Presentation is loading. Please wait.

Presentation is loading. Please wait.

Foundstone Scanner User Training.

Similar presentations

Presentation on theme: "Foundstone Scanner User Training."— Presentation transcript:

1 Foundstone Scanner User Training

2 Observation There are few (if any) funny cartoons about network vulnerability scanning

3 Observation There are few (if any) funny cartoons about network vulnerability scanning … so make fun of Powerpoint

4 Why scan? Know what the Bad Guys (as well as students and other interested parties) see when they look at your machines Identify machines you are responsible for that managed to avoid your best attempts to patch them Interesting Factoid: A recent campus scan identified over 50 machines that were vulnerable to Conficker because of a missing patch Address audit points from our last audit

5 Scanner Info Foundstone FS-1000 appliance Accessed via web browser
Licensed for 2500 addresses Currently has over 500 addresses from the border exemption database No interior firewall addresses at this point

6 The Plan Allow colleges/departments to scan their own machines, reduces dependency on ITSO and better utilizes the FS-1000 Individuals identified from each of the major constituent groups (colleges, auxiliaries, departments) ITSO will provide FS-1000 credentials to designated users

7 Using the FS-1000 scanner Use Internet Explorer to connect to: FS does not support Firefox. Sorry, *nix folks. Don’t know about Safari. May need to allow pop-ups and javascript from the FS-1000. Portions of the FS-1000 written in java run on the client.

8 Let’s get started Organization: sdsu
Credentials as assigned

9 Security 101: Change your password! (1)
Menu Bar: Manage >> Users/Groups

10 Security 101: Change your password! (2)
Select Run if you get a Java version alert about earlier version required Drill down in the tree to your workgroup and user object Open your user object Set a new password (letters, digits, special characters) DO NOT CHECK LOCKED!

11 Create a new scan (1) Menu Bar: Scans >> New Scan
Start with a template, select “Use a Foundstone template”

12 Create a new scan (2) Choose the SDSU General Purpose template
Covers most systems on campus, non-intrusive

13 Create a new scan (3) IP Selection box uses java, choose Run if you get the Earlier Version alert Name your scan Add IP addresses from your assigned address pool Next>> or Settings

14 Create a new scan (4) May not need to change anything
Can select or deselect entire platform Intrusive is not selected, know what you’re doing before using it Next>> or Reports

15 Create a new scan (5) Other Settings
Hosts: Ports that FS uses to determine whether a host exists Services: Ports that FS uses when searching for known services Credentials: Used for Shell scans and most Windows scans Web Module: Can look for various web security issues Optimize: Modify engine settings Web Modules Source Sifting Analyzes Web pages for database connection strings, hidden form fields, and other potential security problems. Smart GuessWork Exposes sensitive files, archives, and directories as well as default web server configurations. SQL Security Analysis Identifies SQL query validation failures. Source Code Disclosure Detects when Web application source code can be anonymously revealed. Web Auth Analysis Discovers weak usernames and passwords (easily guessed or default user accounts). (Basic, NTLM, or Digest)

16 Create a new scan (6) Remediation Tickets are not implemented, uncheck
Use Internal Scan unless you know that only border-exposed ports will be scanned Recommend: PDF (downloadable), HTML (downloadable and viewable online) Next>> or Scheduler

17 Create a new scan (7) Choose One Time or Recurring
Active must be checked in order to run the scan. Inactive scans will be saved, but can’t be run. OK finishes the Scan creation process. Will see “The Scan was successfully saved.” on the Dashboard

18 Deep Cleansing Breath We have a scan, now what?

19 Tech Support Tip

20 Start or Edit an existing scan
Menu Bar: Scans >> Edit Scans Important Safety Tip: Delete removes all associated reports and vulnerability data Click Activate to start a saved scan

21 Edit a scan Editing is nearly the same as creating a new scan.
Can’t change the name of a scan.

22 Monitoring scan progress (1)
Menu Bar: Scans >> Scan Status

23 Monitoring scan progress (2)
Status does not auto-refresh, use the Refresh button Often seems to hang at 50% - be patient

24 Let’s see the results (1)
Menu Bar: Reports >> View Reports

25 Let’s see the results (2)
Shows the report engine progress 75% always seems to take a looooong time, not just WPS (Watched Pot Syndrome)

26 Let’s see the results (3)
Whoops, where’d the report go???

27 Let’s see the results (4)
View Report only available if HTML was selected on the Reports tab of the Scan definition Clicking the download links will download a zip archive. Explode it and drill down to the top level (report.pdf or report.html) Click “Scan Reports” and it shows up View Report (HTML only) and Download icons for selected formats (downloads can be slow)

28 The Report (1) New IE window New IE window
Make it readable by Tools >> Text Size >> Medium New IE window

29 The Report (2) In IE, View >> Text Size >> Medium

30 The Report (3) Access the various sections of the report via the Report Pages menu

31 </powerpoint> <humor class=‘random geek bad’>
<demo class=‘foundstone live’ />

Download ppt "Foundstone Scanner User Training."

Similar presentations

Ads by Google