Vulnerability Scan

Overview

If Asset Discovery has not been specifically performed  prior to scanning, then Security Manager Plus's vulnerability scanning will first begin with the discovery of the desired network resources. On completion of  asset discovery, Security Manager Plus detects the open ports and a scan is performed on the open ports for identifying which services or applications are listening in these ports.

On identifying the service, tests are run to identify the service specific vulnerabilities and missing patches. When a scan is complete, vulnerabilities are displayed in a color-coded list , like: HIGH , MEDIUM , LOW , that indicates the severity / risk of each potential problem. Clicking on individual vulnerabilities displays information on the name of the vulnerability, a detailed description, and suggested remediation methods.

Scan Preference

There are a various ways to perform scans using Security Manager Plus. You can exercise these options from the New Scan tab drop-down options :

• Scan Hosts
• Scan Network
• Scan Asset Group

These options run an on-demand scan. Apart from these you can also Schedule Scans for assets and asset groups.

Scan Hosts

To start a new scan from here :

• Supply host name or IP address. Multiple hosts can be separated by commas.
• Select the Scan Type from the list. You can scan for All vulnerabilities or any of the predefined Vulnerability groups.
• Custom vulnerability groups can also be created from Admin tab --> Manage --> Vulnerability Groups and associated from here.
• Supply credentials (Windows/Linux) to perform a detailed scan of the hosts
• Credentials can be user defined or predefined (from the Admin tab --> Credentials Library)
• Usernames must have administrator privileges & must be specified in the format: <domainname>\<username> if the hosts are in a Windows domain. If they are not, then specify: <systemname>\<username>
• If you wish to be notified via e-mail after scan completion, select Notify and provide your e-mail address. E-mails can be sent based on criteria as well.
• If a ticket has to be generated to your Trouble-ticketing system, select Generate Ticket and choose the criterion. The Trouble-ticket e-mail ID can be configured from Admin tab --> Configure section --> Trouble Ticket Settings link

Scan Network

• Enter IP ranges to scan, starting from the lowest IP to the highest IP (for example: 192.160.121.0 to 192.160.121.255).
• Select the Scan Type from the list. You can scan for All vulnerabilities or any of the predefined Vulnerability groups.
• Custom vulnerability groups can also be created from Admin tab --> Manage --> Vulnerability Groups and associated from here.
• Supply credentials (Windows/Linux) to perform a detailed scan of the hosts
• Credentials can be user defined or predefined (from the Credentials Library)
• Usernames must have administrator privileges & must be specified in the format: <domainname>\<username> if the hosts are in a Windows domain. If they are not, then specify: <systemname>\<username>
• If you wish to be notified via e-mail after scan completion, select Notify and provide your e-mail address. E-mails can be sent based on criteria as well.
• If a ticket has to be generated to your Trouble-ticketing system, select Generate Ticket and choose the criterion. The Trouble-ticket e-mail ID can be configured from Admin tab --> Configure section --> Trouble Ticket Settings link

Scan Asset Group

• Select the Asset group to be scanned from the list of asset groups. The list will be empty if asset groups have not been created.
• Select the Scan Type from the list. You can scan for All vulnerabilities or any of the predefined Vulnerability groups.
• Custom vulnerability groups can also be created from Admin tab --> Manage --> Vulnerability Groups and associated from here.
• Supply credentials (Windows/Linux) to perform a detailed scan of the hosts
• Credentials can be user defined or predefined (from the Credentials Library)
• Usernames must have administrator privileges & must be specified in the format: <domainname>\<username> if the hosts are in a Windows domain. If they are not, then specify: <systemname>\<username>
• If you wish to be notified via e-mail after scan completion, select Notify and provide your e-mail address. E-mails can be sent based on criteria as well.
• If a ticket has to be generated to your Trouble-ticketing system, select Generate Ticket and choose the criterion. The Trouble-ticket e-mail ID can be configured from Admin tab --> Configure section --> Trouble Ticket Settings link

Scan in Progress & viewing logs

When a scan is initiated, a 'Scan in Progress' message appears on screen. On clicking that message or by refreshing the view, you can see the Scan Status column against the asset or asset group name which displays a 'In Progress' message. Clicking on this will pop-up a window which will display the scan progress logs.

When a scan is successfully completed,  the Scan Status column gets updated to display this.

Stopping a scan

When a scan is in progress, it can be stopped from the [stop] link against the asset name. The Scan Status column for this asset gets updated with the 'Stopped' message.

Copyright © 2007, AdventNet Inc. All Rights Reserved.