CyberCop Scanner Getting Started Guide

More documents

Recommendations

Info

CyberCop Scanner in Active Security About Active Security The Active Security suite of products is an evolutionary step in enterprise security: entirely automated enforcement of network security policies. Active Security enables you to take a proactive role in protecting your network by detecting vulnerabilities and responding to them. The Active Security concept is implemented as a highly integrated family of Network Associates software components, all working in concert to automatically detect and address any security vulnerabilities in your network that would violate your organization’s security policies. The Active Security integrated product family is comprised of the following Network Associates products: • CyberCop Scanner is a network security assessment tool that can scan devices on your network for more than 700 vulnerabilities. You configure CyberCop Scanner to search for the vulnerabilities that concern you, in accordance with your security policy. We call CyberCop Scanner a sensor component because it scans the network for vulnerabilities. • Event Orchestrator receives messages from sensors on the network and then, based on your security policy, processes them and decides whether to send action messages to the Active Security actor components in response to them. You configure Event Orchestrator to respond to particular vulnerabilities in a manner that best enforces your security policies. Event Orchestrator is called an arbiter. • Gauntlet Firewall for Windows NT and Unix are the most secure firewalls on the market today. Gauntlet Firewall takes instructions from the arbiter and responds in a manner of your choosing. Gauntlet Firewall is an actor component. • Net Tools PKI Server supports secure, strongly authenticated communication among the sensor, the arbiter, and the actors by furnishing each product with X.509 certificates. The separately available McAfee HelpDesk and Magic Total Service Desk products can also be used as Active Security actors. You configure Active Security and your network to implement your security policies. Active Security takes it from there, watching your network for security holes and automatically triggering your designated response whenever it finds one, like a vigilant guardian. 1-2 Chapter 1
Benefits of Active Security CyberCop Scanner in Active Security The Internet and the increasingly complex security needs of today’s geographically distributed “virtual” corporations are pushing the limits of what a corporate IT department can be reasonably expected to handle. Network administrators are being asked to protect more and more with limited resources. Most system failures are due to user error, not product flaw or hacker attack. Security vulnerabilities are most often introduced accidentally by the very people the system administrator is trying to protect: the sometimes naive internal user. Detecting and correcting these multiplying vulnerabilities as they arise takes constant work because existing security analysis tools make it too hard to be thorough and fast enough — they generate huge amounts of data, force you to parse it all, and then it still takes a further human decision and a manual action, like running a program to shut down a network port, to address each problem. An administrator simply can’t be everywhere at once. There are lots of tools for finding network security vulnerabilities, and you may think that simply using the tools is enough. This is a dangerous misconception. What matters is what you configure them to look for, and what actually happens when they find vulnerabilities. Without a network security policy tailored to your particular requirements, no network security tool can effectively protect you. In other words, you need to have a network security policy that reflects your organization’s security goals, and you need to be certain that your policy is being reliably carried out. This means that the security system needs to actually implement the policy, actively responding to vulnerabilities as they’re detected, working automatically rather than waiting for a human’s attention. Only automated security policy enforcement tools will do the job these days. Of course, having the world’s best security policy and an elegant automatic security system won’t protect you if a hacker could simply crack the security system itself. Your policy enforcer has to protect itself from tampering, too. Active Security is all of that: a secure system that you can train to automatically take any action your policy calls for whenever it finds any network security vulnerability that concerns you. It’s a technology that enables you to be far more diligent about cleaning up security holes as they arise because it’s more thorough than a person and faster than a person — once you’ve set it up for your network security policies, your administrator just runs a scan and Active Security does the rest. You can configure the system to automatically take care of some of the problems it may find — and if Active Security detects a problem it can’t handle on its own, it can alert the administrator via pager or email. Active Security is your network administrator’s most valuable weapon in the constant uphill battle of maintaining your network security. CyberCop Scanner Getting Started Guide 1-3
Page 1 and 2: CyberCop Scanner for Windows NT and
Page 3 and 4: Table of Contents Preface..........
Page 5 and 6: Table of Contents ScanningMultipleH
Page 7 and 8: Table of Contents Chapter 6. Runnin
Page 9 and 10: Table of Contents UnderstandinganEx
Page 11 and 12: Preface This preface includes impor
Page 13 and 14: Part II: Advanced Features Part II:
Page 15 and 16: Preface For corporate-licensed cust
Page 17: Part One: Getting Started 1
Page 22 and 23: CyberCop Scanner in Active Security
Page 28 and 29: Installing CyberCop Scanner Install
Page 30 and 31: Installing CyberCop Scanner NOTE: I
Page 32 and 33: Installing CyberCop Scanner Uninsta
Page 34 and 35: Installing CyberCop Scanner 2-8 Cha
Page 36 and 37: Getting Started: Performing a Scan
Page 70 and 71:
Getting Started: Performing a Scan
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Working With Scan Results Saving Sc
Page 78 and 79:
Working With Scan Results 3. Under
Page 80 and 81:
Working With Scan Results Viewing S
Page 82 and 83:
Working With Scan Results Viewing R
Page 84 and 85:
Working With Scan Results Using the
Page 86 and 87:
Working With Scan Results Report by
Page 88 and 89:
Working With Scan Results Querying
Page 90 and 91:
Working With Scan Results Generatin
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Working With Scan Results Fields ta
Page 98 and 99:
Working With Scan Results Previewin
Page 100 and 101:
Working With Scan Results NOTE: Whe
Page 102 and 103:
Page 104 and 105:
Working With Scan Results WheretoGo
Page 106 and 107:
Using Brute Force Password Guessing
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Running IDS (Intrusion Detection So
Page 118 and 119:
Running IDS (Intrusion Detection So
Page 120 and 121:
Using CASL Modules to Run Firewall
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
AutoUpdate: Updating CyberCop Scann
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 139 and 140:
1Using NTCASL to Generate Custom Au
Page 141 and 142:
Creating an Example Packet Using NT
Page 143 and 144:
Using NTCASL to Generate Custom Aud
Page 145 and 146:
CASL Menus Using NTCASL to Generate
Page 147 and 148:
CASL Toolbar Using NTCASL to Genera
Page 149 and 150:
Using NTCASL to Generate Custom Aud
Page 151 and 152:
2The Vulnerability Database Editor
Page 153 and 154:
About Module Records The Vulnerabil
Page 155 and 156:
The Vulnerability Database Editor L
Page 157 and 158:
The Vulnerability Database Editor M
Page 159 and 160:
The Vulnerability Database Editor E
Page 161 and 162:
Exporting Modules The Vulnerability
Page 163:
Part Three: Appendices 1
Page 166 and 167:
A Guide to CASL (Custom Audit Scrip
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Scanning: Command Line Options The
Page 200 and 201:
Scanning: Command Line Options B-4
Page 202 and 203:
Glossary Internet Internet Service
Page 204:
Glossary subnet addressing TELNET t
show all

CyberCop Scanner Getting Started Guide

Create successful ePaper yourself

Delete template?

Save as template?