enterprise-2-web enterprise-2-web Randy Reitz and Tim Rupp Randy - - PowerPoint PPT Presentation

▶

Jun 17, 2023 373 likes •508 views

enterprise-2-web enterprise-2-web Randy Reitz and Tim Rupp Randy Reitz and Tim Rupp InterLab 2006 InterLab 2006 end user overview end user overview scan-me-now scan-me-now small web based vulnerability scanner small web based

SLIDE 1

enterprise-2-web enterprise-2-web

Randy Reitz and Tim Rupp Randy Reitz and Tim Rupp InterLab 2006 InterLab 2006

SLIDE 2

end user overview end user overview

scan-me-now

scan-me-now

– small web based vulnerability scanner

small web based vulnerability scanner

nessquik

nessquik

– powerful web based GUI for Nessus

powerful web based GUI for Nessus

splunk

splunk

– log file search engine

log file search engine

st & e

st & e

– system test, and evaluation checklist

system test, and evaluation checklist

SLIDE 3

enterprise overview enterprise overview

inventory

inventory

– near real-time network node inventory

near real-time network node inventory

scanner farm

scanner farm

– around-the-clock pinger, port scanner and vulnerability scanner

around-the-clock pinger, port scanner and vulnerability scanner

tissue

tissue

– event issue tracker

event issue tracker

SLIDE 4

scan-me-now scan-me-now

easy vulnerability scans

easy vulnerability scans

command line or browser

command line or browser

critical vulnerabilities or all plugins

critical vulnerabilities or all plugins

can only scan the machine you are coming from

can only scan the machine you are coming from

outputs report to webpage which you can save
utputs report to webpage which you can save

http://security.fnal.gov/scanmenow.html

SLIDE 5

nessquik nessquik

granular control of plugins to use in a scan

granular control of plugins to use in a scan

leverage certificates for access control

leverage certificates for access control

scheduled scanning

scheduled scanning

monitor your scan progress

monitor your scan progress

reports in HTML or text

reports in HTML or text

save scan settings for the future

save scan settings for the future

https://shamus.fnal.gov/nessquik-2.0

SLIDE 6

splunk splunk

full-text search engine for logs

full-text search engine for logs

combine and search different log sources

combine and search different log sources

includes an API via SOAP and REST that will likely be

includes an API via SOAP and REST that will likely be used by CST in the future used by CST in the future

very fast, AJAX-ish interface

very fast, AJAX-ish interface

able to quickly search massive datasets

able to quickly search massive datasets

http://whoknowswhat.fnal.gov:8000/

SLIDE 7

st & e st & e

traffic lights signal when items have expired, in real-time

traffic lights signal when items have expired, in real-time

spans + AJAX for fast loading of content

spans + AJAX for fast loading of content

drop down arrows providing unlimited levels of tasks

drop down arrows providing unlimited levels of tasks

update log, satisfy evaluation

update log, satisfy evaluation

powerful admin interface to define access

powerful admin interface to define access

leverage certificates for access control

leverage certificates for access control

https://roaster.fnal.gov/ste2/

SLIDE 8

inventory inventory

find active network nodes - ping response or ARP entry

find active network nodes - ping response or ARP entry

find aged network nodes

find aged network nodes

use nmap port scan to create observation:

use nmap port scan to create observation:

– estimate node OS

estimate node OS

– collect open (listening) TCP ports

collect open (listening) TCP ports

collapse observation in Inventory database

collapse observation in Inventory database

find recent observations for more scanning

find recent observations for more scanning

SLIDE 9

inventory inventory

SLIDE 10

scanner farm scanner farm

for nodes with "interesting" services:

for nodes with "interesting" services:

– test node with set of published critical vulnerabilities

test node with set of published critical vulnerabilities

– test node configuration for policy compliance (Kerberos)

test node configuration for policy compliance (Kerberos)

SLIDE 11

TIssue TIssue

create event when scanner finds an "issue"

create event when scanner finds an "issue"

find registered info for node

find registered info for node

notify administrator or user

notify administrator or user

submit event to work flow

submit event to work flow

SLIDE 12

enterprise-2-web enterprise-2-web

Randy Reitz and Tim Rupp Randy Reitz and Tim Rupp InterLab 2006 InterLab 2006

end user overview end user overview

scan-me-now

small web based vulnerability scanner

nessquik

powerful web based GUI for Nessus

splunk

log file search engine

st & e

system test, and evaluation checklist

enterprise overview enterprise overview

inventory

near real-time network node inventory

scanner farm

around-the-clock pinger, port scanner and vulnerability scanner

tissue

event issue tracker

scan-me-now scan-me-now

easy vulnerability scans

command line or browser

critical vulnerabilities or all plugins

can only scan the machine you are coming from

http://security.fnal.gov/scanmenow.html

nessquik nessquik

granular control of plugins to use in a scan

leverage certificates for access control

scheduled scanning

monitor your scan progress

reports in HTML or text

save scan settings for the future

https://shamus.fnal.gov/nessquik-2.0

splunk splunk

full-text search engine for logs

combine and search different log sources

includes an API via SOAP and REST that will likely be used by CST in the future used by CST in the future

very fast, AJAX-ish interface

able to quickly search massive datasets

http://whoknowswhat.fnal.gov:8000/

st & e st & e

traffic lights signal when items have expired, in real-time

spans + AJAX for fast loading of content

drop down arrows providing unlimited levels of tasks

update log, satisfy evaluation

powerful admin interface to define access

leverage certificates for access control

https://roaster.fnal.gov/ste2/

inventory inventory

find active network nodes - ping response or ARP entry

find aged network nodes

use nmap port scan to create observation:

– estimate node OS

estimate node OS

– collect open (listening) TCP ports

collect open (listening) TCP ports

collapse observation in Inventory database

find recent observations for more scanning

inventory inventory

scanner farm scanner farm

for nodes with "interesting" services:

– test node with set of published critical vulnerabilities

test node with set of published critical vulnerabilities

– test node configuration for policy compliance (Kerberos)

test node configuration for policy compliance (Kerberos)

TIssue TIssue

create event when scanner finds an "issue"

find registered info for node

notify administrator or user

submit event to work flow

TIssue in brief TIssue in brief