Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Hercules 4.1 Vulnerability Assessment and Remediation Overview

i
Citadel™ Security Software Inc.
Hercules® Vulnerability Assessment
and Remediation Overview
Document Number: 205-01-0007
Hercules v4.1
Document Version: 1.0
May 2006
Acknowledgements
THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO
REPRESENTATIONS OR WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO,
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS,
TRADEMARKS OR OTHER RIGHTS. COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,
SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR
DOCUMENTATION.
The name and trademarks of copyright holders may NOT be used in advertising or publicity pertaining to the software without
specific, written prior permission. Title to copyright in this software and any associated documentation will at all times remain
with copyright holders.
AssetGuard, Citadel, and ConnectGuard are trademarks of Citadel Security Software Inc. Hercules and Hercules FlashBox are
registered trademarks of Citadel Security Software Inc. Hercules software is copyrighted by Citadel Security Software Inc. This
software and/or methods using this software and/or portions or combinations thereof are covered by U.S. Patent No. 7,000,247
and U.S. and foreign patents pending and trademarks.
Active Directory, Notepad, Microsoft, Windows, Windows NT, Windows Server, and SQL Server are either trademarks or
registered trademarks of Microsoft Corporation in the United States and/or other countries. Adobe and Adobe Reader are
registered trademarks of Adobe Systems Incorporated. AIX and PowerPC are trademarks or registered trademarks of
International Business Machines Corporation. All SPARC trademarks are used under license and are trademarks or registered
trademarks of SPARC International, Inc. in the United States and other countries. Apache is a trademark of the Apache Software
Foundation. AppSight is a trademark of Insight Software Ltd. CVE and MITRE, and OVAL are either trademarks or registered
trademarks of the MITRE Corporation. Foundstone and FoundScan Engine are either trademarks or registered trademarks of
Foundstone, Inc. HP-UX, PA-RISC, and Tru64 are trademarks or registered trademarks of Hewlett Packard Company in the
United States. Intel and Pentium are registered trademarks of Intel. Internet Security Systems, System Scanner, Internet Scanner,
and SiteProtector are either trademarks or registered trademarks of Internet Security Systems, Inc. Linux is a registered trademark
of Linus Torvalds. Mac OS X is a registered trademark of Apple Computer, Inc. nCircle and nCircle IP360 are either registered
trademarks or trademarks of nCircle Network Security, Inc. QualysGuard and Qualys are trademarks of Qualys, Inc. Red Hat is a
registered trademark of Red Hat, Inc. REM, Retina, and eEye are either trademarks or registered trademarks of eEye Digital
Security. SAINT is a registered trademark of the Saint Corporation. SANS is a trademark of SANS/ESCAL. SecureScoutSP is a
trademark of NexantiS Corporation. Shavlik and HfNetChk are either trademarks or registered trademarks of Shavlik
Technologies, LLC. STAT and Guardian are either trademarks or registered trademarks of Harris Corporation. Sun and
Solaris are trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark in the
United States and other countries, exclusively licensed through X/Open Company, Ltd. WinZip is a registered trademark of
WinZip Computing, Inc.
W3C® SOFTWARE NOTICE AND LICENSE
Copyright © 1994-2004 World Wide Web Consortium http://www.w3.org/, (Massachusetts Institute of Technology
http://www.lcs.mit.edu/, Institut National de Recherche en Informatique et en Automatique <http:// www.inria.fr/>, Keio
University <http://www.keio.ac.jp/>). All Rights Reserved.
http://www.w3.org/Consortium/Legal/
This W3C work (including software, documents, or other related items) is being provided by the copyright holders under the
following license. By obtaining, using and/or copying this work, you (the licensee) agree that you have read, understood, and will
comply with the following terms and conditions:
Permission to use, copy, modify, and distribute this software and its documentation, with or without modification, for any
purpose and without fee or royalty is hereby granted, provided that you include the following on ALL copies of the software and
documentation or portions thereof, including modifications, that you make.The full text of this NOTICE in a location viewable to
users of the redistributed or derivative work. Any pre-existing intellectual property disclaimers, notices, or terms and conditions.
If none exist, a short notice of the following form (hypertext is preferred, text is permitted) should be used within the body of any
redistributed or derivative code: "Copyright © 2004 World Wide Web Consortium http://www.w3.org, (Massachusetts Institute
of Technology http://www.lcs.mit.edu/, Institut National de Recherche en Informatique et en Automatique http:// www.inria.fr/,
Keio University http://www.keio.ac.jp/). All Rights Reserved. http://www.w3.org/Consortium/ Legal/"
Notice of any changes or modifications to the W3C files, including the date changes were made. (We recommend you provide
URIs to the location from which the code is derived.)
All other products are trademarks of their respective holders.
Copyright © 2002-2006 by Citadel Security Software Inc. All rights reserved.
Citadel Security Software Inc. * Two Lincoln Centre * 5420 LBJ Freeway, Suite 1600 * Dallas, TX 75240
Phone: (214) 520-9292 * Fax: (214) 520-9293 * Email: support@citadel.com * Website: http://www.citadel.com
Contents
1
Overview................................................................................................................................. 1
2
Device Discovery .................................................................................................................... 2
3
Vulnerability Assessment...................................................................................................... 3
Selecting a Vulnerability Assessment Tool .......................................................................................... 3
Preparing for Assessment...................................................................................................................... 4
Running the Assessment ....................................................................................................................... 4
4
Vulnerability Review ............................................................................................................. 5
5
Vulnerability Remediation.................................................................................................... 6
6
Vulnerability Management ................................................................................................... 7
7
Vulnerability Assessment Tools............................................................................................ 8
eEye Digital Security Retina Network Security Scanner...................................................................... 8
eEye Digital Security REM................................................................................................................... 9
Foundstone FoundScan Engine............................................................................................................. 9
Harris STAT Scanner............................................................................................................................ 9
Harris STAT Guardian Scanner ............................................................................................................ 9
ISS Internet Scanner............................................................................................................................ 10
ISS System Scanner ............................................................................................................................ 10
ISS SiteProtector ................................................................................................................................. 10
Microsoft Baseline Security Analyzer ................................................................................................ 10
nCircle IP360 Vulnerability Management System.............................................................................. 11
NexantiS SecureScout SP ................................................................................................................... 11
Qualys QualysGuard Scanner ............................................................................................................. 11
SAINT Scanning Engine..................................................................................................................... 11
Tenable Nessus Scanner...................................................................................................................... 12
Tenable NeWT Scanner ...................................................................................................................... 12
The MITRE Corporation OVAL Definition Interpreter...................................................................... 12
v
Hercules Vulnerability Assessment and Remediation Overview
Customer Support
When you purchase a Customer Support Agreement and register your Citadel software product,
you are eligible to receive technical support according to the terms of the contract you purchased.
Citadel provides two levels of technical support:
Standard support—Available by phone 7 A.M. - 7 P.M. US Central Standard Time on Citadel
Security Software normal business days.
Premium support—Available by phone 7 days x 24 hours x 365 days of the year.
Registered users can reach Citadel Customer Support in any of the following ways:
vi
•
Toll-free hot line at 888-9-CITADEL, (888-924-8233)
•
E-mail at support@citadel.com
•
Customer Support Portal on the Citadel website at http://www.citadel.com/
Hercules Vulnerability Assessment and Remediation Overview
1 Overview
Promoting network security involves adopting proactive practices that identify and eliminate risks
before they can be exploited. Vulnerabilities that can be exploited within an enterprise network
include software defects, unnecessary services, unsecured accounts, backdoors, and
misconfigurations.
Remediating security vulnerabilities must be automated—manual remediation has become cost
prohibitive. Consider these metrics:
•
When the average Microsoft® Windows® device is scanned for the first time it contains 70100 vulnerabilities.
•
It takes a security administrator an average of one hour to fix each vulnerability or
approximately 100 hours of manual remediation for each computer.
If you apply these metrics to an enterprise network with several hundred or thousands of
computers the timeframes, resources, and dollar amounts associated with manual vulnerability
remediation become astronomical.
This guide describes how to achieve a high level of network security at a low cost. The proposed
best practice includes the following steps:
1. Device Discovery
2. Vulnerability Assessment
3. Vulnerability Review
4. Vulnerability Remediation
5. Vulnerability Management
Device discovery is the process of identifying all devices on the network by IP address.
Vulnerability assessment is the process of detecting known vulnerabilities on network computers.
This process is performed with automated scanning software or auditing practices. Vulnerability
review is the process of selecting the vulnerabilities to fix based on risk assessment, and
determining whether the remediation can be automated. Vulnerability remediation is the process
of eliminating the security flaws. Vulnerability management is the process of developing and
implementing a policy compliance plan and scheduling automated vulnerability remediation.
Such plans ensure these steps are performed as often as required to maintain a secure network.
This guide is designed to help you devise an effective scanning and remediation strategy using
Citadel’s Hercules® software and its supported assessment tools. Hercules automated
vulnerability remediation solution is the first vulnerability remediation solution to automate the
resolution of all classes of vulnerabilities.
1
Hercules Vulnerability Assessment and Remediation Overview
2 Device Discovery
Wireless access points, laptops and other mobile computing devices are proliferating in networks
due to their ease of use and low acquisition costs. These devices can contain sensitive data assets
and are easily exploitable
Device discovery enables you to map your network, set a baseline for the identified devices, and
track rogue devices as they enter or leave the network. Use an assessment tool or other network
mapping software that scans all networks and sub-networks to identify all devices with their
associated IP addresses.
Information typically collected during device discovery includes the following:
•
The number of devices
•
The type of devices (such as computers with Windows® operating systems, UNIX®
operating systems, Linux® operating systems, Mac OS X® operating system, and edge
devices, printers, etc.)
•
Unexpected or rogue devices
•
Wireless networks
It is important to match the devices found to internal IT asset tracking or equipment lists to
validate each piece of equipment. Any devices found that are not accounted for via asset tracking
require additional research. You should add such devices to the IT asset inventory or remove the
devices from the network.
In large computing environments, discovery can take a substantial amount of time. You should
perform device discovery on a regular basis as part of centralized IT security control. Device
discovery represents the first step to eliminating one of the biggest threats to corporate networks
today—exploitation of devices that are “under the radar” of IT security.
2
Hercules Vulnerability Assessment and Remediation Overview
3 Vulnerability Assessment
Selecting a Vulnerability Assessment Tool
You typically perform vulnerability assessment with an automated vulnerability assessment tool.
Vulnerability assessment tools can be classified as Network-based or Host-based.
Network-based assessment tools scan a range of IP addresses from a centralized computer. They
probe and detect vulnerabilities through port scanning and other remote access methods.
Host-based assessment tools require the installation of a client software component on each
device you want to scan. The client software is responsible for inspecting the system for
vulnerabilities and reporting findings to a centralized database or management console.
Both of these architectures have advantages and disadvantages. In making a selection of the type
of assessment tool to use, keep the following in mind:
•
Determine which networks will be scanned and the transport routes used for assessment.
•
Determine the appropriate rights required to perform the assessment. Many tools require
administrative privileges to obtain complete scan results. Often this requirement determines
who is responsible for scanning which devices.
•
When evaluating host based vulnerability assessment tools, consider whether the tool
includes client deployment tools and the method of client distribution.
•
Evaluate the computing environment as a whole based on the device discovery process.
•
Determine if the selected scanner provides an acceptable level of assessment for your
platforms. Consider the types of checks that are performed
•
Consider the operating systems that are supported.
•
The quantity and quality of assessment intelligence data provided by the available tools varies
greatly. Citadel recommends you perform scans using multiple tools to get a clear picture of
your organizations’ current security posture. Using multiple tools provides some overlap in
data. It also provides the benefit of performing additional checks that may not be identified
by the primary scanner of choice.
3
Hercules Vulnerability Assessment and Remediation Overview
Preparing for Assessment
After selecting an appropriate vulnerability assessment tool, you must install and configure it to
work appropriately in your environment. The configuration process requires an understanding of
what knowledge is gained during device discovery. You must understand the appropriate audits
or checks to perform against each device.
Most scanners perform tests based on non-destructive and destructive methodologies. Nondestructive methodologies assess the device without attempting to break in or exploit the system.
Destructive methodologies attempt to exploit the vulnerability on the system. In cases where the
system is vulnerable, it can actually cause damage or downtime to the system. This is most
notable when running assessments for denial of service attacks or buffer overflows that cause the
device to stop responding.
To prepare for the assessment, do the following:
•
Carefully analyze the assessment policies available from the vendor
•
Disable any destructive tests to prevent unwanted side effects
•
Become intimately familiar with the testing process on the majority of the vulnerabilities
being scanned
Bandwidth requirements and CPU overhead should be taken into consideration before performing
a scan. Performing an assessment of a medium to large size network with about 1500 devices can
provide significant bandwidth utilization. Depending on the test selected, it can also generate
moderate to high CPU utilization on the device being scanned.
Additionally, it is best to schedule or run the assessment during non-peak business hours. This
ensures the scanning software does not compete for bandwidth with normal daily business traffic.
Running the Assessment
After determining the devices to scan, the type of assessment to perform, and the best time of day
to run the assessment, the next step is to implement the assessment process by distinct network
segments. That is, use the assessment tool to scan each segment separately. Performing a phased
assessment minimizes the bandwidth utilization when assessing a network composed of many
devices
For detailed instructions on how to perform an assessment, see the assessment tool
documentation.
4
Hercules Vulnerability Assessment and Remediation Overview
4 Vulnerability Review
Depending on the number of devices scanned and the number of vulnerabilities scanned for, most
assessment tools produce large volumes of data. During the vulnerability review process, you
analyze the data generated during assessment to determine which devices and vulnerabilities will
be remediated, in what order, and whether there are exceptions that must be handled manually.
Almost all remediations can be automated. An example of a manual remediation is installing a
patch to a third-party application.
Citadel suggests you perform the review by the segments used for assessment. Consider the
following approach:
1. During the initial review, the security team performs tasks such as the following:
• Create a list of unique, identified vulnerabilities. (Eliminate duplicate or extraneous data.)
• Devise a risk scale, such as 1 – 5, 1 being the highest risk.
• Determine the risk associated with each vulnerability and assign a risk rank to each.
• Prioritize the vulnerability list, beginning with the highest risk items.
• Hand off the list to the system owners and business unit directors.
2. System owners and business unit directors then take responsibility for the following:
• Review the risk to vulnerability assignments and revise as needed.
• Determine the acceptable level of risk to the network when weighed against requirements
for accessibility.
• Define the cutoff in the prioritized list that divides vulnerabilities that will be remediated
from those that will be tolerated.
• Review the revised list with the security assessment team for consensus. Use change
control procedures, where applicable, to track updates.
3. Finally, the security assessment team make final decisions and perform handoffs as follows:
• Identify the vulnerabilities for which remediation can be automated; update the list.
• Plan automated remediation by subnetwork; hand off list for automated remediations to
the individual who will use the Hercules software.
• Assign any remaining vulnerability remediation tasks to the team who will perform the
manual remediations.
5
Hercules Vulnerability Assessment and Remediation Overview
5 Vulnerability Remediation
Remediation is defined as the process of correcting a fault or deficiency, or, in this case, a
vulnerability. Hercules software provides relief by automating the remediation of the
vulnerabilities identified during the assessment process. The software also provides reports and
management tools to track the vulnerabilities that must be handled manually. Performing
remediation using Hercules software significantly reduces the amount of time required to research
and deploy remediation to vulnerable systems.
To manage manual remediations, a process should be created that determines when systems will
be remediated and by which technician. In addition you must address the following items:
•
•
•
•
•
•
•
•
•
•
Where is the device physically located?
Can the device be accessed after hours?
Is travel time involved?
Does the technician have the necessary access rights (administrative etc.) to the system?
Has the research been performed to know what is required to implement the fix?
Does the fix involve updating software?
Is the software downloadable from the Internet? Does the computer have access to the Internet?
What happens after the fix is implemented?
Does it require the system to be rebooted?
If so, can it be rebooted without creating downtime for mission critical applications?
Fortunately, Hercules vulnerability assessment system eliminates the majority of research related
work required for manual remediations. After you develop the process and plan, you can proceed
with remediation as follows:
1. Use Hercules to perform all automated remediations.
2. Execute the process for manual remediation.
6
Hercules Vulnerability Assessment and Remediation Overview
6 Vulnerability Management
Management of vulnerabilities and remediation is important to keep the network operating
securely and efficiently. Vulnerability assessment and remediation is not a one-time process.
Regularly scheduled vulnerability assessment and remediation must be consistently performed
and managed to produce any level of success.
Effectively managing vulnerabilities includes performing routine assessment and remediation as
well as device discovery. Each company should review the personnel and resources within their
organization to develop a security team to manage this process. Security personnel should be well
trained and knowledgeable of industry best practices and the tools available. Citadel recommends
you have at least one certified security professional available to assist with crises and provide
knowledge assistance.
Most importantly when managing vulnerability assessment and remediation, a plan must be
developed to maintain the assessment checks performed by the assessment tools. This includes
periodic updates via Internet enabled software downloads and upgrades from the software vendor.
It is also highly recommended to maintain support contracts for commercially available security
tools. This ensures that the product is maintained and updated in a timely manner and provides
knowledgeable support staff when needed.
Security news and vulnerability intelligence must be continually monitored to identify new
threats as they emerge. Numerous free and subscription type services offer browser-based and
direct feeds that supply timely security intelligence information.
Implementing these procedures and practices will ensure that vulnerabilities are eliminated before
they are exploited by malicious hackers to gain confidential data or induce downtime on the
network.
7
Hercules Vulnerability Assessment and Remediation Overview
7 Vulnerability Assessment Tools
Hercules enterprise security software uses supported vulnerability assessment tools to assess the
network and discover vulnerabilities on the devices it scans. After the assessment is complete,
Hercules technology uses the results to build remediation profiles for the devices that were
assessed. To simplify the remediation process, the Hercules vulnerability assessment and
remediation system includes an import wizard for the following supported vulnerability
assessment tools:
•
eEye® Digital Security Retina® Network Security Scanner
•
eEye Digital Security REM™ Security Management Console
•
Foundstone, Inc.® FoundScan Engine™
•
Harris STAT® Scanner
•
Harris STAT Scanner 6.2.1 and above (Guardian)
•
Internet Security Systems™ Internet Scanner®
•
Internet Security Systems™ SiteProtector™
•
Internet Security Systems™ System Scanner™
•
Microsoft® Baseline Security Analyzer (MBSA)
•
nCircle® IP360™ Vulnerability Management System
•
NexantiS SecureScout SP™
•
Qualys™, Inc. QualysGuard® Scanner
•
Saint Corporation SAINT® Scanning Engine
•
Tenable Network Security™ Nessus Scanner
•
Tenable Network Security NeWT Scanner
•
The MITRE Corporation OVAL™ Definition Interpreter
Vulnerability assessment data from several different scanners can be combined to create a single
view of all assessment data. This is accomplished by importing the data from several different
sources. During the import process, the Hercules software automatically combines the
vulnerability information and associates it with the appropriate device.
eEye Digital Security Retina Network Security Scanner
The eEye Digital Security Retina Network Security Scanner is a network based vulnerability
assessment tool. It can be used to perform assessments on all devices on the network including
Windows, UNIX, Linux, and edge devices. Retina can be used to schedule scans from the command
line. It also offers a graphical user interface to assist users in managing assessment policies and scan
sessions. For details on this product, see http://www.eeye.com/html/products/retina/index.html.
While Retina is performing a scan, it stores the results of the scan in a proprietary .rtd file or within
an ODBC database connected by a DSN. Hercules Import Wizard for Retina uses this .rtd file or an
ODBC database connection to import the results and create Remediation profiles.
8
Hercules Vulnerability Assessment and Remediation Overview
eEye Digital Security REM
The eEye Digital Security’s family of scanners now includes the importing of scanned data from
the REM (Remote Enterprise Management) Security Management Console. REM is a networkbased vulnerability assessment tool. It can be used to perform assessments on all devices on the
network including Windows, UNIX, Linux, and edge devices. You can import vulnerability and
device information directly from the REM database. The REM Security Management Console
aggregates data from the Retina Security Scanner and Retina WiFi Scanner. For details, see
http://www.eeye.com/html/products/rem/.
Foundstone FoundScan Engine
Foundstone FoundScan Engine(http://www.foundstone.com) discovers and maps your complete
network environment—including routers, firewalls, servers and custom Web applications—and
then probes these areas for vulnerabilities. FoundScan consists of three components: an SQL
database that holds scan data, an engine that scans for vulnerabilities, and a Web portal that
allows users to access the information in the database through their Web browser. FoundScan
imports the data directly from the FoundScan database into the Hercules database. The
FoundScan engine is at the core of McAfee Foundstone Enterprise 4.0.
Harris STAT Scanner
The Harris STAT Scanner (http://www.statonline.com) is a network based vulnerability
assessment tool. It can be used to perform assessments on most network devices including
Windows, UNIX, Linux, and edge devices. STAT Scanner offers a graphical user interface to
assist users in managing assessment policies and scan sessions.
While STAT is performing a scan, it stores the results of the scan in a database file. Hercules
Import Wizard for STAT Scanner uses this database file to import the results and create
remediation profiles.
Harris STAT Guardian Scanner
The Harris STAT Guardian Scanner (http://www.stat.harris.com) is a network based vulnerability
assessment tool. It can be used to perform assessments on most network devices including
Windows, UNIX, Linux, and edge devices. The vulnerability assessment scan engine, STAT®
Scanner 6.2, is the foundation of STAT Guardian VMS. STAT Scanner 6.0 provides adaptive
scanning capabilities to accurately find vulnerabilities in multiple computer operating platforms
and applications.
STAT Guardian stores the results of its scans in a database on a local web server. Hercules Import
Wizard for STAT Guardian Scanner uses a web service on the local Guardian web server to
import the results and create remediation profiles. Support begins with STAT Scanner 6.2.1.
9
Hercules Vulnerability Assessment and Remediation Overview
ISS Internet Scanner
The Internet Security Systems (ISS) Internet Scanner is a network based vulnerability assessment
tool. It can be used to perform assessments on all devices on the network including Windows,
UNIX, Linux, and edge devices. Internet Scanner can be used to schedule scans from the
command line. It also offers a graphical user interface to assist users in managing assessment
policies and scan sessions. For details, see:
http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php
While Internet Scanner is performing a scan, it stores the results of the scan in a database file.
Hercules Import Wizard for Internet Scanner uses this database file to import the results and
create remediation profiles.
ISS System Scanner
ISS System Scanner is a host based vulnerability assessment tool. It can be used to perform
assessments on devices that it supports including Windows, UNIX, and Linux. System Scanner
offers a graphical user interface to assist users in managing assessment policies and scan sessions.
While System Scanner is performing a scan, it stores the results of the scan in a database file.
Hercules Import Wizard for System Scanner uses this database file to import the results and
create Remediation profiles. For details on the ISS System Scanner, see:
http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_system.php
ISS SiteProtector
The Internet Security Systems™ SiteProtector™ management system enables you to monitor and
control network security systems across multiple sites from a central location. You can monitor
your networks for intrusion activity, assess vulnerabilities, and prioritize events. For details on
SiteProtector, see:
http://www.iss.net/products_services/enterprise_protection/rssite_protector/siteprotector.php
Microsoft Baseline Security Analyzer
The Microsoft® Baseline Security Analyzer (MBSA) allows administrators to scan local and
remote systems for missing security patches as well as common security misconfigurations.
MBSA includes a graphical and command line interface that can perform local or remote scans of
Windows operating systems (Windows® 2000, Windows® XP, and Windows Server™ 2003).
MBSA scans for missing security updates and service packs for Windows, IE, Internet
Information Services (IIS), SQL Server™, Exchange, and Windows Media Player. MBSA will
create and store individual XML security reports for each computer scanned and will display the
reports in the graphical user interface in HTML. For details on MBSA, see:
http://www.microsoft.com/technet/security/tools/mbsahome.mspx)
You need a dedicated folder for the output files generated by the MBSA scan. The Hercules
software browses the folder for the files, rather than browsing for each file individually. If you
use MBSA 1.2.1, the output files are .xml files. If you use MBSA 2.0, the result is an html file
with an .mbsa extension.
10
Hercules Vulnerability Assessment and Remediation Overview
nCircle IP360 Vulnerability Management System
The IP360 Vulnerability Management System from nCircle (http://www.ncircle.com) is an
appliance-based vulnerability management solution that discovers, assesses, and protects devices
within the enterprise network against common vulnerabilities. The IP360 Device Profilers track
changes to the network environment, discover new vulnerabilities, and report network status
using a non-disruptive scanning technology that accurately reveals the scope of your
infrastructure without taxing network bandwidth. The IP360 Vulnerability Management System
minimizes false positives and negatives associated with some scanners.
The nCircle IP360 scanner can export the results of a scan in an XML file. Hercules Import
Wizard for nCircle uses this XML file to import the results and create Remediation profiles.
NexantiS SecureScout SP
NexantiS SecureScout SP (http://www.securescout.com/securescoutsp) is a multi-user software
product for enterprise vulnerability assessment needs. SecureScout SP provides automation,
control and management of security testing. SecureScout SP users can enjoy an unprecedented
level of Managed Security through the on-going testing of internal and public-facing IP
addresses. For Managed Security Service Providers, SecureScout SP can be rebranded.
SecureScout SP imports the data directly from the SecureScout database into the Hercules
database.
Qualys QualysGuard Scanner
The QualysGuard (http://www.qualys.com) scanner is currently offered as an ASP solution for
customers to perform scans of devices accessible through an outward facing internet connection.
QualysGuard performs various assessments on Windows, UNIX, Linux, Solaris™, and network
devices.
Hercules software integrates with QualysGuard by allowing the import of previously saved scans
from a local XML file or by authenticating to the QualysGuard service and downloading the
appropriate scan reports for import.
SAINT Scanning Engine
The SAINT Scanning engine (http://www.saintcorporation.com/products/saint_engine.html) is a
vulnerability scanner that pinpoints security risks accurately, while being easy to use. It finds
targets, does a port scan, and then a vulnerability check.
SAINT Scanning Engine imports the data directly from the SAINT database into the Hercules
database.
11
Hercules Vulnerability Assessment and Remediation Overview
Tenable Nessus Scanner
Nessus (http://www.nessus.org) is a network based vulnerability assessment tool that is supported
by the Open Source community. It is free to download and use on any network and can be
customized to fit specific environments. See
http://www.tenablesecurity.com/products/nessus.shtml.
Nessus is installed and runs on Linux or UNIX hosts. It can scan a variety of different platforms
including Windows, UNIX, Linux, and edge devices. It is recommended that before attempting to
install and use Nessus that you have a good understanding of UNIX or Linux and are comfortable
with installing and configuring software on those platforms. Through the support of the Open
Source communities, several Nessus clients have been developed that allow users to control and
manage Nessus scans from platforms other than Linux. For example, NessusWx provides a
Windows interface that allows scheduling and running of vulnerability assessments. These clients
communicate with the Nessus server installed on a Linux or UNIX computer to perform the scan
and reporting functions.
Tenable NeWT Scanner
Tenable Network Security (www.tenablesecurity.com) produces NeWT, a Windows version of
the Nessus scanner used with Windows 2000 and Windows XP machines. NeWT stands for
"Nessus for Windows Technology". Hercules accepts NeWT data as an XML file.
The MITRE Corporation OVAL Definition Interpreter
OVAL (Open Vulnerability and Assessment Language) is a specification for describing
vulnerabilities in XML format. This standard defines three main XML schemas, one of which is
the OVAL Definitions Schema, which is used to test for the presence of specific vulnerabilities,
configuration issues, and/or patches. The OVAL Definition Interpreter is a reference
implementation of OVAL that was created to show how information can be collected from a
computer to evaluate, and carry out the OVAL definitions for that platform. The OVAL
Definition Interpreter can be downloaded from http://oval.mitre.org/ free of charge.
The OVAL Importer enables the import of the results of files generated by the OVAL Definition
Interpreter into Hercules. You can import OVAL results files from other supported OVALcompatible scanners, for example, ThreatGuard. The OVAL Importer will support version 4.1
and 4.2 of the OVAL Definition Interpreter. The OVAL Definition Interpreter runs on Windows
and Red Hat operating systems, specifically, Windows NT 4.0, Windows 2000 Professional,
Windows XP, Windows 2000 Server, and Windows Server 2003, Red Hat Linux 9, and Red Hat
Enterprise Linux 3.
12
Related documents
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Individual Teacher Data Analysis Form
Individual Teacher Data Analysis Form
BILL ANALYSIS
BILL ANALYSIS
An extended misuse case notation
An extended misuse case notation
WP6: Water resources vulnerability to climatic change
WP6: Water resources vulnerability to climatic change
How Vulnerable are you to Stress
How Vulnerable are you to Stress
Abstract
Abstract
Download