Manuals / Brands / Computer Equipment / Network Router / IBM Partner Pavilion / Computer Equipment / Network Router

IBM Partner Pavilion 2.3 Optimizing cycle duration, scan windows, and subtasks for Enterprise

1 187

Download 187 pages, 799.13 Kb

Optimizing cycle duration, scan windows, and subtasks for Enterprise

Scanner

Background scanning jobs persist throughout a scan cycle, but are active only

during open scan windows.

The efficiency of background scanning relies on carefully calibrating the following

items:

vQuantity of IP addresses and assets to scan

vThe duration of the scan cycle

vThe size of subtasks and the size of the smallest scan window

Size of scan windows

You define scan windows for each day in multiples of hours. The shortest possible

scan window is one hour; the longest is 24 hours.

Calibration considerations

If a subtask does not finish during a scanning window, one of the following events

occur:

vIf another scan window is available during the same scan cycle, the subtask

starts from the beginning and runs again in its entirety.The second subtask

scans every asset in the subtask, including any that the previous subtask already

scanned.

Important: Subtasks that carry over to another scan window during the same

scan cycle always start from the beginning, repeating any scanning that occurred

in that subtask before the scan window closed.

vIf no more scan windows are available during the scan cycle, the unscanned

assets in the subtask, and any unscanned assets in the rest of the job, remain

unscanned.

Important: New scan cycles always start from the beginning of the command

job even if any tasks or subtasks from the previous scan cycle did not finish.

Discovery cycle duration

The duration of your discovery scan cycle will depend on how frequently you add

or change the assets on your network.

vIf your network changes frequently, you should scan morefrequently.

vIf your network is fairly stable, you can scan less frequently.

Assessment cycle duration

The duration of your assessment scan cycle will depend on how important it is for

you to scan every asset during every scan cycle. Consider the following issues:

vIf you define a scan cycle for a group that contains critical assets only, it is

probably important to your network security that you scan each asset during the

cycle.

vIf you define a scan cycle for a group that contains assets with different levels of

criticality, you might be less concerned if the scan cycle does not scan all the

assets with lower criticality.

76 Enterprise Scanner: User Guide

Contents

Main Page Trademarks and Disclaimer Page Contents Trademarks and Disclaimer ......iii About this book...........vii Part 1. Scanning from the Proventia Manager ..............1 Chapter 1. Ad hoc scanning in the Proventia Manager ..........3 Chapter 2. Interpreting scan results in the Proventia Manager ........21 Part 3. Maintenance........139 Part 4. Appendixes ........163 About this book Related publications Publications viii License agreement Technical support contacts Page Page Chapter 1. Ad hoc scanning in the Proventia Manager Section A: Network configuration Section B: Policy configuration Section A: Network configuration Configuring the management network interface 4 Configuring the scanning network interface Configuring scanning interface DNS settings 6 Assigning perspective to a scanning interface Configuring routes for perspective Section B: Policy configuration Defining assets for a discovery scan 8 Displaying assessment checks by groups Displaying information about assessment checks 10 Selecting assessment checks with filters Configuring common assessment settings for an Assessment policy 12 9. Configure options for using OS information in the Use of OS Information section: 14 12. Configure the options for locking out accounts in the Account Lockout Control section: Page Defining assessment credentials for a policy 16 Important: To avoid locking an account, do not add the account more than once. Defining the service names associated with TCP and UDP ports 18 Defining ports or assets to exclude from a scan Configuring and saving a scan policy in the Proventia Manager 20 Chapter 2. Interpreting scan results in the Proventia Manager Running an ad hoc scan 22 Monitoring the status of a scan Viewing the results of an ad hoc scan Exporting scan results from Proventia Manager 24 Purging scan data from the database Page Part 2. Scanning from the SiteProtector Console Chapters Page Chapter 3. Enterprise Scanner policies Policy inheritance with Enterprise Scanner policies General inheritance behavior 30 Inheritance with Enterprise Scanner policies Inheritance indicators Deploying an Enterprise Scanner policy from the policy repository Migrating a locally managed Enterprise Scanner agent into SiteProtector 32 Viewing asset or agent policies for Enterprise Scanner Getting vulnerability help for a SiteProtector Console without Internet access 34 Agent policies for Enterprise Scanner Agent policy descriptions for Enterprise Scanner Contents of an agent policy Policy inheritance with agent policies Network Locations policy What is perspective? 36 Default perspective When to use additional perspectives Assigning perspective to a scanning interface Configuring routes for perspective Notification policy Event notification settings for Enterprise Scanner 38 Configuring advanced parameters for event notification Access policy Networking policy Configuring the management network interface 40 Configuring the scanning network interface Configuring scanning interface DNS settings 42 Services policy Time policy 44 Update Settings policy Asset policies for Enterprise Scanner Asset policy descriptions for Enterprise Scanner Scope of scanning Contents of an asset policy Discovery policy Policy contents 46 Defining assets to discover Before you begin Assessment policy Displaying information about assessment checks 48 Displaying assessment checks by groups Selecting assessment checks with filters 50 Configuring common assessment settings 8. Configure options for using OS information in the Use of OS Information section: 52 11. Configure the options for locking out accounts in the Account Lockout Control section: 54 Assessment Credentials policy Defining assessment credentials for a policy Important: To avoid locking an account, do not add the account more than once. 56 Scan Control policy What is perspective? Defining scanning cycles and assigning perspectives to scans 58 Scan Window policy Important consideration for multiple agents Defining when scanning is allowed 60 Scan Exclusion policy Defining ports or assets to exclude from a scan Network Services policy Default settings 62 Policy inheritance Service definition Configuring a Network Services policy Ad Hoc Scan Control policy Configuration options 64 Running an ad hoc discovery scan with Enterprise Scanner Running an ad hoc assessment scan with Enterprise Scanner 66 Chapter 4. Understanding scanning processes in SiteProtector What is perspective? Perspective identifies network location 68 Default perspective Technical requirements Defining perspectives Perspectives in policies 70 Scan jobs and related terms Definitions Assets with unassigned criticality Scheduled and running scans The importance of tasks and subtasks Types of tasks Common management tasks Base management tasks Tasks per type of scan Priorities for running tasks Criticality and assessment tasks Task prioritization Stages of a scanning process 74 Dynamic prioritization The process for a scanning cycle The following table describes the general process for a scanning cycle: Optimizing cycle duration, scan windows, and subtasks for Enterprise Size of scan windows 76 Calibration considerations Discovery cycle duration Achieving the right balance Page Chapter 5. Background scanning in SiteProtector Determining when background scans run Scanning refresh cycle 80 Important points about refresh cycles Scanning windows How policies apply to ad hoc and background scans Asset policies and ad hoc scans Changing assessment and discovery policies Scan Control policy Scan window and refresh cycle examples 82 Background scanning checklists for Enterprise Scanner Checklist for background discovery scanning Checklist for background assessment scanning Enabling background scanning 84 Defining when scanning is allowed 86 Defining ports or assets to exclude from a scan Defining network services 88 Defining assessment credentials for a policy Important: To avoid inadvertently locking an account, do not add the account more than once. 90 Page Viewing your scan jobs Viewing discovery job results 92 Viewing assessment job results Page Chapter 7. Managing scans in SiteProtector Stopping and restarting scan jobs Impact of stopping scan jobs 96 Impact of restarting scan jobs Suspending and enabling all background scans Minimum scanning requirements 98 Registration and authentication Steps to initiate a scan The following table provides a brief reminder of the steps needed to initiate a scan: Scanning behaviors for ad hoc scans Inheritance Priority Troubleshooting scanning behaviors for ad hoc scans Expected scanning behaviors for background scans 100 Page 102 Chapter 8. Interpreting scan results in SiteProtector OS identification (OSID) certainty What determines certainty? 104 Sources of OSID Certainty of OSID sources How OSID is updated in Enterprise Scanner Conditions for reassessing OSID Exception Rules for updating OSID About user-supplied OSIDs Setting up a Summary view for vulnerability management Summary page for vulnerability management 106 Vulnerability management options Page Viewing vulnerabilities in the SiteProtector Console using Enterprise About vulnerability assessment 108 Creating custom views Viewing vulnerabilities by asset in Enterprise Scanner Page 110 Viewing vulnerabilities by detail in Enterprise Scanner 112 Viewing vulnerabilities by object in Enterprise Scanner Viewing vulnerabilities by target operating system in Enterprise Scanner Use this view to identify weaknesses that affect specific operating systems. 114 You can analyze specific operating systems that are more affectedby vulnerabilities. Viewing vulnerabilities by vulnerability name in Enterprise 116 Running reports in the SiteProtector Console Types of assessment reports Report descriptions 118 Viewing an Enterprise Scanner report in the SiteProtector Console Page Chapter 9. Logs and alerts Log files and alert notification Two types of log files 122 Two types of information Log size System logs Use the System Event Log page in the Proventia Manager to examine entries in the system logs. System log descriptions The following table describes the system logs for Enterprise Scanner: Getting log status information Enterprise Scanner (ES) logs 124 Log descriptions Changing logging detail Downloading Enterprise Scanner (ES) log files 126 Alerts log Risk level icons Event information icons Downloading and saving an Alerts log 128 Clearing the Alerts log Finding specific events in the Alerts log 130 Page Page Page Ticketing and Enterprise Scanner Tickets 134 Vulnerability auto ticketing Custom categories Remediation process overview for Enterprise Scanner Scanning recommendations Remediation tasks for Enterprise Scanner Task overview 136 Page 138 Page Page Chapter 11. Performing routine maintenance Shutting down your Enterprise Scanner 142 Removing an agent from SiteProtector Options for backing up Enterprise Scanner Types of backups 144 If you restore a system before you make backups Date of last system backup Backing up configuration settings Making full system backups 146 Chapter 12. Updating Enterprise Scanner XPU basics 148 Types of updates The following table describes the contents of firmware and assessment content updates: Update locations Updating options Update options Installation options with scheduled updates Rollbacks and backups Configuring explicit-trust authentication with an XPU server 150 Configuring an Alternate Update location 5. Click Save Changes. 152 Configuring an HTTP Proxy Configuring notification options for XPUs Scheduling a one-time firmware update Configuring automatic updates 154 Page Manually installing updates 156 Page Proventia Manager Home page 158 System status The system status group box describes the current status of the system: Network interface status Updates status The update status group box provides the latest update information of the appliance: Protection status The protection status area provides the current operational status of the modules for the appliance: Viewing agent status in the SiteProtector Console Viewing agent status 160 Viewing the status of the CAM modules Troubleshooting the Enterprise Scanner sensor 162 Page Page Appendix. Safety, environmental, and electronic emissions notices DANGER notices CAUTION notices 166 Product handling information Product safety labels World trade safety information 168 Laser safety information Laser compliance Product recycling and disposal Battery return program 170 Page Electronic emissions notices 172 Page 174 Page Page Index A B C D E F G 178 H I T U V W X