Presentation is loading. Please wait.

Presentation is loading. Please wait.

Foundstone Scanner User Training. Observation There are few (if any) funny cartoons about network vulnerability scanning.

Similar presentations


Presentation on theme: "Foundstone Scanner User Training. Observation There are few (if any) funny cartoons about network vulnerability scanning."— Presentation transcript:

1 Foundstone Scanner User Training

2 Observation There are few (if any) funny cartoons about network vulnerability scanning

3 Observation There are few (if any) funny cartoons about network vulnerability scanning … so make fun of Powerpoint

4 Why scan? Know what the Bad Guys (as well as students and other interested parties) see when they look at your machines Identify machines you are responsible for that managed to avoid your best attempts to patch them Interesting Factoid: A recent campus scan identified over 50 machines that were vulnerable to Conficker because of a missing patch Address audit points from our last audit

5 Scanner Info Foundstone FS-1000 appliance Accessed via web browser Licensed for 2500 addresses Currently has over 500 addresses from the border exemption database No interior firewall addresses at this point

6 The Plan Allow colleges/departments to scan their own machines, reduces dependency on ITSO and better utilizes the FS-1000 Individuals identified from each of the major constituent groups (colleges, auxiliaries, departments) ITSO will provide FS-1000 credentials to designated users

7 Using the FS-1000 scanner Use Internet Explorer to connect to: https://eclipse.sdsu.edu https://eclipse.sdsu.edu FS does not support Firefox. Sorry, *nix folks. Don’t know about Safari. May need to allow pop-ups and javascript from the FS Portions of the FS-1000 written in java run on the client.

8 Let’s get started https://eclipse.sdsu.edu Organization: sdsu Credentials as assigned

9 Security 101: Change your password! (1) Menu Bar: Manage >> Users/Groups

10 Security 101: Change your password! (2) Select Run if you get a Java version alert about earlier version required Drill down in the tree to your workgroup and user object Open your user object Set a new password (letters, digits, special characters) DO NOT CHECK LOCKED!

11 Create a new scan (1) Menu Bar: Scans >> New Scan Start with a template, select “Use a Foundstone template”

12 Create a new scan (2) Choose the SDSU General Purpose template Covers most systems on campus, non-intrusive

13 Create a new scan (3) IP Selection box uses java, choose Run if you get the Earlier Version alert Name your scan Add IP addresses from your assigned address pool Next>> or Settings

14 Create a new scan (4) May not need to change anything Can select or deselect entire platform Intrusive is not selected, know what you’re doing before using it Next>> or Reports

15 Create a new scan (5) Other Settings Hosts: Ports that FS uses to determine whether a host exists Services: Ports that FS uses when searching for known services Credentials: Used for Shell scans and most Windows scans Web Module: Can look for various web security issues Optimize: Modify engine settings

16 Create a new scan (6) Remediation Tickets are not implemented, uncheck Use Internal Scan unless you know that only border- exposed ports will be scanned Recommend: PDF (downloadable), HTML (downloadable and viewable online) Next>> or Scheduler

17 Create a new scan (7) Choose One Time or Recurring Active must be checked in order to run the scan. Inactive scans will be saved, but can’t be run. OK finishes the Scan creation process.

18 Deep Cleansing Breath We have a scan, now what?

19 Tech Support Tip

20 Start or Edit an existing scan Menu Bar: Scans >> Edit Scans Important Safety Tip: Delete removes all associated reports and vulnerability data Click Activate to start a saved scan

21 Edit a scan Editing is nearly the same as creating a new scan. Can’t change the name of a scan.

22 Monitoring scan progress (1) Menu Bar: Scans >> Scan Status

23 Monitoring scan progress (2) Status does not auto-refresh, use the Refresh button Often seems to hang at 50% - be patient

24 Let’s see the results (1) Menu Bar: Reports >> View Reports

25 Let’s see the results (2) Shows the report engine progress 75% always seems to take a looooong time, not just WPS (Watched Pot Syndrome)

26 Let’s see the results (3) Whoops, where’d the report go???

27 Let’s see the results (4) Click “Scan Reports” and it shows up View Report (HTML only) and Download icons for selected formats (downloads can be slow)

28 The Report (1) New IE window

29 The Report (2) In IE, View >> Text Size >> Medium

30 The Report (3) Access the various sections of the report via the Report Pages menu

31


Download ppt "Foundstone Scanner User Training. Observation There are few (if any) funny cartoons about network vulnerability scanning."

Similar presentations


Ads by Google