Documente online.
Zona de administrare documente. Fisierele tale
Am uitat parola x Creaza cont nou
 HomeExploreaza
upload
Upload




Evaluation Guide Security Analyzer

technical


Evaluation Guide

Security Analyzer

September 12, 2002



This document and the software described in this document are furnished under and are subject to the terms of a license agreement or a non-disclosure agreement. Except as expressly set forth in such license agreement or non-disclosure agreement, NetIQ Corporation provides this document and the software described in this document "as is" without warranty of any kind, either express or implied, including, but not li 12312b12m mited to, the implied warranties of merchantability or fitness for a particular purpose. Some states do not allow disclaimers of express or implied warranties in certain transactions; therefore, this statement may not apply to you.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

© 1995-2002 NetIQ Corporation, all rights reserved.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

ActiveAgent, ActiveAnalytics, ActiveKnowledge, ActiveReporting, ADcheck, AppAnalyzer, Application Scanner, AppManager, AuditTrack, AutoSync, Chariot, Chariot VoIP Assessor, ClusterTrends, CommerceTrends, Configuration Assessor, ConfigurationManager, the cube logo design, DBTrends, DiagnosticManager, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, End2End, Exchange Administrator, Exchange Migrator, Extended Management Pack, FastTrends, File Security Administrator, Firewall Appliance Analyzer, Firewall Reporting Center, Firewall Suite, Ganymede, the Ganymede logo, Ganymede Software, Group Policy Administrator, Intergreat, Knowledge Scripts, Log Analyzer, Migrate.Monitor.Manage, Mission Critical Software, Mission Critical Software for E-Business, the Mission Critical Software logo, MP3check, NetIQ, the NetIQ logo, the NetIQ Partner Network design, NetWare Migrator, OnePoint, the OnePoint logo, Operations Manager, Qcheck, RecoveryManager, Security Analyzer, Security Manager, Server Consolidator, SQLcheck, Visitor Mean Business, Visitor Relationship Management, VoIP Manager, W logo, WebTrends, WebTrends Analysis Suite, WebTrends Data Collection Server, WebTrends for Content Management Systems, WebTrends Intelligence Suite, WebTrends Live, WebTrends Network, WebTrends OLAP Manager, WebTrends Report Designer, WebTrends Reporting Center, WebTrends Warehouse, Work Smarter, WWWorld, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.

Contents

About This Book and the Library v

Conventions vi

About NetIQ Corporation vii

Chapter 1

Introduction 1

What Is Security Analyzer?

How Security Analyzer Works

What Security Analyzer Provides

Complete and Accurate Vulnerability Assessment

Automated and Customized Workflows

Flexible and Scalable Deployment

Open and Extensible Architecture

How Security Analyzer Helps You

Protect Valuable Business Assets

Reduce System Outages

Ensure Audit Compliance

Proactively Address New Vulnerabilities

Meet Your Unique Requirements

Understanding the Evaluation Process

Chapter 2

Installing Security Analyzer 13

Requirements

Preparing for Your Evaluation

Installing Security Analyzer

Licensing Considerations

Chapter 3

Guided Tour 19

Starting Security Analyzer

Quick Tour

Console Window

Scan Viewer Window

Feature Demonstrations

Performing Scans with Predefined Profiles

Creating a Custom Report

Setting Automatic Distribution of Reports

Scheduling Automatic Scans

Running Security Analyzer as a Service

Providing Remote Access

Feature Tour Summary

Removing Security Analyzer

Chapter 4

Evaluation Criteria Checklist 43

Complete Vulnerability Assessment

Flexible and Scalable Deployment

Full Product Customization

Full Product Automation

Chapter 5

Key Features at a Glance 49

Eliminate Vulnerabilities

Meet Your Unique Requirements

Reduce IT Costs

About This Book and the Library

The Evaluation Guide provides instructions to help you install the NetIQ Security Analyzer product (Security Analyzer) and evaluate its many features and benefits.

Intended Audience

This book provides information for individuals responsible for evaluating Security Analyzer for use in their corporate enterprise environment.

Other Information in the Library

The library provides the following additional information resources:

User Guide

Provides conceptual information about Security Analyzer. The User Guide provides an overview of the Security Analyzer user interfaces and guidance for performing Security Analyzer tasks.

Programming Guide

Provides conceptual information about the product architecture and instructions for creating custom vulnerability tests. The Programming Guide is part of the Security Analyzer Software Development Kit (SDK).

Help

Provides context-sensitive conceptual information, step-by-step guidance for common tasks, and definitions for each field on each window. The Help also includes the SDK documentation.

Conventions

The library uses the following conventions to help you identify items throughout the documentation:

Convention

Use

Bold

Window and menu items

Technical terms, when introduced

Italics

Book and CD-ROM titles

Variable names and values

Emphasized words

Fixed Font

File and folder names

Commands and code examples

Text you must type

Text (output) displayed in the command-line interface

Braces, such as

Required parameters of a command

Brackets, such as [value]

Optional parameters of a command

Logical OR, such as
value1 | value2

Exclusive parameters. Choose one parameter.

About NetIQ Corporation

NetIQ Corporation is a leading provider of software solutions for managing, securing, and analyzing all components of your computing infrastructure. These components include servers, networks, directories, Web servers, and various applications. With its roots as the premier provider of Windows infrastructure management, NetIQ Corporation now provides cross-platform solutions that enhance business performance and improve returns on infrastructure and Web investments. NetIQ Corporation is headquartered in San Jose, California, with offices throughout the United States, Canada, Europe, and Asia.

NetIQ Products

NetIQ Corporation provides integrated products that simplify and unify systems management, security, and network performance management in your extended enterprise. These products also help organizations prepare for and migrate to Windows 2000 and Windows .NET. NetIQ Corporation offers the following solutions:

Performance and Availability Management

These products allow you to manage, analyze, and report on the health, performance, and availability of your mission-critical Windows and UNIX applications and servers. With these products, you can pinpoint network problems and resolve them quickly and effectively.

Security Management and Administration

These products provide real-time Windows security event consolidation, configuration management, host-based intrusion detection, centralized assessment and incident management, vulnerability assessment and prevention, firewall log analysis and reporting, and Windows security administration. With these products, you can also manage group policy, administration workflows, and permissions on vital assets throughout your enterprise.

VoIP Management and Network Testing

These products enable you to evaluate your network for Voice over IP (VoIP) traffic before deployment, as well as manage and troubleshoot VoIP during and after deployment. With these products, you can also test application or hardware performance and predict the impact of network changes, such as adding users or new applications.

Web Analytics and Management

These products deliver important insight into every element of Web site visitor activity, as well as improved Web site performance and availability. These solutions enhance your e-business performance, resulting in higher returns on infrastructure and marketing investments and improved visitor-to-customer conversion rates.

Windows and Exchange Management

These products enable you to manage all Windows and Exchange essentials, from ensuring optimal availability and performance to seamless migration, secure administration, and in-depth analysis.

Contacting NetIQ Corporation

Please contact us with your questions and comments. We look forward to hearing from you. For support around the world, please contact your local partner. For a complete list of our partners, please see our Web site. If you cannot contact your partner, please contact our Technical Support team.

Sales:

713-548-1700
888-323-6768 (only in the United States and Canada)

Sales Email:

[email protected]

Support:

www.netiq.com/support

Web Site:

www.netiq.com

Introduction

Network security is a growing concern that affects both small and large companies. Whether your company is a small shop or a multi-national enterprise, you are not exempt from unauthorized access to sensitive data, denial of service attacks, intrusion attempts, or other disruptions.

Firewalls and intrusion detection systems are useful, but they do not guard against every threat. Most intrusions break or elude firewalls, and detection systems alert you only after an attack is underway. Security breaches are often initiated by someone who has intimate knowledge of your network. Common threats, such as viruses, worms, and Trojan horses, can cause the most destructive and disruptive breaches by exploiting vulnerabilities from the inside out. To make matters worse, new vulnerabilities are discovered almost daily.

Security Analyzer, a multi-platform vulnerability assessment product, can scour your enterprise regularly and automatically to detect potential security issues. You can quickly and easily find, understand, and eliminate vulnerabilities. Security Analyzer gives you the solution you need to secure valuable network resources before an attack can occur.

What Is Security Analyzer?

Security Analyzer is a flexible, enterprise-scale vulnerability assessment product for Windows, Solaris, and Linux platforms that protects your enterprise from costly downtime and security breaches. Security Analyzer scans computers in your network and provides reports that help you correct problems and comply with company security policies. With the flexible and open architecture, you can quickly integrate your own tests to automatically detect vulnerabilities unique to your environment. Customizability and multiple deployment options make Security Analyzer your best choice in enterprise vulnerability assessment tools.

How Security Analyzer Works

Security Analyzer identifies security issues that could leave your business open to attack by intruders or disgruntled employees. Then Security Analyzer provides the knowledge you need to correct potential issues and prevent future security breaches.

Security Analyzer uses its built-in test library to enforce defined security policies. Based on settings you specify in a scan profile, Security Analyzer scans your network for specific vulnerabilities. Security Analyzer then stores the scan results in a database. With the XML feature, you can export this data and seamlessly integrate Security Analyzer into your established vulnerability assessment and auditing process. You can also integrate Security Analyzer with other security monitoring products, such as the NetIQ Security Manager product (Security Manager), to automate vulnerability resolutions, set risk thresholds, and detect intrusions.

The following figure illustrates the component relationship and work cycle for Security Analyzer. Security Analyzer uses the latest technology to test for and discover potential vulnerabilities. You can install and deploy this product across Windows, Solaris, and Linux platforms.

Using agents on Windows computers offers the following unique benefits:

Faster performance across your enterprise

More extensive vulnerability assessments

Enhanced security with encrypted data transmission

For more information about Security Analyzer benefits, see "How Security Analyzer Helps You" on page  . For more information about deploying agents, see the User Guide.

What Security Analyzer Provides

Security Analyzer provides peace of mind. From a single console, you can analyze computers across your enterprise on demand or at scheduled intervals. You can use these scan results to generate comparative reports, recommend fixes, and prioritize a response.

To accommodate the dynamic environment of security threats, Security Analyzer offers flexible deployment options, extensive automation features, an outstanding selection of customizable reports, and the most comprehensive test library available. NetIQ Corporation provides secure, digitally signed tests that detect many vulnerabilities on computers running Windows, Solaris, or Linux. You can configure scheduled scans that automatically generate and distribute custom reports. In addition, Security Analyzer uses an open and extensible architecture, allowing you to develop and deploy your own vulnerability tests. With this full set of features, you can set up Security Analyzer once and then let it run independently as a service.

Security Analyzer incorporates information from the latest security advisories, providing links to security bulletins, available patches, and other industry resources. Security Analyzer also automatically keeps its test library up-to-date so you continue scanning for the latest known vulnerabilities. NetIQ Corporation regularly develops new tests to address new vulnerabilities, providing rapid and accurate responses. With Security Analyzer, you can proactively protect your enterprise from malicious exploits that could cost you expensive downtime, lost revenue, or a damaged reputation.

Complete and Accurate Vulnerability Assessment

Security Analyzer identifies your potential security vulnerabilities and tells you how to prevent security breaches. With Security Analyzer, you can take advantage of the following key vulnerability assessment features:

Use the most comprehensive test library available

Security Analyzer tests for and detects vulnerabilities and provides regular updates that include tests for the latest discovered vulnerabilities. NetIQ Corporation provides ongoing security bulletin analysis and prepares tests for the latest known vulnerabilities. The exclusive AutoSync update service automatically speeds new tests to your library on demand or on a regular schedule.

Cross-reference standard vulnerability identification systems

Security Analyzer provides tests that are certified with digital signatures and fully cross-referenced. Security Analyzer responds to advisories from the following respected security advisory standards:

Mitre Common Vulnerabilities and Exposures (CVE)

Microsoft Bulletin ID

BugTraq

CERT Coordination Center (CERT /CC)

Pinpoint the service pack or update you need

Security Analyzer provides smart links that direct you to the Web site with the right service pack, update, or patch for the current operating system version or software installed on your computers. The intelligent links also bypass obsolete or superceded patches, directing you to the most current update, simplifying the corrective process.

Automated and Customized Workflows

By automating your vulnerability assessment and audit workflows, you provide administrators with proactive command of their enterprise security. By streamlining and customizing your processes, you can save time and resources once spent on exhaustive research, repetitive tasks, and manual distribution of security information. With Security Analyzer, you can take advantage of the following key automation and customization features:

Automate vulnerability assessment and report distribution

Security Analyzer performs scans at scheduled intervals or on demand, automatically producing and distributing a wide variety of customizable reports for IT professionals, managers, or auditors. Comparative reports let you easily assess your security policy compliance and progress. You can post reports to your intranet, email them to your Inbox, or view them from a remote computer using a browser.

Automate security policy enforcement

Security Analyzer integrates with Security Manager to provide an automated risk alert solution. If a computer reports vulnerabilities that exceed your acceptable risk threshold, Security Manager responds with alerts, email notification, or direct action to immediately secure your enterprise. Security Manager can also alert you if your vulnerability test library is not updated within specified time limits.

Flexible and Scalable Deployment

Security Analyzer provides the flexibility and scalability you need to optimize performance and convenience. With Security Analyzer, you can take advantage of the following key deployment features:

Use network-based and host-based scans across platforms

Security Analyzer scans servers or workstations with network-based scans or comprehensive host-based scans. Innovative network-based scans illustrate how a hacker views your enterprise. Host-based scans provide distributed processing for faster scanning and encrypted data transmission for enhanced security.

Provide Web access to scheduled scans and reports

Security Analyzer lets you provide Web access to scan logs and reports to authenticated users on your network.

Host your own AutoSync server

Security Analyzer lets you set up one AutoSync library update server to retrieve updates from NetIQ Corporation. Other consoles and agents can update their test libraries from that server, reducing exposure to the Internet.

Open and Extensible Architecture

You can customize and extend Security Analyzer by developing your own tests and integrating these vulnerability assessments with your existing in-house tools. With Security Analyzer, you can take advantage of the following key architectural features:

Use the platform for security testing and extensible architecture

The Software Development Kit (SDK) allows you to easily customize Security Analyzer to meet your unique security challenges by integrating your own security expertise with the automation and flexibility of Security Analyzer scanning. With the SDK, you can create vulnerability test scripts in Perl, Visual Basic .NET, JScript .NET, C, or C++.

Export to XML for use in any database or reporting tool

You can export test information and scan data in XML format, and then import the information into any database or reporting tool. From this custom data, you can produce reports that merge results from many business sites into a comprehensive company-wide security report. You can also produce corrective action reports for each computer, complete with detailed instructions. With this unique export-to-XML feature, Security Analyzer lets you analyze and tailor your data for your exact needs.

How Security Analyzer Helps You

Your enterprise is secure only if you know which holes to plug. Security Analyzer identifies these vulnerabilities and tells you how to resolve them. With this knowledge, you can secure your enterprise and your company.

When you first start Security Analyzer, you can immediately begin scanning your network for vulnerabilities. Out of the box, Security Analyzer provides several predefined scan profiles that enforce standard security policies. As your security model matures, you can customize these profiles and policies, adding the tests that best reflect your security needs.

With Security Analyzer, you do not need to learn multiple products and processes to accurately assess and correct vulnerabilities across platforms. You can enforce and monitor ongoing security compliance with comparative reports and automated workflows. With progressive reports, you can proactively prevent network outages, avoiding the considerable cost of reactive research and repair. Security Analyzer lets you focus on protecting valuable business assets and maintaining your competitive advantage.

Protect Valuable Business Assets

Without a vulnerability assessment solution, your enterprise and business data are at risk. Let Security Analyzer help lock down your enterprise against exploits by disgruntled employees or malicious hackers with the most comprehensive vulnerability scanning and reporting available. With Security Analyzer, you can use predefined network-based and host-based scan profiles to immediately start securing valuable information and revenue streams.

The most cost-effective approach to protecting your business assets is to eliminate known security vulnerabilities before intruders can breach your network. Security Analyzer helps you prevent attacks, protect your critical systems, and secure your valuable information.

Reduce System Outages

Whether you are managing Internet, intranet, extranet servers, or even internal file and application servers, you face a constant barrage of security threats. Security Analyzer provides the features you need to identify and eliminate vulnerabilities that could allow such threats to become disasters. Security Analyzer provides links to the most current upgrades and patches available, and uses industry standards to cross-reference vulnerabilities so you can identify the exact issue to correct.

The number of new vulnerabilities found each year is growing at a tremendous rate, and the costs associated with finding and fixing widespread vulnerabilities can drain IT groups. Security Analyzer helps you prevent security issues, and the associated costs, by identifying vulnerabilities you can correct before they become breaches. Security Analyzer supplies detailed correction instructions to help you close the door on attackers, prevent expensive outages, and meet the five nines of availability (99.999%).

Ensure Audit Compliance

With Security Analyzer, you can obtain the level and type of information you need to verify that your security policies are enforced. Security Analyzer produces comprehensive audit reports that can be used by a number of audiences, including the following security-conscious personnel:

Security analysts can review detailed vulnerability reports to prioritize and correct security vulnerabilities before breaches can occur.

Administrators can examine comparative reports to determine what vulnerabilities exist and which have been corrected, making it easy for you and your auditors to track improvements.

Executives can receive summarized reports to evaluate security across the company.

Security Analyzer seamlessly integrates into your existing security audit process. You can easily set up several automatic scans that routinely enforce your security policies and distribute reports for each vulnerability assessment. For example, you can schedule Security Analyzer to automatically scan your network and deliver reports to an intranet site. With Security Analyzer, you configure less but comply more.

Proactively Address New Vulnerabilities

You need the latest security bulletin advisories to secure your enterprise but may not have time to research each one. NetIQ Corporation monitors the most respected security advisory services for you and evaluates all the bulletins. Then, NetIQ Corporation responds immediately, providing tests to detect the latest vulnerability and instructions about how to resolve these security issues. The automatic update service directs these tests from our lab to your library.

By proactively addressing vulnerabilities, you can reduce the time and effort you spend researching new vulnerabilities as well as the time and effort spent reacting to discovered issues. You can relax, confident that your enterprise is secure.

Meet Your Unique Requirements

Security Analyzer provides the power and flexibility you need to address your unique security requirements. You can deploy Security Analyzer using host-based or network-based scans for Windows computers or network-based scans for Solaris and Linux platforms. You can integrate your in-house security expertise with Security Analyzer to detect vulnerabilities unique to your environment. And you can quickly tailor Security Analyzer reports to target different audiences such as IT professionals, managers, or auditors.

In addition to its large number of vulnerability checks and its multi-platform support, Security Analyzer gives you the ability to create your own vulnerability tests. Through an open architecture that includes a platform for security testing, you can develop tests suited to the unique security requirements of your enterprise. For more information about creating custom tests, see the Programming Guide.

Understanding the Evaluation Process

The remaining chapters in this book guide you through installing and evaluating Security Analyzer. Following the steps in this book, you can quickly install Security Analyzer and immediately begin realizing the benefits this product provides. Follow the guided tour to explore several important features.

When you complete this process, you should understand how to use Security Analyzer to meet your vulnerability assessment needs. You should also be familiar with many of the significant benefits Security Analyzer can offer you, your staff, and your organization.

NetIQ Corporation offers a full range of security-related products that address multiple enterprise management needs, from tracking ACL inheritance to ensuring your Active Directory data is secure at the object level. When combined with Security Manager, Security Analyzer provides a powerful vulnerability assessment solution that is integrated with real-time incident management and intrusion detection for Windows-centric enterprises. For more information about other NetIQ products, see the NetIQ Web site at www.netiq.com or contact your NetIQ representative.

Installing Security Analyzer

For this product evaluation, install Security Analyzer on a computer in a test environment that is running Windows 2000 Service Pack 3 or later. The following sections outline the requirements for the evaluation computer and describe the evaluation installation process.

Requirements

The test environment in which you install Security Analyzer must meet the following minimum requirements:

Component

Requirement

Evaluation Computer

133MHz CPU or higher, 500MHz recommended
64MB RAM minimum, 256 MB recommended
160MB disk space
Monitor with 800x600 Resolution with 256 Colors
Windows 2000 Server Service Pack 3 or later or Windows 2000 Professional

Network

TCP/IP protocol, DNS enabled

Internet Browser

Microsoft Internet Explorer 4.0 or later

The user account you use to log on to the evaluation computer and run Security Analyzer must have the following permissions on that computer:

Read permissions for registry values

Read permissions for all administrative shares

By default, members of either the Domain Admins group or the local Administrator group have these permissions.

For simplicity, the remainder of this guide assumes you are evaluating Security Analyzer on a Windows 2000 host computer. Other installation configurations may have additional requirements. For more information about installation requirements, see the User Guide.

Preparing for Your Evaluation

Before you install and evaluate Security Analyzer, ensure your test environment meets the requirements and allows you to fully participate in the feature demonstrations.

To prepare for your evaluation:

Ensure that your test environment supports the product requirements. For more information about product requirements, see "Requirements" on page  .

Check the permissions and properties of the LocalSystem account.

One of the feature demonstrations uses this account to run the Security Analyzer Scheduler as a service. Ensure that the LocalSystem account has these permissions:

Act as part of the operating system

Allow service to interact with desktop

Log on as a service

Log on locally

Create a folder to store Security Analyzer data.

To fully participate in the feature demonstrations, create a folder on the local hard drive of your evaluation computer. During the feature demonstrations, you will set Security Analyzer to store scan schedules and reports in this folder.

Ensure that your user account has an associated mailbox.

One of the Security Analyzer feature demonstrations sends an email notification to the person performing the demonstration. To view this email message, enable a mailbox for your evaluation user account. Ensure the mailbox is SMTP or MAPI compliant.

Installing Security Analyzer

Installing Security Analyzer is easy and fast. The standard setup does not require agents. For more information about installing and using agents, see the User Guide.

Tip

During the installation, you can update the test library from the NetIQ AutoSync Web site. This process ensures you are scanning your evaluation computer with the latest available tests. This update may take a few minutes.

To install Security Analyzer:

Ensure you have prepared your test environment for the product evaluation. For more information about this process, see "Preparing for Your Evaluation" on page  .

Log on with an administrator account to the Windows 2000 evaluation computer.

Run Setup.exe in the root folder of the installation kit.

Notes

When you place the CD in the drive, the setup program should start automatically.

To install Security Analyzer through a Windows Terminal Services session, run the setup program through the Add/Remove Programs application in Control Panel.

Click Check Version on the Setup tab of the setup program. This compares the product version in the installation kit with the newest available product version on the NetIQ Web site.

Click Begin Setup on the Setup tab

Review the terms of the License Agreement. If you agree to the terms of the License Agreement, click Accept.

Click Install purchased software, and then click Next.

If you are installing Security Analyzer on a Windows 2000 computer, Setup displays a window that reports Windows 2000 is detected. Read the message and implement the steps it suggests. Click Next.

If the Microsoft .NET Framework is not installed, Setup displays a window reporting that the Microsoft .NET Framework is not detected and that is required to run Security Analyzer. To install the Microsoft .NET Framework, click Next

Click OK and then follow the steps to install the Microsoft .NET Framework.

When the Microsoft .NET Framework installation is complete, click OK.

Specify the folder in which you want to install Security Analyzer, and then click Next.

Type the provided trial serial number in the New License Number field, and then click Add License.

Click Next.

Review the summary window, and then click Next.

Select Program and program files, and then click Next.

Click Next.

Select whether to update the Security Analyzer test library:

To update the Security Analyzer test library now, click Yes to run the AutoSync service. When the process is complete, click Close.

To update the Security Analyzer test library later, click No.

a Specify a default set of computers to scan using the following controls, or click Skip to use the alias localhost as the default computer to scan:

Starting IP address

Ending IP address

Host name

b To continue, click OK.

After setup is complete, click Finish and close the browser window.

Licensing Considerations

Each trial license requires a unique serial number. To use Security Analyzer, you must submit this serial number. If you downloaded Security Analyzer from the NetIQ Web site, use the serial number included in the NetIQ Product Registration email sent by NetIQ Technical Support. If you are installing Security Analyzer from the CD, use the serial number included with the evaluation kit. The trial license for Security Analyzer expires 14 days after activation. For more information about additional licensing options, contact your NetIQ Sales Representative.

Guided Tour

This chapter guides you through a quick tour of the Security Analyzer user interface and then presents feature demonstrations to illustrate the power and scope of Security Analyzer.

Starting Security Analyzer

The setup program creates a desktop shortcut for Security Analyzer. You can use this shortcut to start Security Analyzer from your desktop or you can click NetIQ Security Analyzer in the NetIQ Security Analyzer program group.

Quick Tour

The Security Analyzer user interface consists of the main console window, the Scan Viewer, the Scheduler, the Report interface, the command-line interface (CLI), and the Software Development Kit (SDK). The main console provides access to all Security Analyzer features and user interfaces except the CLI and the SDK. For more information about the CLI, see the User Guide. For more information about the SDK, see the Programming Guide.

This quick tour guides you through the console window and the Scan Viewer. The feature demonstrations address additional interfaces.

Console Window

The Security Analyzer console window provides a single point of reference for all your vulnerability assessment tasks. From this window, you can perform and schedule scans, create profiles and policies, generate reports, and set configuration options. The following figure shows some of the Security Analyzer features and navigation tools.

The console window provides a number of navigational tools to help you quickly perform vulnerability assessment tasks:

Menu bar

Provides access to Security Analyzer functions.

Toolbar icons

Provide quick access to features, such as the Report interface, Scheduler, and Scan Viewer.

Profile list

Displays the pre-defined profiles, their associated policies, and the set of hosts to scan.

Description and test policy

Provides description of the selected profile, the associated policy, and some additional information to help you identify the selected profile.

Scan Viewer Window

When you click the Scan icon on the console window toolbar, Security Analyzer prompts for a new or previous scan and then displays the Scan Viewer window.

The Scan Viewer window provides a number of navigational tools and features to help you quickly understand the results of your vulnerability assessment:

Menu bar

Provides access to Security Analyzer features related to scanning.

Toolbar icons

Provide quick access to features such as the Report interface, search, and Help.

Selected scan

Displays the name, date, and timestamp of the selected scan.

Scan progress

Displays the progress of the selected scan. The progress indicator tells you the scan status.

Tree sort tabs

Let you sort the results of the vulnerability scans by hosts, vulnerabilities, services, or other items into a convenient and easy-to-navigate tree view. The Scan Viewer window displays the tree view on the left and a details pane on the right. Select an item in the tree to view details about child items in the right pane.

Status and description tabs

Display scan status, scan summary, host information, vulnerability description, and fix instructions.

Summary bar

Displays the number of high risk (red icon), medium risk (orange icon), and low risk (yellow icon) vulnerabilities detected in the current scan for at-a-glance security status. Also displays the scan duration.

Feature Demonstrations

This guided tour explores several vulnerability assessment features available through the console window. These feature demonstrations illustrate the range and flexibility Security Analyzer can provide, from performing out-of-the-box scans to setting up remote access through a Web server.

Tip

The guided tour performs a host-based scan of your evaluation computer and then uses the vulnerability assessment results to demonstrate several features. You can expand this tour by scanning computers across your enterprise. To scan additional computers, you can create a new scan profile that specifies computers by individual IP addresses, ranges of IP addresses, or computer name.

Performing Scans with Predefined Profiles

When you first start Security Analyzer, you can immediately begin scanning your network for vulnerabilities. Predefined profiles give you a quick and easy way to implement common security policies.

For example, to scan your host computer using tests for high-risk vulnerabilities, you can select the predefined Full network-based Analysis profile. This profile includes a predefined security policy that specifies which tests your scan will use.

To start a scan:

On the Security Analyzer tab, select the predefined profile you want to use for your scan. For this demonstration, click Full Network-based Analysis.

Click Scan.

Security Analyzer opens the Scan Viewer window and displays the scan results through an Explorer-like interface. You can use the vulnerability descriptions and links to security resources to fully understand each security issue. You can use the suggested fixes to immediately address the vulnerability. Each scan offers the following valuable information:

Prioritizes found vulnerabilities by degrees of risk (high, medium, or low) so you know which issue to address first

Includes straight-forward descriptions that link to related security bulletins, industry standards, and knowledge base articles so you can easily understand the issue

Provides links so you can download and install available patches, service packs, and updates, to quickly fix your security issue and maintain compliance

For example, a critical scan on a host computer that has not yet been secured may uncover dozens of violations and vulnerabilities, as shown in the following figure.

For each detected vulnerability, Security Analyzer provides detailed instructions on how to correct the issue and strengthen your security. Simply select the vulnerability you want to address, and then click the Fix tab.

When the scan is complete, the results are stored automatically in a scan database. From the Scan Viewer window, you can publish the scan results by generating a report. You can choose from a variety of report styles to meet your needs.

Creating a Custom Report

The Report interface allows you to save and distribute vulnerability reports from your scans. When creating a report, you can define the report style and contents, and then generate the report based on this specification.

Security Analyzer provides several predefined report templates so you can immediately distribute vulnerability assessments and use scan information in your audit process. Security Analyzer also lets you use these templates to define custom reports. You can define a custom report by specifying the report type, format, distribution method, style, and contents.

To create a custom report for the current scan:

Click Report on the Scan Viewer window.

Select the appropriate report in the Memorized Report list box. For this demonstration, select Complete Security Report (HTML).

On the Type tab, click Scan Report to create a report for the current scan.

In this case, you are creating a Complete Security Report for the scan you just performed. Security Analyzer will format this report as an HTML file, using the default style. You can choose any style you want. For example, you can use the Style Editor to define a custom report style for your specific needs. Security Analyzer provides a style wizard that guides you step-by-step through creating a new style.

On the Content tab, select the sections or content categories you want to include in this report.

Because you selected a complete report, Security Analyzer includes all available sections by default. You can determine which data you need and tailor the report contents accordingly by including only those sections you want.

To save your specifications as a new report template, click Memorize.

Type My Complete Security Report (HTML) in the Description field, and then click Save.

To generate this report, click Start.

Once you save your custom report, you can configure Security Analyzer to automatically generate and distribute this report when Security Analyzer performs the associated scan.

Setting Automatic Distribution of Reports

Security Analyzer lets you automatically distribute reports by saving report files to a network share, emailing report files to a distribution group or an individual, or posting report files to an FTP site. You can set up Security Analyzer so it automatically distributes the report file whenever you generate a report.

You can specify multiple distribution scenarios. For example, you can email summary reports to a distribution group of IT managers. You can email comparative reports to a distribution group of auditors. And you can save complete reports to a test depot, such as a network share, and email a copy to your operations lead. If you save the report in HTML format, you can upload it to your intranet site.

Tip

Before starting this feature demonstration, ensure that the email settings under General Options are correct. To check your email settings, click Options on the console window, click General in the left pane, and view the settings on the Email tab.

To automatically distribute reports:

If you are not currently using the Report interface, click Report on the console window.

Select the appropriate report in the Memorized Report list box. For this demonstration, select My Complete Security Report (HTML).

On the Save As/Mail To tab, select mailto.

Specify the path and file name for this report in the Save Report As text box. For this demonstration, specify the path for the folder you created and the name you want to assign to the report file.

You can also save this report to a network share. To specify a share, use the following format: \\computer name\share name\report name.

Type your email address in the email Address text box.

To save your specifications, click Memorize, and then click Save.

To fully automate report generation and distribution, you can associate a report template and scan profile with a scheduled scan event.

Scheduling Automatic Scans

Security Analyzer treats scans as events, allowing you to schedule automatic scans and log the scan status. You can automate and monitor your entire vulnerability assessment workflow.

When you schedule a scan, you associate the event with a scan profile and a report template. When Security Analyzer performs the scheduled scan, the Scheduler runs the appropriate tests on the computers specified by the profile. The Scheduler then uses the specified report template to automatically generate and distribute the vulnerability assessment results. Security Analyzer ensures that the right people get the right data at the right time.

To schedule automatic scans:

Click Scheduler on the console window.

Click Add on the Scheduled Events tab.

Select a scan profile in the Profile list box. For this demonstration, select Full Network-based Analysis.

Specify the time and date Security Analyzer should begin the first scan. For this demonstration, select the next hour and today's date.

Specify the interval at which Security Analyzer should repeat the selected scan. You can specify any interval from minutes to months. For this demonstration, select 1 Days.

Click Next.

Select the appropriate report in the Memorized Report list box. For this demonstration, select My Complete Security Report (HTML).

Security Analyzer displays the distribution settings specified in the report template.

Click Next.

Clear the Pre-processing option, and then click Next.

This option tells Security Analyzer to run an application or batch file executable before running the scan. For example, you can use this option to automatically ensure that the folder in the specified report path has the correct permissions. If the folder does not have the correct permissions, you can specify a different report path.

Clear the Post-processing option, and then click Next.

This option tells Security Analyzer to run an application or batch file executable after running the scan. For example, you can use this option to automatically delete reports that are more than a week old.

Specify the priority for the selected scan when your evaluation computer processes this event. For this demonstration, select Normal priority.

Click Finish to schedule this scan and close the wizard window.

Security Analyzer lets you take this automation further. For example, you can run Security Analyzer as a service. You can also establish Web access to scheduled scans, allowing you to remotely monitor scan status and view reports.

Running Security Analyzer as a Service

You can run Security Analyzer as a service. This configuration allows Security Analyzer to automatically scan your network for vulnerabilities and distribute the analysis reports without any intervention from you. When Security Analyzer runs as a service, it runs the Scheduler as a stand-alone background task. You do not need to be logged onto the computer. The Scheduler manages your vulnerability assessment workflow, performing scheduled scans and then generating and distributing the specified reports. This flexibility increases the productivity of your IT staff and lets them focus on strengthening and maintaining your enterprise security.

Tip

Before starting this feature demonstration, check the event list on the Scheduled Events tab in the Scheduler window to ensure no scheduled scans are in progress. Also ensure the LocalSystem account has the appropriate permissions. For more information about required permissions, see "Preparing for Your Evaluation" on page  .

To run Security Analyzer as a service:

If you are not currently using the Scheduler, click Scheduler on the console window.

Click Service

If you want to run the Scheduler service with an account other than LocalSystem, type the user name and password of the preferred account in the Username and Password fields. For this demonstration, leave these fields blank.

Click Start Service.

You can easily monitor the Scheduler service locally through Security Analyzer or remotely through the Remote Scheduling server. The Remote Scheduling server provides access to the Scheduler through a Web server. With this feature, you can check scheduled scans and view reports using a standard browser interface from any Web-enabled computer.

Providing Remote Access

Security Analyzer lets you remotely access scans and view reports. This remote scheduling feature allows you to monitor your vulnerability assessments and troubleshoot results from any location at any time.

When you enable remote scheduling, you allow Security Analyzer to use the evaluation computer as a Web server. This Web server is called the Remote Scheduling server. Once the Remote Scheduling server is enabled, you can use the IP address assigned to your evaluation computer to remotely access the Scheduler features. This Web-based interface is called the Remote Scheduling Center.

Tip

Before starting this feature demonstration, ensure the Scheduler is running as a service. For more information about running the Scheduler as a service, see "Running Security Analyzer as a Service" on page  .

To provide remote access:

If you are not currently using the Scheduler, click Scheduler on the console window.

Click Remote Scheduling

Select Enable Remote Scheduling Server.

To access the Remote Scheduling server through any IP address assigned to this computer, complete the following steps:

a Select Bind all IP addresses.

b Type the port number in the Port field.

To maintain a log of the Remote Scheduling server activities, complete the following steps:

a Select Enable logging of Server activities.

b Specify the path and file name for this log in the Log Save As Path text box. For this demonstration, specify the path for the folder you created and the name you want to assign to the log file.

You can also save this report to a network share. To specify a share, use the following format: \\computer name\share name\log name.

Click Start Server.

Click Close to close the Scheduler window.

You can access the Remote Scheduling Center from any Web-enabled computer. To access the Remote Scheduling Center, use the following URL format: https://IPAddress:PortNumber. For example, if the IP address of the evaluation computer is 206.58.83.195 and the port number is 99, type https://206.58.83.195:99 in the address field of your browser. To log on, enter the user name and password of a valid network account.

The Remote Scheduling Center provides an easy-to-use interface, as shown in the following figure.

Using the Remote Scheduling Center, you can quickly and easily monitor your vulnerability assessments. You can perform the following tasks:

Check pending scans

Start a scheduled scan

Verify the status of a scan

View reports for completed scans

The Remote Scheduling Center also allows you to troubleshoot scan issues. For example, if a scan results in an error, you can view the event details to determine why it failed, as shown in the following figure.

This remote scheduling feature provides convenience and flexibility. By implementing the Remote Scheduling server, you can remotely access Security Analyzer to track vulnerability resolutions and monitor policy enforcement without compromising the security of your Web site.

Feature Tour Summary

As you have seen, Security Analyzer addresses a full range of vulnerability assessment needs and issues. With Security Analyzer, you can harness the following solutions:

Start securing your enterprise with little or no configuration, achieving immediate benefit and return

Customize every aspect of the vulnerability assessment process

Completely automate your vulnerability assessment and audit workflows

Remotely access your scans through a secure Web server so you can safely and easily monitor your enterprise security from any location

Security Analyzer provides the flexibility and power you need to effectively secure and manage your enterprise.

Removing Security Analyzer

After you have evaluated Security Analyzer, you may want to remove the program files and test data from your evaluation computer.

To uninstall Security Analyzer:

Run Add/Remove Programs on the Control Panel window.

Select NetIQ Security Analyzer, and then click Change/Remove.

Click OK.

Select Automatic on the Select Uninstall Method window, and then click Next.

Click Finish on the Perform Uninstall window.

Evaluation Criteria Checklist

This chapter provides evaluation criteria checklists to help you evaluate Security Analyzer and compare it to other products. Each item in the checklist identifies a feature.

Using a scale of 0 to 5, rate how significant each feature is in your environment. Next, rate how well the feature is implemented in Security Analyzer and the other product. Then, calculate the weighted score for each product feature by multiplying the item significance by the product score.

Complete Vulnerability Assessment

The following vulnerability assessment features accurately identify and locate potential security issues across your enterprise.

Item Description

Item significance score (0-5)

SA score (0-5)

Other product
score (0-5)

SA weighted
score (0-25)

Other product weighted score (0-25)

1. Cross-references detected issues using vulnerability ID standards, such as CVE, CERT /CC, and BugTraq.

2. Draws knowledge from entire security community expertise.

3. Scans on demand or on schedule.

4. Checks operating system files, application files, routers, services, TCP/IP, DNS and NetBIOS, ports, Windows registries, user permissions, encryption settings, and more.

5. Provides ability to customize tests to meet your specific security requirements.

6. Provides predefined scan profiles and security policies.

7. Links to upgrades and patches, bypassing unnecessary updates.

8. Supplies instructions for correcting vulnerabilities, with direct links to security bulletins and service packs.

9. Prioritizes risks so you can immediately address the highest risks and schedule corrective actions for lower risk vulnerabilities.

10. Provides more than 2,300 tests for Windows, Solaris, and Linux.

11. Receives automatic updates to detect the latest security vulnerabilities.

Flexible and Scalable Deployment

The following flexible and scalable deployment features ensure that you can easily integrate Security Analyzer into your existing environments.

Item Description

Item significance score (0-5)

SA score (0-5)

Other product
score (0-5)

SA weighted
score (0-25)

Other product weighted score (0-25)

1. Scans computers running Windows, Solaris, or Linux.

2. Supports most comprehensive set of Windows-based platforms available, from Windows 95 to Windows XP.

3. Runs host-based scans or network-based scans (with or without agents).

4. Lets you host a centralized test library update server.

5. Provides Web-based remote access to scheduled scans and reports.

6. Uses efficient rules-based testing.

7. Lets you configure computer scans using ranges of IP addresses or ports.

8. Distributes workload and improves vulnerability searches with agents.

9. Runs Security Analyzer as a service.

Full Product Customization

The following customization features allow you to configure Security Analyzer to meet your unique needs.

Item Description

Item significance score (0-5)

SA score (0-5)

Other product
score (0-5)

SA weighted
score (0-25)

Other product weighted score (0-25)

1. Allows scheduled updates of built-in test library.

2. Provides summarized, detailed, and comparative report templates for different audiences.

3. Allows full customization of reports.

4. Allows full customization of scan profiles.

5. Allows full customization of security polices and predefined tests.

6. Provides a platform for security testing so you can develop custom vulnerability tests.

7. Compiles reports in Microsoft Word or HTML format.

8. Exports to XML so you can integrate vulnerability assessments into existing databases.

9. Exports scan data to any reporting tool.

Full Product Automation

The following automation features provide peace of mind by ensuring security policies are enforced, audit reports are generated, and issues are addressed.

Item Description

Item significance score (0-5)

SA score (0-5)

Other product
score (0-5)

SA weighted
score (0-25)

Other product weighted score (0-25)

1. Schedules scans as events that occur automatically at regular intervals.

2. Generates reports automatically.

3. Distributes reports automatically.

4. Updates built-in test library automatically to ensure most current tests and advice.

5. Integrates with NetIQ Security Manager to further automate security issue management and vulnerability resolution.

6. Runs Security Analyzer as a service.

Key Features at a Glance

This chapter highlights the important benefits of Security Analyzer and itemizes the key features that work together to offer these benefits. The following attributes set Security Analyzer apart from other vulnerability assessment products:

Simple

Provides features that are easy to install, deploy, and use.

Open

Provides scriptable interfaces that support familiar languages, such as Perl and Visual Basic .NET so you can easily interact with other data sources or develop proprietary tests that enforce company-specific security policies.

Comprehensive

Provides many tests, multi-platform support, and detailed analyses so you are always fully armed against potential threats.

Flexible

Lets you scale and customize the product to meet your dynamic security needs.

Efficient

Lets you automate your entire vulnerability assessment workflow.

Secure

Ensures you have the exact information you need to strengthen your enterprise security.

Eliminate Vulnerabilities

Built-in Test Library

Includes more than many tests, providing the most complete vulnerability assessment data on the market

Supports multi-platform environments so you can use a single vulnerability assessment solution across your enterprise

Updates automatically through the AutoSync feature so you are always working with the most current tests and data available

Predefined Scans and Reports

Allow you to start securing your enterprise with little or no configuration, providing immediate benefit for you and your company

Include comprehensive data, such as vulnerability descriptions, links to industry resources, and degrees of risk, so you can fully understand the issues

Provide complete instructions on how to correct vulnerabilities, with links to the latest upgrades, service packs, and patches, so you know exactly how to secure your enterprise

Become building blocks you can use to strengthen and expand your security model as your enterprise grows and matures

Allow you to quickly implement vulnerability assessment testing as part of your daily security maintenance routine, so you can immediately begin monitoring the changing threats to your environment

Meet Your Unique Requirements

Extensible Open Architecture

Allows you to customize tests in the Security Analyzer test library, changing the product scope as your security policies change

Integrates with existing in-house test library so that you can incorporate internal expertise, enforce company security policies, and address custom configurations

Provides a platform for security testing so you can develop new tests tailored to your specific security needs

Integrates with existing knowledge database by exporting vulnerability assessment data to XML

Scalability

Operates either with or without agents, increasing scalability across large enterprise deployments

Allows remote Web-based access to scheduled scans and the associated reports so you can monitor your enterprise security

Lets you establish a centralized test library server, which you can automatically update through AutoSync

Runs Security Analyzer as a service, providing round-the-clock analysis and report distribution as an automatic background task

Custom Reports

Allow you to create custom report templates that specify the style and content for each audience or data set

Provide several automatic distribution options so you can deliver vulnerability assessments immediately, allowing your IT staff to respond as quickly and effectively as possible

Web-Based Remote Access

Monitors status and reports for scheduled scans while you let Security Analyzer run as a service

Provides immediate, secure access to vulnerability assessment data regardless of your location

Reduce IT Costs

Scheduled Scans

Allow you to schedule scans at specific intervals, ensuring ongoing enforcement of your security policies and optimal network performance

Allow you to schedule different scans at different times, so you can more effectively allocate IT resources, maintain productivity, and meet your goals

Automatic Report Generation and Distribution

Allow seamless integration into your established vulnerability assessment and auditing workflows so you do not need to revisit processes, retrofit tests, or reconfigure existing tools

Ensure timely responses to detected vulnerabilities so you can avoid system outages and the associated costs

Ensure audit compliance by providing regular, comparative reports, so you can better manage security across the company


Document Info


Accesari: 1923
Apreciat: hand-up

Comenteaza documentul:

Nu esti inregistrat
Trebuie sa fii utilizator inregistrat pentru a putea comenta


Creaza cont nou

A fost util?

Daca documentul a fost util si crezi ca merita
sa adaugi un link catre el la tine in site


in pagina web a site-ului tau.




eCoduri.com - coduri postale, contabile, CAEN sau bancare

Politica de confidentialitate | Termenii si conditii de utilizare




Copyright © Contact (SCRIGROUP Int. 2024 )