1 / 31

Foundstone Scanner

Foundstone Scanner. User Training. Observation. There are few (if any) funny cartoons about network vulnerability scanning. Observation. There are few (if any) funny cartoons about network vulnerability scanning … so make fun of Powerpoint. Why scan?.

fleur-french
Download Presentation

Foundstone Scanner

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Foundstone Scanner User Training

  2. Observation • There are few (if any) funny cartoons about network vulnerability scanning

  3. Observation • There are few (if any) funny cartoons about network vulnerability scanning • … so make fun of Powerpoint

  4. Why scan? • Know what the Bad Guys (as well as students and other interested parties) see when they look at your machines • Identify machines you are responsible for that managed to avoid your best attempts to patch them • Interesting Factoid: A recent campus scan identified over 50 machines that were vulnerable to Conficker because of a missing patch • Address audit points from our last audit

  5. Scanner Info • Foundstone FS-1000 appliance • Accessed via web browser • Licensed for 2500 addresses • Currently has over 500 addresses from the border exemption database • No interior firewall addresses at this point

  6. The Plan • Allow colleges/departments to scan their own machines, reduces dependency on ITSO and better utilizes the FS-1000 • Individuals identified from each of the major constituent groups (colleges, auxiliaries, departments) • ITSO will provide FS-1000 credentials to designated users

  7. Using the FS-1000 scanner • Use Internet Explorer to connect to: https://eclipse.sdsu.edu • FS does not support Firefox. Sorry, *nix folks. Don’t know about Safari. • May need to allow pop-ups and javascript from the FS-1000. • Portions of the FS-1000 written in java run on the client.

  8. Let’s get started • https://eclipse.sdsu.edu • Organization: sdsu • Credentials as assigned

  9. Security 101: Change your password! (1) • Menu Bar: Manage >> Users/Groups

  10. Security 101: Change your password! (2) • Select Run if you get a Java version alert about earlier version required • Drill down in the tree to your workgroup and user object • Open your user object • Set a new password (letters, digits, special characters) • DO NOT CHECK LOCKED!

  11. Create a new scan (1) • Menu Bar:Scans >> New Scan • Start with a template, select “Use a Foundstone template”

  12. Create a new scan (2) • Choose the SDSU General Purpose template • Covers most systems on campus, non-intrusive

  13. Create a new scan (3) • IP Selection box uses java, choose Run if you get the Earlier Version alert • Name your scan • Add IP addresses from your assigned address pool • Next>> or Settings

  14. Create a new scan (4) • May not need to change anything • Can select or deselect entire platform • Intrusive is not selected, know what you’re doing before using it • Next>> or Reports

  15. Create a new scan (5) Other Settings • Hosts: Ports that FS uses to determine whether a host exists • Services: Ports that FS uses when searching for known services • Credentials: Used for Shell scans and most Windows scans • Web Module: Can look for various web security issues • Optimize: Modify engine settings

  16. Create a new scan (6) • Remediation Tickets are not implemented, uncheck • Use Internal Scan unless you know that only border-exposed ports will be scanned • Recommend: PDF (downloadable), HTML (downloadable and viewable online) • Next>> or Scheduler

  17. Create a new scan (7) • Choose One Timeor Recurring • Active must be checked in order to run the scan. Inactive scans will be saved, but can’t be run. • OK finishes the Scan creation process.

  18. Deep Cleansing Breath • We have a scan, now what?

  19. Tech Support Tip

  20. Start or Edit an existing scan • Menu Bar:Scans >> Edit Scans • Important Safety Tip: Delete removes all associated reports and vulnerability data • Click Activate to start a saved scan

  21. Edit a scan • Editing is nearly the same as creating a new scan. • Can’t change the name of a scan.

  22. Monitoring scan progress (1) • Menu Bar: Scans >> Scan Status

  23. Monitoring scan progress (2) • Status does not auto-refresh, use the Refresh button • Often seems to hang at 50% - be patient

  24. Let’s see the results (1) • Menu Bar: Reports >> View Reports

  25. Let’s see the results (2) • Shows the report engine progress • 75% always seems to take a looooong time, not just WPS (Watched Pot Syndrome)

  26. Let’s see the results (3) • Whoops, where’d the report go???

  27. Let’s see the results (4) • Click “Scan Reports” and it shows up • View Report (HTML only) and Download icons for selected formats (downloads can be slow)

  28. The Report (1) • New IE window

  29. The Report (2) • In IE, View >> Text Size >> Medium

  30. The Report (3) • Access the various sections of the report via the Report Pages menu

  31. </powerpoint><humor class=‘random geek bad’> </humor> <demo class=‘foundstone live’ />

More Related