View
54
Download
1
Category
Preview:
DESCRIPTION
Foundstone Scanner. User Training. Observation. There are few (if any) funny cartoons about network vulnerability scanning. Observation. There are few (if any) funny cartoons about network vulnerability scanning … so make fun of Powerpoint. Why scan?. - PowerPoint PPT Presentation
Citation preview
Foundstone Scanner
User Training
Observation
• There are few (if any) funny cartoons about network vulnerability scanning
Observation
• There are few (if any) funny cartoons about network vulnerability scanning
• … so make fun of Powerpoint
Why scan?
• Know what the Bad Guys (as well as students and other interested parties) see when they look at your machines
• Identify machines you are responsible for that managed to avoid your best attempts to patch them
• Interesting Factoid: A recent campus scan identified over 50 machines that were vulnerable to Conficker because of a missing patch
• Address audit points from our last audit
Scanner Info
• Foundstone FS-1000 appliance
• Accessed via web browser
• Licensed for 2500 addresses
• Currently has over 500 addresses from the border exemption database
• No interior firewall addresses at this point
The Plan
• Allow colleges/departments to scan their own machines, reduces dependency on ITSO and better utilizes the FS-1000
• Individuals identified from each of the major constituent groups (colleges, auxiliaries, departments)
• ITSO will provide FS-1000 credentials to designated users
Using the FS-1000 scanner
• Use Internet Explorer to connect to: https://eclipse.sdsu.edu
• FS does not support Firefox. Sorry, *nix folks. Don’t know about Safari.
• May need to allow pop-ups and javascript from the FS-1000.
• Portions of the FS-1000 written in java run on the client.
Let’s get started
• https://eclipse.sdsu.edu• Organization: sdsu• Credentials as assigned
Security 101: Change your password! (1)
• Menu Bar: Manage >> Users/Groups
Security 101: Change your password! (2)
• Select Run if you get a Java version alert about earlier version required
• Drill down in the tree to your workgroup and user object
• Open your user object• Set a new password
(letters, digits, special characters)
• DO NOT CHECK LOCKED!
Create a new scan (1)
• Menu Bar:Scans >> New Scan
• Start with a template, select “Use a Foundstone template”
Create a new scan (2)
• Choose the SDSU General Purpose template• Covers most systems on campus, non-intrusive
Create a new scan (3)
• IP Selection box uses java, choose Run if you get the Earlier Version alert
• Name your scan• Add IP addresses
from your assigned address pool
• Next>> or Settings
Create a new scan (4)
• May not need to change anything
• Can select or deselect entire platform
• Intrusive is not selected, know what you’re doing before using it
• Next>> or Reports
Create a new scan (5)
Other Settings• Hosts: Ports that FS uses to
determine whether a host exists• Services: Ports that FS uses when
searching for known services• Credentials: Used for Shell scans
and most Windows scans• Web Module: Can look for various
web security issues• Optimize: Modify engine settings
Create a new scan (6)
• Remediation Tickets are not implemented, uncheck• Use Internal Scan unless you know that only border-
exposed ports will be scanned• Recommend: PDF (downloadable), HTML
(downloadable and viewable online)• Next>> or Scheduler
Create a new scan (7)
• Choose One Timeor Recurring
• Active must be checked in order to run the scan. Inactive scans will be saved, but can’t be run.
• OK finishes the Scan creation process.
Deep Cleansing Breath
• We have a scan, now what?
Tech Support Tip
Start or Edit an existing scan
• Menu Bar:Scans >> Edit Scans
• Important Safety Tip: Delete removes all associated reports and vulnerability data
• Click Activate to start a saved scan
Edit a scan
• Editing is nearly the same as creating a new scan.
• Can’t change the name of a scan.
Monitoring scan progress (1)
• Menu Bar: Scans >> Scan Status
Monitoring scan progress (2)
• Status does not auto-refresh, use the Refresh button
• Often seems to hang at 50% - be patient
Let’s see the results (1)
• Menu Bar: Reports >> View Reports
Let’s see the results (2)
• Shows the report engine progress• 75% always seems to take a looooong time, not
just WPS (Watched Pot Syndrome)
Let’s see the results (3)
• Whoops, where’d the report go???
Let’s see the results (4)
• Click “Scan Reports” and it shows up• View Report (HTML only) and Download icons for
selected formats (downloads can be slow)
The Report (1)
• New IE window
The Report (2)
• In IE, View >> Text Size >> Medium
The Report (3)
• Access the various sections of the report via the Report Pages menu
</powerpoint><humor class=‘random geek bad’>
</humor>
<demo class=‘foundstone live’ />
Recommended