3 Introduction ISS Security Scanner The Internet Security Scanner was designed to help administrators explore and log network security vulnerabilities associated with TCP/IP host services. Internet Scanner started off in 1992 as a tiny Open Source scanner by Christopher Klaus. Shareware.
4 Introduction Retina Retina is a commercial vulnerability assessment scanner by eEye, and is considered to be one of the fastest scanner’s on the market today.
5 Why conduct penetration testing? If there is a single vulnerability that allows an intruder into a regular system, the entire machine becomes compromised. This is true for most networks for mainly two reasons. 1.Sniffing 2.Trust authentication
7 Internet Scanner Controller The Internet Scanner Controller (ISC), is responsible for directing the sub-processes that perform various scanning duties. These sub-processes, also known as MicroEngines –Built-in Engine –Plug-in Engine –Discovery Engine –FlexCheck Engine
8 Built-in Engine The Built-in checks esources that are embedded in the exploits, resulting in dependency relationships between some exploits.
9 Plug-in Engine Plug-ins are independent modules that perform vulnerability checks against a target host
10 Discovery Engine The Discovery Module is responsible for gathering identification information from hosts. –Fingerprinter –ICMP pinger –TCP pinger –TCP port scanner –UDP port scanner –DNS lookup utility –NetBIOS utilities –Operating System Identification (OSID) –Windows Service Pack
11 Flex Check Engine The Flex Check engine loads and executes external programs that attempt to identify specific vulnerabilities on a host. –Exploit Manager –Resource Manager –Encryption –TCP/IP Stack Fingerprinting
12 Benefits of ISS Minimize business risk Low cost of ownership Proactive protection Scalable Ease of use
15 Retina Despite its powerful capabilities, Retina was designed to be the easiest scanner to operate. Retina also features a number of automatic features that facilitate such functions as scheduling, repairing common system problems and updating the application.
16 Features of Retina Non-Intrusive Scanning –Retina can scan the network without overloading its resources and without causing systems to crash Frequent Updates for New Vulnerabilities –Retina's Auto-Update function provides easy Internet access for downloading the latest vulnerability checks
17 Features of Retina Rogue Wireless Access Detection – Retina automatically detects the presence of unauthorized access points on networks of any size Ability to Uncover Unknown Vulnerabilities –Retina can actually detect previously unknown or hidden vulnerabilities. High-Speed Scanning Ability –Retina is able to scan an entire Class C network in about 15 minutes.
18 Features of Retina Remote Repair Capabilities –Auto-Fix function allows one to automatically correct common system security issues such as registry settings, file permissions and more. Comprehensive and Up-to-Date Vulnerabilities Database –Advanced knowledge of security issues due to discoveries made by its own team of security experts.
19 Features of Retina Advanced and Customized Reporting Capabilities –Retina automatically customizes the content of its network audit reports to reflect the severity of the vulnerabilities discovered and the level of security risk involved. Custom Audit Wizard –Audit Wizard simplifies the process of building custom checks Advanced Scheduling Capabilities –Retina's scheduler function allows one to set the scanner to run on a regular basis to periodically check for vulnerabilities
20 Features of Retina Remote Scanning Capabilities –Retina scans can be securely initiated from any location. (Remote Manager) Open Architecture –Custom changes to the Retina interface –Retina’s Policies Wizard that walks one through the creation of a custom scan
22 Pricing Information Retina pricing is based on the number of IP addresses that require scanning and the number of users (licenses) that will be conducting the scanning. Standard Retina licenses may only be used to scan systems within the organization for which the license was originally purchased. Retina Traveling licenses are available for consultants that require the ability to perform scans for more than one organization