This guide describes the Netalytics Security Center. The Netalytics Security Center is a multitenant capable system that supports
- Asset Discovery
- Vulnerability Scans based on NVD and OVAL repositories
- CIS Compliance scans
Asset Discovery
Asset discovery discovers all Assets based on a scan of the network and discovers any open ports and helps in identifying any unknown or rogue devices that are present in the network. The Asset discovery module supports a range and subnet based discovery and fingerprinting. Adding credentials to an asset will provide more information on the asset versus and external scan. The Asset discovery module supports fingerprinting of various network devices such as
- Cisco
- HP
- Juniper
- Watchguard
- Sophos
- Fortinet
- TP-LInk
- DLink
- Ubiquity
- Others
In addition servers with Windows or Linux loaded are also discovered. VMware and HyperV based installations are also discovered. The fundamental role of Asset discovery is not to monitor or provide and Asset Management system but to identify known and unknown systems and track changes in the devices.
Vulnerability and CIS Compliance Assessment
Standards Support
The vulnerability scanner is a robust, enterprise-strength implementation of the SCAP 1.2 family of specifications, and supports the following schema versions:
- SCAP (Security Content Automation Protocol) Datastream 1.2
- XCCDF (eXtensible Configuration Checklist Definition Format) 1.2
- OVAL (Open Vulnerability Assessment Language) 5.11.2
- OCIL (Open Checklist Interactive Language) 2.0
- CPE (Common Product Enumeration) 2.3
- ARF (Asset Reporting Format) 1.1
- AI (Asset Information) 1.2
- SCE (Script Check Engine) 1.0
Scan Target Platform Support
- Windows: Windows XP SP3+, Windows Server 2003 SP2+
- Linux: RHEL 5+, Fedora 14+, SUSE Desktop 10+, SUSE Enterprise Server 9+, Ubuntu 8.10+, Debian 6.0+
- Apple: OSX Snow Leopard+, iOS 5.1+
- Cisco: IOS 12.2+, IOS-XE 12.2+, ASA 9.0+
- Juniper JunOS 8.5R1+
- IBM AIX 6.1+, RHEL 6+ on System Z
- Oracle Solaris 8+
- HP-UX 11.23+
- FreeBSD 8.4+
- VMWare ESXi 5.0+
Windows
Microsoft® Windows® is the most widely-deployed desktop operating system in government and enterprise environments, and also enjoys significant server market-share as well. Locking down this platform therefore takes top billing in virtually any IT security initiative. The vulnerability scanner has the power to leverage Microsoft’s built-in web service protocols to deliver a complete Windows scanning solution without the need for agents — not even the so-called “dissolving agents” that other supposedly “agentless” solutions are known to deploy.
OVAL Schema Support
|
|
Unix
Security scanning isn’t just for desktops. Server infrastructure hosting critical back-office systems are also vulnerable to security risks, which have serious consequences when breached. The vulnerability scanner supports virtually every Unix flavor deployed in enterprises today.
OVAL Schema Support
The scanner Local and Remote scan plug-ins support the following OVAL tests on Unix:
On all Unix flavors: | Flavor-specific tests: |
|
|
* Required for use-cases involving WINE and/or SAMBA
** The getconf test runs on all Unix flavors, including Mac OSX
*** RPM tests also run on AIX
MacOS X
Apple is making significant inroads as a desktop platform for both government and commercial applications, particularly for high-end users. Yet the systems management tools for OSX are not as mature or widely-available as those focusing on Windows desktops. This is a potentially dangerous combination for data security.
OVAL Schema Support
The Vulnerability Scanner Local and Remote scan plug-ins support the following OVAL tests on Mac OS X:
|
|
* Required for use-cases involving WINE and/or SAMBA
VMWare ESX
VMWare ESX/ESXi is the market leader in enterprise virtualization infrastructure, powering private cloud environments used by the vast majority of Fortune 500 companies and government agencies. In addition to the OVAL schema for ESX, Vulnerability Scanner supports a variety of Unix-type and platform-independent tests on ESX host systems.
OVAL Schema Support
The Vulnerability Remote scan plug-in supports the following OVAL tests on ESX/ESXi (local scanning is not supported):
|
|
Cisco
The vast majority of security vulnerabilities involve network access, so it is critical for the security automation standards community to make a serious effort to expand support for network devices of all kinds. Cisco IOS is the most widely-deployed network device operating system in the world, with over 50% market share, and therefore it presents a natural starting point for any such effort.
The vulnerability scanner features more comprehensive support for Cisco IOS, IOS-XE and ASA devices than any other scanner on the market, and offers the only complete implementation of the schemas for Cisco. Unlike other implementations, vulnerability was designed from the ground up to scan machines remotely. This makes it an ideal platform for performing assessments against routers, firewalls, access points, and other network infrastructure components.
OVAL Schema Support
The Scanner Remote plugin supports the following tests for Cisco:
|
|
Juniper
OVAL Schema Support
The Scanner Remote plugin supports the following tests on Juniper JunOS:
|
|