Introduction

This guide describes the Netalytics Security Center. The Netalytics Security Center is a multitenant capable system that supports

Asset Discovery
Vulnerability Scans based on NVD and OVAL repositories
CIS Compliance scans

Asset Discovery

Asset discovery discovers all Assets based on a scan of the network and discovers any open ports and helps in identifying any unknown or rogue devices that are present in the network. The Asset discovery module supports a range and subnet based discovery and fingerprinting. Adding credentials to an asset will provide more information on the asset versus and external scan. The Asset discovery module supports fingerprinting of various network devices such as

Cisco
HP
Juniper
Watchguard
Sophos
Fortinet
TP-LInk
DLink
Ubiquity
Others

In addition servers with Windows or Linux loaded are also discovered. VMware and HyperV based installations are also discovered. The fundamental role of Asset discovery is not to monitor or provide and Asset Management system but to identify known and unknown systems and track changes in the devices.

Vulnerability and CIS Compliance Assessment

Standards Support

The vulnerability scanner is a robust, enterprise-strength implementation of the SCAP 1.2 family of specifications, and supports the following schema versions:

SCAP (Security Content Automation Protocol) Datastream 1.2
XCCDF (eXtensible Configuration Checklist Definition Format) 1.2
OVAL (Open Vulnerability Assessment Language) 5.11.2
OCIL (Open Checklist Interactive Language) 2.0
CPE (Common Product Enumeration) 2.3
ARF (Asset Reporting Format) 1.1
AI (Asset Information) 1.2
SCE (Script Check Engine) 1.0

Scan Target Platform Support

Windows: Windows XP SP3+, Windows Server 2003 SP2+
Linux: RHEL 5+, Fedora 14+, SUSE Desktop 10+, SUSE Enterprise Server 9+, Ubuntu 8.10+, Debian 6.0+
Apple: OSX Snow Leopard+, iOS 5.1+
Cisco: IOS 12.2+, IOS-XE 12.2+, ASA 9.0+
Juniper JunOS 8.5R1+
IBM AIX 6.1+, RHEL 6+ on System Z
Oracle Solaris 8+
HP-UX 11.23+
FreeBSD 8.4+
VMWare ESXi 5.0+

Windows

Microsoft® Windows® is the most widely-deployed desktop operating system in government and enterprise environments, and also enjoys significant server market-share as well. Locking down this platform therefore takes top billing in virtually any IT security initiative. The vulnerability scanner has the power to leverage Microsoft’s built-in web service protocols to deliver a complete Windows scanning solution without the need for agents — not even the so-called “dissolving agents” that other supposedly “agentless” solutions are known to deploy.

OVAL Schema Support

Windows Schema
- Access Token Test
- Active Directory Test (Legacy and 5.7)
- Audit Event Policy Test
- Audit Event Policy Subcategories Test
- Cmdlet Test
- DNS Cache Test
- File Test
- File Audited Permissions Test (Legacy and 5.3)
- File Effective Rights Test (Legacy and 5.3)
- Group Test
- Group SID Test
- Interface Test
- Junction Test
- License Test
- Lockout Policy Test
- Metabase Test
- NT User Test
- Password Policy Test
- PE Header Test
- Port Test
- Printer Effective Rights Test
- Process Test (Legacy and 5.8)
- Registry Test
- RegKey Audited Permissions Test (Legacy and 5.3)
- RegKey Effective Rights Test (Legacy and 5.3)
- Service Test
- Service Effective Rights Test
- Shared Resource Test
- Shared Resource Audited Permissions Test
- Shared Resource Effective Rights Test
- SID Test
- SID SID Test
- System Metric Test
- UAC Test
- User Test
- User SID Test (Legacy and 5.5)
- User Right Test
- Volume Test
- WMI Test (Legacy and 5.7)
- WUA Update Searcher Test

Independent Schema
- Environment Variable Test (Legacy and 5.8)
- Family Test
- Filehash Test (Legacy and 5.8)
- LDAP Test (Legacy and 5.7)
- SQL Test (Legacy and 5.7)
- Text File Content Test (Legacy and 5.4)
- Unknown Test
- Variable Test
- XML File Content Test

Unix

Security scanning isn’t just for desktops. Server infrastructure hosting critical back-office systems are also vulnerable to security risks, which have serious consequences when breached. The vulnerability scanner supports virtually every Unix flavor deployed in enterprises today.

OVAL Schema Support

The scanner Local and Remote scan plug-ins support the following OVAL tests on Unix:

On all Unix flavors:

Flavor-specific tests:

Unix Schema
- Dnscache Test
- File Test
- File Extended Attribute Test
- Gconf Test
- Inetd Test
- Interface Test
- Password Test
- Process Test (Legacy and 5.8)
- Routing Table Test
- Runlevel Test
- SCCS Test
- Shadow Test
- Symlink Test
- Sysctl Test
- Uname Test
- Xinetd Test
Independent Schema
- Environment Variable Test (Legacy and 5.8)
- Family Test
- File Hash Test (Legacy and 5.8)
- LDAP Test (Legacy and 5.7)
- SQL Test (Legacy and 5.7)
- Text File Content Test (Legacy and 5.4)
- Unknown Test
- Variable Test
- XML File Content Test
Windows Schema*
- File Test

AIX Schema
- Fileset Test
- Fix Test
- Interim Fix Test
- No Test
- Oslevel Test
FreeBSD Schema
- Portinfo Test
HP-UX Schema
- Getconf Test**
- Ndd Test
- Patch Test (Legacy and 5.3)
- Swlist Test
- Trusted Test
Linux Schema
- APT Test
- Apparmor Test
- Dpkginfo Test
- Iflisteners Test
- Inet Listening Servers Test
- Partition Test
- RPM Info Test***
- RPM Verify Test (Legacy)***
- RPM Verify File Test***
- RPM Verify Package Test***
- SE Linux Boolean Test
- SE Linux Security Context Test
- Slackwarepkginfo Test
- Systemd Unit Dependency Test
- Systemd Unit Property Test
Solaris Schema
- Facet Test
- Image Test
- ISA Info Test
- NDD Test
- Package Test (Legacy and 5.11)
- Package Avoid List Test
- Packagecheck Test
- Package Freeze List Test
- Package Publisher Test
- Patch Test (Legacy and 5.4)
- SMF Test
- SMF Property Test
- Variant Test
- VirtualizationInfo Test

* Required for use-cases involving WINE and/or SAMBA
** The getconf test runs on all Unix flavors, including Mac OSX
*** RPM tests also run on AIX

MacOS X

Apple is making significant inroads as a desktop platform for both government and commercial applications, particularly for high-end users. Yet the systems management tools for OSX are not as mature or widely-available as those focusing on Windows desktops. This is a potentially dangerous combination for data security.

OVAL Schema Support

The Vulnerability Scanner Local and Remote scan plug-ins support the following OVAL tests on Mac OS X:

Apple Macintosh Schema
- Account Info Test
- Authorization DB Test
- Core Storage Test
- Diskutil Test
- Gatekeeper Test
- Inet Listening Servers Test (Legacy and 5.10)
- Keychain Test
- Launchd Test
- Nvram Test
- Plist Test (Legacy, 5.10 and 5.11)
- Pwpolicy Test (Legacy and 5.9)
- Rlimit Test
- Softwareupdate Test
- Systemprofiler Test
- Systemsetup Test
Independent Schema
- Environment Variable Test (Legacy and 5.8)
- Family Test
- File Hash Test (Legacy and 5.8)
- LDAP Test (Legacy and 5.7)
- SQL Test (Legacy and 5.7)
- Text File Content Test (Legacy and 5.4)
- Unknown Test
- Variable Test
- XML File Content Test

Unix Schema
- Dnscache Test
- File Test
- File Extended Attribute Test
- Inetd Test
- Interface Test
- Password Test
- Process Test (Legacy and 5.8)
- Routing Table Test
- Runlevel Test
- Shadow Test
- Symlink Test
- Uname Test
Windows Schema*
- File Test

* Required for use-cases involving WINE and/or SAMBA

VMWare ESX

VMWare ESX/ESXi is the market leader in enterprise virtualization infrastructure, powering private cloud environments used by the vast majority of Fortune 500 companies and government agencies. In addition to the OVAL schema for ESX, Vulnerability Scanner supports a variety of Unix-type and platform-independent tests on ESX host systems.

OVAL Schema Support

The Vulnerability Remote scan plug-in supports the following OVAL tests on ESX/ESXi (local scanning is not supported):

VMWare ESX Schema
- Patch Test (Legacy and 5.6)
- Version Test
Unix Schema
- File Test
- Interface Test
- Password Test
- Shadow Test
- Symlink Test
- Uname Test

Independent Schema
- Environment Variable Test (Legacy only)
- Family Test
- File Hash Test (Legacy and 5.8)
- Text File Content Test (Legacy and 5.4)
- Unknown Test
- Variable Test
- XML File Content Test

Cisco

The vast majority of security vulnerabilities involve network access, so it is critical for the security automation standards community to make a serious effort to expand support for network devices of all kinds. Cisco IOS is the most widely-deployed network device operating system in the world, with over 50% market share, and therefore it presents a natural starting point for any such effort.

The vulnerability scanner features more comprehensive support for Cisco IOS, IOS-XE and ASA devices than any other scanner on the market, and offers the only complete implementation of the schemas for Cisco. Unlike other implementations, vulnerability was designed from the ground up to scan machines remotely. This makes it an ideal platform for performing assessments against routers, firewalls, access points, and other network infrastructure components.

OVAL Schema Support

The Scanner Remote plugin supports the following tests for Cisco:

Cisco IOS Schema
- ACL Test
- BGP Neighbor Test
- Global Test
- Interface Test
- Line Test
- Router Test
- Routingprotocolauthinf Test
- Section Test
- SNMP Test
- SNMP Community Test
- SNMP Group Test
- SNMP Host Test
- SNMP User Test
- SNMP View Test
- Tclsh Test
- Version Test (Legacy and 5.5)
Cisco ASA Schema
- ACL Test
- Classmap Test
- Interface Test
- Line Test
- Policy Map Test
- Service Policy Test
- SMTP Group Test
- SMTP Host Test
- SMTP User Test
- TCP Map Test
- Version Test

Cisco IOS-XE Schema
- ACL Test
- BGP Neighbor Test
- Global Test
- Interface Test
- Line Test
- Router Test
- Routingprotocolauthinf Test
- Section Test
- SNMP Community Test
- SNMP Group Test
- SNMP Host Test
- SNMP User Test
- SNMP View Test
- Version Test
NETCONF Schema
- Config Test (IOS and IOS-XE devices only)
Independent Schema
- Family Test
- Unknown Test
- Variable Test

Juniper

OVAL Schema Support

The Scanner Remote plugin supports the following tests on Juniper JunOS:

Juniper JunOS Schema
- Show Test
- Version Test
- XML Config Test
- XML Show Test

NETCONF Schema
- Config Test

Independent Schema
- Family Test
- Unknown Test
- Variable Test