Presentation on theme: "Foundstone Scanner User Training. Observation There are few (if any) funny cartoons about network vulnerability scanning."— Presentation transcript:
Foundstone Scanner User Training
Observation There are few (if any) funny cartoons about network vulnerability scanning
Observation There are few (if any) funny cartoons about network vulnerability scanning … so make fun of Powerpoint
Why scan? Know what the Bad Guys (as well as students and other interested parties) see when they look at your machines Identify machines you are responsible for that managed to avoid your best attempts to patch them Interesting Factoid: A recent campus scan identified over 50 machines that were vulnerable to Conficker because of a missing patch Address audit points from our last audit
Scanner Info Foundstone FS-1000 appliance Accessed via web browser Licensed for 2500 addresses Currently has over 500 addresses from the border exemption database No interior firewall addresses at this point
The Plan Allow colleges/departments to scan their own machines, reduces dependency on ITSO and better utilizes the FS-1000 Individuals identified from each of the major constituent groups (colleges, auxiliaries, departments) ITSO will provide FS-1000 credentials to designated users
Let’s get started https://eclipse.sdsu.edu Organization: sdsu Credentials as assigned
Security 101: Change your password! (1) Menu Bar: Manage >> Users/Groups
Security 101: Change your password! (2) Select Run if you get a Java version alert about earlier version required Drill down in the tree to your workgroup and user object Open your user object Set a new password (letters, digits, special characters) DO NOT CHECK LOCKED!
Create a new scan (1) Menu Bar: Scans >> New Scan Start with a template, select “Use a Foundstone template”
Create a new scan (2) Choose the SDSU General Purpose template Covers most systems on campus, non-intrusive
Create a new scan (3) IP Selection box uses java, choose Run if you get the Earlier Version alert Name your scan Add IP addresses from your assigned address pool Next>> or Settings
Create a new scan (4) May not need to change anything Can select or deselect entire platform Intrusive is not selected, know what you’re doing before using it Next>> or Reports
Create a new scan (5) Other Settings Hosts: Ports that FS uses to determine whether a host exists Services: Ports that FS uses when searching for known services Credentials: Used for Shell scans and most Windows scans Web Module: Can look for various web security issues Optimize: Modify engine settings
Create a new scan (6) Remediation Tickets are not implemented, uncheck Use Internal Scan unless you know that only border- exposed ports will be scanned Recommend: PDF (downloadable), HTML (downloadable and viewable online) Next>> or Scheduler
Create a new scan (7) Choose One Time or Recurring Active must be checked in order to run the scan. Inactive scans will be saved, but can’t be run. OK finishes the Scan creation process.
Deep Cleansing Breath We have a scan, now what?
Tech Support Tip
Start or Edit an existing scan Menu Bar: Scans >> Edit Scans Important Safety Tip: Delete removes all associated reports and vulnerability data Click Activate to start a saved scan
Edit a scan Editing is nearly the same as creating a new scan. Can’t change the name of a scan.
Monitoring scan progress (1) Menu Bar: Scans >> Scan Status
Monitoring scan progress (2) Status does not auto-refresh, use the Refresh button Often seems to hang at 50% - be patient
Let’s see the results (1) Menu Bar: Reports >> View Reports
Let’s see the results (2) Shows the report engine progress 75% always seems to take a looooong time, not just WPS (Watched Pot Syndrome)
Let’s see the results (3) Whoops, where’d the report go???
Let’s see the results (4) Click “Scan Reports” and it shows up View Report (HTML only) and Download icons for selected formats (downloads can be slow)
The Report (1) New IE window
The Report (2) In IE, View >> Text Size >> Medium
The Report (3) Access the various sections of the report via the Report Pages menu