Exclusion policy 19, 45, 61

Scan Exclusion policy (SiteProtector) 87

Scan Interface tab 5, 41

scan job 72

canceling 96

finding 92

pausing 96

rerunning 96

restarting 96

178 Enterprise Scanner: User Guide

Contents

Main Page Trademarks and Disclaimer Page Contents Trademarks and Disclaimer ......iii About this book...........vii Part 1. Scanning from the Proventia Manager ..............1 Chapter 1. Ad hoc scanning in the Proventia Manager ..........3 Chapter 2. Interpreting scan results in the Proventia Manager ........21 Part 3. Maintenance........139 Part 4. Appendixes ........163 About this book Related publications Publications viii License agreement Technical support contacts Page Page Chapter 1. Ad hoc scanning in the Proventia Manager Section A: Network configuration Section B: Policy configuration Section A: Network configuration Configuring the management network interface 4 Configuring the scanning network interface Configuring scanning interface DNS settings 6 Assigning perspective to a scanning interface Configuring routes for perspective Section B: Policy configuration Defining assets for a discovery scan 8 Displaying assessment checks by groups Displaying information about assessment checks 10 Selecting assessment checks with filters Configuring common assessment settings for an Assessment policy 12 9. Configure options for using OS information in the Use of OS Information section: 14 12. Configure the options for locking out accounts in the Account Lockout Control section: Page Defining assessment credentials for a policy 16 Important: To avoid locking an account, do not add the account more than once. Defining the service names associated with TCP and UDP ports 18 Defining ports or assets to exclude from a scan Configuring and saving a scan policy in the Proventia Manager 20 Chapter 2. Interpreting scan results in the Proventia Manager Running an ad hoc scan 22 Monitoring the status of a scan Viewing the results of an ad hoc scan Exporting scan results from Proventia Manager 24 Purging scan data from the database Page Part 2. Scanning from the SiteProtector Console Chapters Page Chapter 3. Enterprise Scanner policies Policy inheritance with Enterprise Scanner policies General inheritance behavior 30 Inheritance with Enterprise Scanner policies Inheritance indicators Deploying an Enterprise Scanner policy from the policy repository Migrating a locally managed Enterprise Scanner agent into SiteProtector 32 Viewing asset or agent policies for Enterprise Scanner Getting vulnerability help for a SiteProtector Console without Internet access 34 Agent policies for Enterprise Scanner Agent policy descriptions for Enterprise Scanner Contents of an agent policy Policy inheritance with agent policies Network Locations policy What is perspective? 36 Default perspective When to use additional perspectives Assigning perspective to a scanning interface Configuring routes for perspective Notification policy Event notification settings for Enterprise Scanner 38 Configuring advanced parameters for event notification Access policy Networking policy Configuring the management network interface 40 Configuring the scanning network interface Configuring scanning interface DNS settings 42 Services policy Time policy 44 Update Settings policy Asset policies for Enterprise Scanner Asset policy descriptions for Enterprise Scanner Scope of scanning Contents of an asset policy Discovery policy Policy contents 46 Defining assets to discover Before you begin Assessment policy Displaying information about assessment checks 48 Displaying assessment checks by groups Selecting assessment checks with filters 50 Configuring common assessment settings 8. Configure options for using OS information in the Use of OS Information section: 52 11. Configure the options for locking out accounts in the Account Lockout Control section: 54 Assessment Credentials policy Defining assessment credentials for a policy Important: To avoid locking an account, do not add the account more than once. 56 Scan Control policy What is perspective? Defining scanning cycles and assigning perspectives to scans 58 Scan Window policy Important consideration for multiple agents Defining when scanning is allowed 60 Scan Exclusion policy Defining ports or assets to exclude from a scan Network Services policy Default settings 62 Policy inheritance Service definition Configuring a Network Services policy Ad Hoc Scan Control policy Configuration options 64 Running an ad hoc discovery scan with Enterprise Scanner Running an ad hoc assessment scan with Enterprise Scanner 66 Chapter 4. Understanding scanning processes in SiteProtector What is perspective? Perspective identifies network location 68 Default perspective Technical requirements Defining perspectives Perspectives in policies 70 Scan jobs and related terms Definitions Assets with unassigned criticality Scheduled and running scans The importance of tasks and subtasks Types of tasks Common management tasks Base management tasks Tasks per type of scan Priorities for running tasks Criticality and assessment tasks Task prioritization Stages of a scanning process 74 Dynamic prioritization The process for a scanning cycle The following table describes the general process for a scanning cycle: Optimizing cycle duration, scan windows, and subtasks for Enterprise Size of scan windows 76 Calibration considerations Discovery cycle duration Achieving the right balance Page Chapter 5. Background scanning in SiteProtector Determining when background scans run Scanning refresh cycle 80 Important points about refresh cycles Scanning windows How policies apply to ad hoc and background scans Asset policies and ad hoc scans Changing assessment and discovery policies Scan Control policy Scan window and refresh cycle examples 82 Background scanning checklists for Enterprise Scanner Checklist for background discovery scanning Checklist for background assessment scanning Enabling background scanning 84 Defining when scanning is allowed 86 Defining ports or assets to exclude from a scan Defining network services 88 Defining assessment credentials for a policy Important: To avoid inadvertently locking an account, do not add the account more than once. 90 Page Viewing your scan jobs Viewing discovery job results 92 Viewing assessment job results Page Chapter 7. Managing scans in SiteProtector Stopping and restarting scan jobs Impact of stopping scan jobs 96 Impact of restarting scan jobs Suspending and enabling all background scans Minimum scanning requirements 98 Registration and authentication Steps to initiate a scan The following table provides a brief reminder of the steps needed to initiate a scan: Scanning behaviors for ad hoc scans Inheritance Priority Troubleshooting scanning behaviors for ad hoc scans Expected scanning behaviors for background scans 100 Page 102 Chapter 8. Interpreting scan results in SiteProtector OS identification (OSID) certainty What determines certainty? 104 Sources of OSID Certainty of OSID sources How OSID is updated in Enterprise Scanner Conditions for reassessing OSID Exception Rules for updating OSID About user-supplied OSIDs Setting up a Summary view for vulnerability management Summary page for vulnerability management 106 Vulnerability management options Page Viewing vulnerabilities in the SiteProtector Console using Enterprise About vulnerability assessment 108 Creating custom views Viewing vulnerabilities by asset in Enterprise Scanner Page 110 Viewing vulnerabilities by detail in Enterprise Scanner 112 Viewing vulnerabilities by object in Enterprise Scanner Viewing vulnerabilities by target operating system in Enterprise Scanner Use this view to identify weaknesses that affect specific operating systems. 114 You can analyze specific operating systems that are more affectedby vulnerabilities. Viewing vulnerabilities by vulnerability name in Enterprise 116 Running reports in the SiteProtector Console Types of assessment reports Report descriptions 118 Viewing an Enterprise Scanner report in the SiteProtector Console Page Chapter 9. Logs and alerts Log files and alert notification Two types of log files 122 Two types of information Log size System logs Use the System Event Log page in the Proventia Manager to examine entries in the system logs. System log descriptions The following table describes the system logs for Enterprise Scanner: Getting log status information Enterprise Scanner (ES) logs 124 Log descriptions Changing logging detail Downloading Enterprise Scanner (ES) log files 126 Alerts log Risk level icons Event information icons Downloading and saving an Alerts log 128 Clearing the Alerts log Finding specific events in the Alerts log 130 Page Page Page Ticketing and Enterprise Scanner Tickets 134 Vulnerability auto ticketing Custom categories Remediation process overview for Enterprise Scanner Scanning recommendations Remediation tasks for Enterprise Scanner Task overview 136 Page 138 Page Page Chapter 11. Performing routine maintenance Shutting down your Enterprise Scanner 142 Removing an agent from SiteProtector Options for backing up Enterprise Scanner Types of backups 144 If you restore a system before you make backups Date of last system backup Backing up configuration settings Making full system backups 146 Chapter 12. Updating Enterprise Scanner XPU basics 148 Types of updates The following table describes the contents of firmware and assessment content updates: Update locations Updating options Update options Installation options with scheduled updates Rollbacks and backups Configuring explicit-trust authentication with an XPU server 150 Configuring an Alternate Update location 5. Click Save Changes. 152 Configuring an HTTP Proxy Configuring notification options for XPUs Scheduling a one-time firmware update Configuring automatic updates 154 Page Manually installing updates 156 Page Proventia Manager Home page 158 System status The system status group box describes the current status of the system: Network interface status Updates status The update status group box provides the latest update information of the appliance: Protection status The protection status area provides the current operational status of the modules for the appliance: Viewing agent status in the SiteProtector Console Viewing agent status 160 Viewing the status of the CAM modules Troubleshooting the Enterprise Scanner sensor 162 Page Page Appendix. Safety, environmental, and electronic emissions notices DANGER notices CAUTION notices 166 Product handling information Product safety labels World trade safety information 168 Laser safety information Laser compliance Product recycling and disposal Battery return program 170 Page Electronic emissions notices 172 Page 174 Page Page Index A B C D E F G 178 H I T U V W X