Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - MANAGING VULNERABILITY ASSESSMENT V1 Manual
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. SECURITY THREAT RESPONSE MANAGER 2008.2 - MANAGING VULNERABILITY ASSESSMENT...
  6. Manual
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - MANAGING VULNERABILITY ASSESSMENT V1 Manual

Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - MANAGING VULNERABILITY ASSESSMENT V1 Manual

Managing vulnerability assessment
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Security Threat Response Manager
Managing Vulnerability Assessment
Release 2008.2
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: 530-025614-01, Revision 1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - MANAGING VULNERABILITY ASSESSMENT V1 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - MANAGING VULNERABILITY ASSESSMENT V1

Summary of Contents for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - MANAGING VULNERABILITY ASSESSMENT V1

  • Page 1 Security Threat Response Manager Managing Vulnerability Assessment Release 2008.2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-025614-01, Revision 1...
  • Page 2 Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

  • Page 3: Table Of Contents

    ONTENTS BOUT UIDE Conventions Technical Documentation Documentation Feedback Requesting Support VERVIEW Configuring Vulnerability Assessment Viewing Scanners 360 S ANAGING IP CANNERS Adding an ip360 Scanner Editing an ip360 Scanner Deleting an ip360 Scanner Exporting Reports ANAGING ESSUS CANNERS Adding a Nessus Scanner Editing an Nessus Scanner Deleting a Nessus Scanner ANAGING...
  • Page 4 ANAGING OUND CANNERS Adding a FoundScan Scanner Editing a FoundScan Scanner Deleting a FoundScan Scanner Importing Custom Certificates Example Of TrustedCA.pem File Example of Portal.pem File NSM P ANAGING UNIPER ROFILER CANNERS Adding a Juniper NSM Profiler Scanner Editing a Profiler Scanner Deleting a Profiler Scanner ANAGING APID...

  • Page 5: About This Guide

    Information that alerts you to potential personal injury. Technical You can access technical documentation, technical notes, and release notes Documentation directly from the Juniper networks Support Web site at http:// www.juniper.net/support Documentation We encourage you to provide feedback, comments, and suggestions so that we Feedback can improve the documentation.

  • Page 6: Requesting Support

    BOUT UIDE Requesting • Open a support case using the Case Management link at Support or call 1-888-314-JTAC (from the United States, http://www.juniper.net/support/ Canada, or Mexico) or 1-408-745-9500 (from elsewhere). Managing Vulnerability Assessment...

  • Page 7: Overview

    VERVIEW Vulnerability assessment integration enables vulnerability assessment data to build profiles of attackers and targets. Vulnerability assessment data uses correlated event data, network activity, and behavioral changes to remove false positives to determine the threat level for each critical business asset. STRM's integration with vulnerability assessment tools allows you to schedule scans to keep your vulnerability assessment data up-to-date.
  • Page 8 VERVIEW The scanner determines the tests performed during the scanning of a host. The selected scanner populates your asset profile data including the host information, ports, and potential vulnerabilities. You must configure scanners using the Administration Console. For information on accessing the Administration Console, see the STRM Administration Guide.
  • Page 9 Viewing Scanners Table 1-1 Scanner Parameters (continued) Parameter Description Status Specifies the status of the scanner schedule. Managing Vulnerability Assessment...

  • Page 11: Managing Ip360 Scanners

    ip360 S ANAGING CANNERS STRM uses SSH to access the remote server (SSH export server) then retrieves and interprets the scanned data. STRM supports VnE Manager version IP360-6.5.2 - 6.7.1. This chapter includes information on configuring an ip360 scanner including: •...
  • Page 12 360 S ANAGING IP CANNERS Enter values for the parameters: Step 5 Table 2-2 ip360 Parameters Parameter Description Path Specify the location on the remote server where the scan results are stored. The default is /var/ncircle/. SSH Server Host Specify the IP address or host name to the remote server. Name SSH Username Specify the SSH remote server username.
  • Page 13 Editing an ip360 Scanner Table 2-2 ip360 Parameters (continued) Parameter Description Polling Interval Specify the frequency that you wish the VIS to retrieve reports from the nCircle device. The default value is 900 seconds. Note: If the scanner is configured to use a password, the SSH scanner server to which STRM connects must support password authentication.

  • Page 14: Exporting Reports

    360 S ANAGING IP CANNERS Select the scanner you wish to delete. Step 3 Click Delete. Step 4 A confirmation window appears. Click Ok. Step 5 From the STRM Administration Console menu, select Configurations > Deploy Step 6 Configuration Changes. Exporting Reports For the VIS to retrieve reports that are exported from the ip360 device, you must configure the automated export of reports on the ip360 device.

  • Page 15: Managing Nessus Scanners

    ANAGING ESSUS CANNERS Nessus software includes separate client and server components. You can install the client on the same system as the server. However, for performance reasons, you can provide a dedicated Nessus server with distributed clients, which means a separate client and server.
  • Page 16 ANAGING ESSUS CANNERS Table 3-1 Scanner Parameters (continued) Parameter Description Description Specify a description for this scanner. The description may be up to 255 characters in length. Managed Host Using the drop-down list box, select the managed host you wish to configure this scanner.
  • Page 17 Adding a Nessus Scanner Table 3-2 Nessus Parameters (continued) Parameter Description Disable Pixmaps Enables (Yes) or Disables (No) pixmaps. If the Nessus installation includes a graphical client, set this parameter to Yes. The default is No. To determine if the Nessus client has graphical interface support, you must log in to the system that is hosting the Nessus client and execute the client with no parameters.
  • Page 18 ANAGING ESSUS CANNERS Editing an Nessus To edit a scanner: Scanner In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the VA Scanners icon. Step 2 The VA Scanners window appears. Select the scanner you wish to edit. Step 3 Click Edit.

  • Page 19: Managing Nessus Scan Result Importers

    ANAGING ESSUS ESULT MPORTERS When you configure a Nessus Scan Result Importer, STRM connects to the host storing the Nessus scan results file. STRM then retrieves the previously run scan results for processing. STRM supports scan results from Nessus version 2.2.x to 3.0.4.
  • Page 20 ANAGING ESSUS ESULT MPORTERS Table 4-1 Scanner Parameters (continued) Parameter Description Type Using the drop-down list box, select Nessus Scan Result Importer. The list of parameters for the selected scanner type appears. Enter values for the parameters: Step 5 Table 4-2 Nessus Scan Result Importer Parameters Parameter Description Remote...
  • Page 21 Editing a Nessus Scan Result Importer Table 4-2 Nessus Scan Result Importer Parameters (continued) Parameter Description Private Key File Specify the directory path to the file that contains the private key information. STRM uses the private key to authenticate the SSH connection, if you are using SSH key based authentication.
  • Page 22 ANAGING ESSUS ESULT MPORTERS Deleting a Nessus To delete a Nessus Scan Result Importer: Scan Result Importer In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the Scanner Configuration Management icon. Step 2 The Scanner Configurations window appears.

  • Page 23: Managing Nmap Scanners

    ANAGING CANNERS You can integrate Network Mapper (Nmap) scanners (version 3.83 to 4.20) with STRM. Since certain types of Nmap port scans require Nmap to be run as root, STRM must have access as root or you must operate the Nmap binary with setuid root.
  • Page 24 ANAGING CANNERS Table 5-1 Scanner Parameters (continued) Parameter Description Type Using the drop-down list box, select NMap Scanner. The list of parameters for the selected scanner type appears. Enter values for the parameters: Step 5 Table 5-2 Nmap Parameters Parameter Description Path Specify the location of the executable file for the Nmap...
  • Page 25 Editing an Nmap Scanner Table 5-2 Nmap Parameters (continued) Parameter Description Login Password If Enable Key Authentication is disabled, specify the password necessary to log in to the Nessus client system. If key authentication is disabled, you must set a login password. Private Key File Specify the directory path to the file that contains the private key information.
  • Page 26 ANAGING CANNERS Deleting an Nmap To delete an Nmap scanner: Scanner In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the VA Scanners icon. Step 2 The VA Scanners window appears. Select the scanner you wish to delete. Step 3 Click Delete.

  • Page 27: Managing Qualys Scanners

    ANAGING UALYS CANNERS A QualysGuard vulnerability scanner runs on a remote web server. STRM must access this server through an HTTPS connection to run and retrieve scan results. STRM supports Qualys version 4.7 to 6.0.44-1. For more information, see your Qualys documentation.
  • Page 28 ANAGING UALYS CANNERS Enter values for the parameters: Step 5 Table 6-2 Qualys Parameters Parameter Description Qualys Server Specify the hostname or IP address of the QualysGuard server. Host Name Qualys Username Specify the username to log in to the Qualys server. Qualys Password Specify the password to log in to the Qualys server.
  • Page 29 Editing a Qualys Scanner Editing a Qualys To edit a Qualys scanner: Scanner In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the VA Scanners icon. Step 2 The VA Scanners window appears. Select the scanner you wish to edit.

  • Page 31: Adding A Foundscan Scanner

    ANAGING OUND CANNERS Once you install the STRM Foundstone FoundScan scanner, the scanner queries the FoundScan Engine using the FoundScan OpenAPI. STRM collects vulnerability data from existing scan results with FoundScan. Therefore, your FoundScan system must include a configuration appropriate for STRM to use and a scan that runs regularly to keep the results current.
  • Page 32 ANAGING OUND CANNERS Enter values for the following parameters: Step 4 Table 7-1 Scanner Parameters Parameter Description Scanner Name Specify the name you wish to assign to this scanner. The name may be up to 255 characters in length. Description Specify a description for this scanner.
  • Page 33 Adding a FoundScan Scanner Table 7-2 FoundScan Parameters Parameter Description SOAP API URL Specify the web address for the SOAP API in the following format: https://<foundstone IP address>:<SOAP port> Where: <foundstone IP address> is the IP address or hostname of the FoundScan scanner server.

  • Page 34: Editing A Foundscan Scanner

    ANAGING OUND CANNERS Editing a To edit an FoundScan scanner: FoundScan Scanner In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the VA Scanners icon. Step 2 The VA Scanners window appears. Select the scanner you wish to edit.
  • Page 35 Importing Custom Certificates Both of these files must be in PEM format. For examples of these files, see Example Of TrustedCA.pem File Example of Portal.pem File. Copy the two PEM files to your STRM system, either to the root user's home Step 2 directory or to a new directory created for the certificates.

  • Page 36: Example Of Trustedca.pem File

    ANAGING OUND CANNERS Alias name: portal.pem Creation date: Mar 8, 2007 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Foundstone Enterprise Manager Issuer: CN=Foundstone CA Serial number: 2 Valid from: Fri Sep 12 20:36:54 ADT 2003 until: Mon Oct 20 20:36:54 ADT 2008 Certificate fingerprints: MD5: 0A:CD:06:36:B2:ED:62:8C:98:8D:10:3C:99:95:BA:7D...
  • Page 37 Importing Custom Certificates BPIWVsfbAkEAySj6iwto1LVsXC5cIP4YzNzNsj2QBqeEhEfUmLtZl8vD1sj+EM2L JggOcRpYMxIj64ob/hevavXeW1CFeRmpRQJBAKaq6OKQsILEhUoGHlJTt2BtOpEs 3JP4BBUV7QE0VTTKxA8byQqjGSu6zh/JxWk9hTjo5oSCmlcwahC5k1O4Cy0CQQCt vnwv7mncFtsB/3TJdk67Wxc7FRs59CRsEJKaXG80weVjtXRj1PSTo6+9ltCJQ+jM fxxQaeq0SqqEWlb+UuC1AkEAr6Z503v5p1rVUWTo+L8JaygumdzZRuBZi/EVuxqG j79b6Xa+UvXtXquU2qlo1weanry/Glm47qSwPBcFoOse4Q== -----END RSA PRIVATE KEY----- Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: md5WithRSAEncryption Issuer: CN=Foundstone CA Validity Not Before: Sep 12 23:36:54 2003 GMT Not After : Oct 20 23:36:54 2008 GMT Subject: CN=Foundstone Enterprise Manager Subject Public Key Info: Public Key Algorithm: rsaEncryption...
  • Page 38 ANAGING OUND CANNERS CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 0D:52:54:EF:A0:B3:91:9D:3D:47:AC:D8:9E:62:2A:34:0F:09:FF:8D X509v3 Authority Key Identifier: keyid:64:3C:50:94:CF:6E:A4:8F:DB:4D:8C:CA:0B:36:B2:AC:D4:DA: 1E:CB DirName:/CN=Foundstone CA serial:00 Signature Algorithm: md5WithRSAEncryption 4a:88:3f:51:34:5b:30:3b:5b:7c:57:31:86:22:3b:00:16:61: ac:7b:b7:ae:cd:68:11:01:a2:52:b7:59:1e:c6:5b:af:2a:ed: f9:ee:ef:64:11:b2:b9:14:21:7d:2c:35:d3:cb:09:08:a1:ab: 26:93:0f:aa:97:eb:cc:65:ab:95:a3:0d:77:0b:23:20:4a:0d: 04:18:47:2d:58:a7:de:61:9f:aa:3c:da:a5:00:9d:b5:eb:52: fb:e2:5b:56:45:02:02:79:df:0f:87:bc:f3:82:d1:3d:39:79: 9e:ef:64:e2:f5:61:9b:ea:29:94:fb:00:8f:b8:08:7c:f0:ee: 68:b6 -----BEGIN CERTIFICATE----- MIICVDCCAb2gAwIBAgIBAjANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDEw1Gb3Vu ZHN0b25lIENBMB4XDTAzMDkxMjIzMzY1NFoXDTA4MTAyMDIzMzY1NFowKDEmMCQG A1UEAxMdRm91bmRzdG9uZSBFbnRlcnByaXNlIE1hbmFnZXIwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBALkM6dC0y0NcAe2H/gz+Uj2BWXKhyH0Ri8KICxma07Yk xOMQOx6YfQNCTFIq/SC+wKopcfHqc16DLKIIzUa4QO8Vg8IjkWuSvMTC2d1MgsZd PlqwNe5Js9MysEpHml8wmg8n9KNzS9/oDjw2fwWJgsOLIEsqG6fMzTcRnbZWtnEH AgMBAAGjgZ0wgZowCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH...
  • Page 39 Importing Custom Certificates VQQDEw1Gb3VuZHN0b25lIENBggEAMA0GCSqGSIb3DQEBBAUAA4GBAEqIP1E0WzA7 W3xXMYYiOwAWYax7t67NaBEBolK3WR7GW68q7fnu72QRsrkUIX0sNdPLCQihqyaT D6qX68xlq5WjDXcLIyBKDQQYRy1Yp95hn6o82qUAnbXrUvviW1ZFAgJ53w+HvPOC 0T05eZ7vZOL1YZvqKZT7AI+4CHzw7mi2 -----END CERTIFICATE----- Managing Vulnerability Assessment...

  • Page 41: Adding A Juniper Nsm Profiler Scanner

    UNIPER ROFILER CANNERS The Juniper Networks NSM console passively collects valuable asset information from your network through deployed Juniper IDP sensors. STRM connects to the Profiler database stored on the NSM server to retrieve these records. The STRM server must have access to the Profiler database. STRM supports NSM versions 2007.1r2 to 2007.2r2.
  • Page 42 NSM P ANAGING UNIPER ROFILER CANNERS Table 8-1 Scanner Parameters (continued) Parameter Description Description Specify a description for this scanner. The description may be up to 255 characters in length. Managed Host Using the drop-down list box, select the managed host you wish to configure this scanner.

  • Page 43: Editing A Profiler Scanner

    Editing a Profiler Scanner Table 8-2 Juniper NSM Profiler Parameters (continued) Parameter Description Database Name Specify the name of the Profiler database. The default is profilerDB. To configure the CIDR ranges you wish this scanner to consider: Step 6 In the text field, enter the CIDR range you wish this scanner to consider or click Browse to select the CIDR range from the network list.
  • Page 44 NSM P ANAGING UNIPER ROFILER CANNERS Click Ok. Step 5 From the STRM Administration Console menu, select Configurations > Deploy Step 6 Configuration Changes. Managing Vulnerability Assessment...

  • Page 45: Adding A Rapid7 Nexpose Scanner

    ANAGING APID POSE CANNERS This chapter includes information on configuring a Rapid7 NeXpose scanner including: Adding a Rapid7 NeXpose Scanner • Editing a Rapid7 NeXpose Scanner • • Deleting a Rapid7 NeXpose Scanner STRM supports Rapid7 NeXpose version 4.5 and above. For more information, see your Rapid7 NeXpose documentation.
  • Page 46 ANAGING APID POSE CANNERS Enter values for the parameters: Step 5 Table 9-2 Rapid7 NeXpose Parameters Parameter Description Remote Specify the hostname or IP address of the Rapid7 NeXpose Hostname server. Login Username Specify the username to log in to the Rapid7 NeXpose server. Login Password Specify the password to log in to the Rapid7 NeXpose server.

  • Page 47: Editing A Rapid7 Nexpose Scanner

    Editing a Rapid7 NeXpose Scanner Editing a Rapid7 To edit a scanner: Rapid7 NeXpose NeXpose Scanner In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the VA Scanners icon. Step 2 The VA Scanners window appears. Select the scanner you wish to edit.

  • Page 49: Scheduling A Scan

    ANAGING CHEDULES This chapter provides information on managing the vulnerability assessment scan schedule including: Scheduling a Scan • Editing a Scan Schedule • • Deleting a Scheduled Scan Note: The below procedure describes how to manage scan schedules using the Administration Console interface.
  • Page 50 ANAGING CHEDULES Enter values for the parameters: Step 4 Table 10-1 Scan Schedule Parameters Parameter Description VA Scanner Using the drop-down list box, select the scanner for which you wish to create a schedule. Network CIDR Choose one of the following options: Network CIDR - Select the option and specify the network •...

  • Page 51: Editing A Scan Schedule

    Editing a Scan Schedule Table 10-1 Scan Schedule Parameters (continued) Parameter Description Potency Specify the level of scan you wish to perform. The precise interpretation of the levels depends on the scanner, however, typically, the levels indicate: Very safe - Specifies a safe, non-intrusive assessment. They •...

  • Page 52: Deleting A Scheduled Scan

    ANAGING CHEDULES Select the schedule you wish to edit. Step 3 Note: If you do not have any scanners configured, an error message appears. You must configure the scanners before you can schedule a scan. For more information on configuring scanners, see Chapter 1 Overview.
  • Page 53 IEWING SSET ROFILE NFORMATION You can access asset profile data for any IP address that appears in the asset profile. Note: For more information on Assets, see the Managing Assets Chapter in the STRM Users Guide To view asset profile data: On any IP address in the STRM interface, use the right mouse button (right-click) Step 1 to access the menu.
  • Page 54 IEWING SSET ROFILE NFORMATION Table 11-2 Asset Profile Window Parameter Description Name Specify a name you wish to associate with this asset profile. Description Specify a description that you wish to associate with this asset profile. IP Address Specifies the IP address of the asset. Operating System Specifies the operating system running on the asset.
  • Page 55 Table 11-3 Ports Information (continued) Parameter Description Last Seen Specifies the date and time that the service was last detected running on the asset both either passively or actively. First Seen Specifies the date and time when the service was first detected running on the asset both either passively or actively.
  • Page 57 NDEX conventions 3 Rapid7 NeXpose adding 43 deleting 45 editing 45 FoundScan about 29 adding 29 custom certificates 32 scan deleting 32 deleting schedule 50 editing 32 editing schedule 49 scheduling 47 ip360 about 9 VA 5 adding 9 vulnerability assessment 5 deleting 11 configuring 5 editing 11...

This manual is also suitable for:

Security threat response manager

Table of Contents