Ibm Internet Scanner Software

Transcript

Uncovering vulnerabilities with speed and precision IBM Internet Scanner software Intelligent scanning agent Administration, access and control With dynamic check assignment, IBM Internet Internet Scanner software uses authorized Scanner ® software will identify assets and administrative access to endpoints for in-depth unearth vulnerabilities with a high degree of scanning and identifies privileged administrative accuracy and speed. accounts to gather more information about network devices. Features include: Policy management The policy management feature of Internet Scanner • Domain account registration and support software allows users to customize the policy used • Administrative access to supported endpoints for scanning; it comes preloaded with 20 standard • Obfuscation of known account administration scanning policies. Specific features include: • Database administration • Enhanced command line interface • Twenty default scanning policies • Program file location specification • Custom scanning policy • Scanner data source name (DSN) modification • Derive new template capabilities • Local logging • Edit/change policy • FlexCheck custom checks with custom executables (user-defined) • Searchable policy system (search by common vulnerabilities and exposures (CVEs), wildcards or vulnerability names) Asset identification Real-time display options Uses stack fingerprinting techniques and imports information Presents information on screen for quick identification of from already-existing asset databases within your organi- vulnerabilities and vulnerable hosts. On-screen display zation. Identifies more than 1,300 asset types (operating functions include: systems and network devices): • Host view • Integrated Networked Messaging Application Protocol • Vulnerability view (NMAP) fingerprinting • Services view • User-defined fingerprinting • Accounts view • Scan-time ping asset identification • Real-time activity monitoring with check progress • Host-file import • Active session monitoring • Host-list generator • Scan status window • Host-file export • Context-sensitive windows • Range enumeration Local scan control • Domain name system (DNS) name Gives the scan operator more precise control over the scanner • Internet Protocol (IP) address identification with tools that automate manual tasks like merging scan ses- • NetBIOS name sions. Features that save the scan operator time include: • NetBIOS domain • Operating system type • Scan now • MAC address • Stop scan • IP-stack fingerprinting • Pause/resume scan • Open-port banner identification • MultiScan session support • Merge scan sessions • Edit sensor properties • Denial of service check segregation • IBM X-Press Update™ product enhancements  Comprehensive vulnerability catalog Internet Scanner software identifies several vulnerability categories Guides the user to the root cause of a vulnerability, detailed • Backdoors descriptions of the vulnerability, remediation steps to remove the • Browser vulnerability and reference links to obtain more information about • Brute-force password guessing the vulnerability. Provides expert security information, including: • CGI-bin • Daemons • Local help • Denial-of-service • Remediation information • Distributed Component Object Model (DCOM) • Reports based upon vulnerability information • DNS Reporting • E-mail Allows quick and easy information-sharing across all levels • Firewalls of the organization. A comprehensive set of 74+ predefined • File Transfer Protocol (FTP) reports includes: • Information-gathering • Instant messaging • Executive reports • Lightweight Directory Access Protocol (LDAP) • Line-management reports • Microsoft® Windows® critical issues • Technician reports • NetBIOS • Trend reports • Network • Operating-system reports • Network file system requirements • Foreign-language support • Network information system requirements • Import custom reports • Network sniffers • Protocol spoofing • Remote procedure call (RPC) • Router switch • Shares • Simple Network Management Protocol (SNMP) • Web scan • Windows groups • Windows networking • Windows password checks • Windows password policy • Windows patches • Windows policy issues • Windows registry • Windows services • Windows users • X-Windows  Internet Scanner is designed to identify vulnerabilities for more • OpenBSD than 1,300 asset types, including the following operating systems • OpenVMS • BeOS • IBM OS/2® • BSD generic • OS-9 • Caldera OpenLinux • QNX • Caldera UnixWare • RedHat Linux • Cisco IOS • SCO Open Server • Compaq True64 • Slackware Linux • Conectiva Linux® • Solaris • Convex OS • SunOS • Debian Linux • SuSE Linux • DG/UX • Trustix Secure Linux • EnGarde Secure Linux • Turbolinux • Fedora Core • Ultrix • FreeBSD • UNICOS • HP Apollo Domain/OS • UnitedLinux • HP-UX • VxWork • IBM AIX ® Vulnerability management • IBM AS/400 ® IBM Proventia® Management SiteProtector™ central manage- • Immunix ment system controls multiple Internet Scanner agents and • IRIX provides a comprehensive enterprise vulnerability manage- • Linux-based OS ment system. • Mac OS • Mandrake Linux • Microsoft Windows (all versions) • NEC EWS-UX/V • NEC UP-UX/V • NEC UX/4800 • NetBSD • NeXTSTEP • Novell NetWare  Additional capabilities available with the SiteProtector system Remote scanning capabilities Enterprise-class scalability Controls and operates scanning agents located in remote The SiteProtector system controls and operates hundreds of geographies or behind firewalls. Remote operations include: remote scanning agents and reports on the results quickly and easily. Scalable for the largest enterprises, the SiteProtector • Start scan (scan now) system offers the following vulnerability-management features: • Edit policy • Stop scan • Pause/resume scan • Multiscanner control • Multitiered architecture Automated and schedulable commands • Distributed vulnerability collection Eliminates the need to run recurring scans manually. Task • Enterprise database support scheduler eliminates steps and saves you time with: • Multiple site support • Enterprise dashboard with vulnerability drill-down capabilities • Start scan • Multiwindow view • Stop scan • Centralized servers • Report creation Enterprise reporting • Apply IBM X-Press Update product enhancements Enables multiscanner/multiscan enterprise correlation, aggrega- User administration tion and reporting. Includes all stand-alone scanner-reporting Empowers multiple users with appropriate access to con- capabilities, plus: trol their portion of the vulnerability management process. Features include: • Enterprise multiscan reports • Precanned default reports • Administration using domain accounts (optional) • Exports reports to PDF, CSV, HTML • Administration using local accounts • Group-based reporting • Multiple user roles • Schedulable reports • Group-based user access control • Web-accessible reports • Fast analysis reports • Extensive filtering  Asset management Data and vulnerability analysis views Designed for ease and accuracy, identifies groups and man- Displays security information in real time; flexible display pro- ages your information assets through: vides granular view of event details or summary information; once an analysis view is established it can be saved, recalled • Active directory integration or shared with others users. Views include: • Prompt asset grouping • Manual asset grouping • Group-oriented analysis views • Integrated protection view • Seventeen default analysis views • Group-name customization • Right-click data navigation (fast analysis) • Group-based reporting • Custom views • Multilevel asset grouping • Vulnerability clearing • Group-based user access control • Vulnerability-incident creation • Ungrouped asset identification • Vulnerability-exception creation • Drill-down to event details Discovery and assessment • View vulnerability information Includes automatic (passive) discovery of information assets • Target-analysis mode based upon traffic analysis from your IBM Internet Security • Sensor/scanner-analysis mode Systems (ISS) security infrastructure; helps identify new assets • Data export to printer as they are added to the network and groups them according • Data export with vulnerability information to user-defined roles or holds in the “ungrouped asset” category. • Schedulable data export Updates • Graphical analysis views Receives regular security content updates to enhance scan- • Baseline and compare views ning and vulnerability management. Updates include: • Return to baseline • Group filters • X-Press Update product enhancements and service packs • Analysis view filters • Prompt updates • Custom analysis display • On demand updates • Consolidated vulnerability views • Update scheduling • Updates via Web • Updates offline when not connected • Centralized update server • Update mirrors  Administrative functions For more information • Internet proxy support To evaluate Internet Scanner software today, call 1 800 776- • Secure sockets layer (SSL)-encrypted communication 2362, e-mail [email protected], or visit: • Trusted certificate support (SSL) ibm.com/services/us/iss • Optional local documentation • Web documentation • Administrative trace (local logging) • User auditing Data maintenance • Schema documentation available • Purge data now • Purge data on schedule • Data backups • Disk defragmentation  © Copyright IBM Corporation 2007 IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America 04-07 All Rights Reserved IBM, the IBM logo, AIX, AS/400 and OS/2 are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Internet Scanner, Proventia and SiteProtector and X-Press Update are trademarks or registered trademarks of Internet Security Systems, Inc., in the United States, other countries, or both. Internet Security Systems, Inc., is a wholly-owned subsidiary of International Business Machines Corporation. Portable Document Format (PDF) is a trademark of Adobe Systems Incorporated in the United States, other countries, or both. Microsoft and Windows are trademarks or registered trademarks or Microsoft Corporation in the United States, other countries, or both. Linux is a trademark or registered trademark of Linus Torvalds in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. All performance data contained in this publication was obtained in the specific operating environment and under the conditions described above and is presented as an illustration. Performance obtained in other operating environments may vary and customers should conduct their own testing. GTD01132-USEN-00