1 / 24

SAINTmanager Overview

SAINTmanager Overview. Mark Keppinger Mark.Keppinger@OregonState.EDU Senior Network Security Analyst Network Services – Network Engineering November 17, 2010. SAINT components and definitions. SAINTmanager ® - Remote Management Console SAINTnode ® - Scanner for SAINTmanager

redford
Download Presentation

SAINTmanager Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAINTmanager Overview Mark Keppinger Mark.Keppinger@OregonState.EDU Senior Network Security Analyst Network Services – Network Engineering November 17, 2010

  2. SAINT components and definitions SAINTmanager® - Remote Management Console SAINTnode® - Scanner for SAINTmanager SAINTstick® - Portable SAINTscanner and SAINTnode SAINTscanner® - Vulnerability Scanner SAINTwriter® - Report generator SAINTexploit® - Penetration Testing SAINTexpress® - Update module

  3. A Brief History SAINT® was based on SATAN • SATAN- Security Administrator Tool for Analyzing Networks, released in 1995 no updates • SAINT Corporation continued development of SATAN and release it as SAINT in July 1998 • SAINT - Security Administrator’s Integrated Network Tool

  4. What is SAINTmanager? • SAINTmanager™ is a remote management console for SAINT • One manager can control many SAINT nodes and users • Manager sends scan jobs to nodes • Nodes send scan data back to manager • OSU acquired the SAINTmanager option Summer ‘09

  5. Why SAINTmanager? • Needed an enterprise solution for OSU • Tried using N-copies of SAINTscanner • DCA’s . . . - know their environment - know when and how often to perform scans - have the credentials to validate and eliminate false-positive vulnerabilities

  6. SAINTmanager Architecture

  7. Communication • Manager communicates with nodes over a persistent connection on a TCP port • Connection is initiated when a node starts • Communication is encrypted over SSL • Default port is 1515 • Manager updates nodes

  8. User Interface • SAINTmanager only runs in remote mode • Users log in through a Web browser • Port 1410/TCP used at OSU • Can also run through Apache (or another Web server)

  9. SAINTnodeSystem Requirements • SAINTnodes requires: • A UNIX, Linux, or MAC OS • PERL • NMAP, SAMBA, OpenSSL, & OpenSSH • Optionally . . . Xprobe2, Oracle Instant Client, Crypt-PasswordMD5

  10. SAINTmanagerSystem Requirements • Same as SAINTnode, plus: • OpenSSL – for encrypting communication between manager and nodes • Perl-DBI and DBD:MySQL – for PERL to interface with MySQL • These tools are typically available as package selections from your Linux vendor

  11. Benefits of SAINTmanager Centralized management • One scan configuration can be pushed to multiple nodes • Status of scans across the enterprise can be checked from one place • Data from entire enterprise can be analyzed in a single report

  12. Benefits of SAINTmanager, continued User management • Users can be created with different roles on different nodes • Roles can be created to allow specific capabilities to be granted or denied

  13. Benefits of SAINTmanager, continued • Ticketing • Tickets can be automatically assigned to users based on a set of rules • Remediation status of each vulnerability is tracked • E-mail notification of new tickets

  14. SAINTmanager Licensing • Licensing is based on number of nodes • Limit on number of nodes is enforced by license key • Licensing of SAINT remains the same for nodes • Based on target IP addresses or networks • Manager will distribute new keys to nodes

  15. SAINTmanager Updates • Manager gets updates by SAINTexpress • Manager also caches updates for nodes • Nodes get updates from manager • At OSU a cronjob runs every Saturday at 08:00

  16. Users • A user is an individual who is allowed to log in to SAINTmanager using a unique login name • Each user can be assigned any number of roles on any number of nodes • What a user is or isn’t allowed to do is determined by his or her assigned roles

  17. Roles • A role is a set of permissions • Several default roles are included • Permissions include global and node-specific permissions

  18. Permissions • Global permissions are permissions on the manager itself • Ability to view, modify, or create users, roles, or rules • Node-specific permissions are permissions on specified nodes • Ability to view or modify hosts or tickets • Ability to run scans or view results

  19. Default Roles Four type of default roles: • Super Admin • Admin • SAINT Administrator • SAINT User OSU added role: RO – Read Only (DCA account)

  20. Super Admin Role • The Super Admin role grants full global and node-specific privileges • The default superadmin user has this role on all nodes • Assign this role to a user who is responsible for creating and managing nodes and other users

  21. Admin Role • The Admin role grants the ability to: • View and modify rules and hosts • View, modify, assign, and close tickets • Assign this role to a user who is responsible for supervising the scanning and remediation operations on a node

  22. SAINT Administrator Role • The SAINT Administrator role grants the ability to run scans and view results • Assign this role to a user who is responsible for running or scheduling scans on a node

  23. SAINT User Role • The SAINT User role grants the ability to view results and modify tickets • Assign this role to a user who is responsible for vulnerability remediation following a vulnerability scan

  24. This concludes SAINTmanager Overview Any Questions? (before proceeding to the demo and SAINTstickusage drawing) http://SaintMgr.nws.oregonstate.edu:1410 Username: DCA Password: ViewOnly Saint-Manager@lists.oregonstate.edu

More Related