Introduction

This guide describes the Netalytics Security Center. The Netalytics Security Center is a multitenant capable system that supports

• Asset Discovery
• Vulnerability Scans based on NVD and OVAL repositories
• CIS Compliance scans

Asset Discovery

Asset discovery discovers all Assets based on a scan of the network and discovers any open ports and helps in identifying any unknown or rogue devices that are present in the network. The Asset discovery module supports a range and subnet based discovery and fingerprinting. Adding credentials to an asset will provide more information on the asset versus and external scan. The Asset discovery module supports fingerprinting of various network devices such as 

• Cisco
• HP
• Juniper
• Watchguard
• Sophos
• Fortinet
• TP-LInk
• DLink
• Ubiquity
• Others

In addition servers with Windows or Linux loaded are also discovered. VMware and HyperV based installations are also discovered. The fundamental role of Asset discovery is not to monitor or provide and Asset Management system but to identify known and unknown systems and track changes in the devices.

Vulnerability and CIS Compliance Assessment

Standards Support

The vulnerability scanner is a robust, enterprise-strength implementation of the SCAP 1.2 family of specifications, and supports the following schema versions:

• SCAP (Security Content Automation Protocol) Datastream 1.2
• XCCDF (eXtensible Configuration Checklist Definition Format) 1.2
• OVAL (Open Vulnerability Assessment Language) 5.11.2
• OCIL (Open Checklist Interactive Language) 2.0
• CPE (Common Product Enumeration) 2.3
• ARF (Asset Reporting Format) 1.1
• AI (Asset Information) 1.2
• SCE (Script Check Engine) 1.0

Scan Target Platform Support

• Windows: Windows XP SP3+, Windows Server 2003 SP2+
• Linux: RHEL 5+, Fedora 14+, SUSE Desktop 10+, SUSE Enterprise Server 9+, Ubuntu 8.10+, Debian 6.0+
• Apple: OSX Snow Leopard+, iOS 5.1+
• Cisco: IOS 12.2+,  IOS-XE 12.2+, ASA 9.0+
• Juniper JunOS 8.5R1+
• IBM AIX 6.1+, RHEL 6+ on System Z
• Oracle Solaris 8+
• HP-UX 11.23+
• FreeBSD 8.4+
• VMWare ESXi 5.0+

Windows

Microsoft® Windows® is the most widely-deployed desktop operating system in government and enterprise environments, and also enjoys significant server market-share as well. Locking down this platform therefore takes top billing in virtually any IT security initiative. The vulnerability scanner has the power to leverage Microsoft’s built-in web service protocols to deliver a complete Windows scanning solution without the need for agents — not even the so-called “dissolving agents” that other supposedly “agentless” solutions are known to deploy.

OVAL Schema Support

Unix

Security scanning isn’t just for desktops. Server infrastructure hosting critical back-office systems are also vulnerable to security risks, which have serious consequences when breached. The vulnerability scanner supports virtually every Unix flavor deployed in enterprises today.

OVAL Schema Support

The scanner Local and Remote scan plug-ins support the following OVAL tests on Unix:

* Required for use-cases involving WINE and/or SAMBA
** The getconf test runs on all Unix flavors, including Mac OSX
*** RPM tests also run on AIX

MacOS X

Apple is making significant inroads as a desktop platform for both government and commercial applications, particularly for high-end users. Yet the systems management tools for OSX are not as mature or widely-available as those focusing on Windows desktops. This is a potentially dangerous combination for data security.

OVAL Schema Support

The Vulnerability Scanner Local and Remote scan plug-ins support the following OVAL tests on Mac OS X:

* Required for use-cases involving WINE and/or SAMBA

VMWare ESX

VMWare ESX/ESXi is the market leader in enterprise virtualization infrastructure, powering private cloud environments used by the vast majority of Fortune 500 companies and government agencies. In addition to the OVAL schema for ESX, Vulnerability Scanner supports a variety of Unix-type and platform-independent tests on ESX host systems.

OVAL Schema Support

The Vulnerability Remote scan plug-in supports the following OVAL tests on ESX/ESXi (local scanning is not supported):

Cisco

The vast majority of security vulnerabilities involve network access, so it is critical for the security automation standards community to make a serious effort to expand support for network devices of all kinds. Cisco IOS is the most widely-deployed network device operating system in the world, with over 50% market share, and therefore it presents a natural starting point for any such effort.

The vulnerability scanner features more comprehensive support for Cisco IOS, IOS-XE and ASA devices than any other scanner on the market, and offers the only complete implementation of the schemas for Cisco. Unlike other implementations, vulnerability was designed from the ground up to scan machines remotely. This makes it an ideal platform for performing assessments against routers, firewalls, access points, and other network infrastructure components.

OVAL Schema Support

The Scanner Remote plugin supports the following tests for Cisco:

Juniper

OVAL Schema Support

The Scanner Remote plugin supports the following tests on Juniper JunOS: