Chapter 9: Understanding Scanning Processes In Siteprotector; What Is Perspective - IBM Proventia Network Enterprise Scanner User Manual

Chapter 9: Understanding Scanning Processes in SiteProtector

What is Perspective?

Introduction
Perspective
identifies network
location
Default perspective
Technical
requirements
Use for distributed
scanning
Flexibility
Use meaningful
perspective names
Placing agents in
the correct
perspective
124
When you scan a group of assets, you anticipate and interpret results based on the
location of your agent relative to the location of the assets. Scanning a group of assets from
inside a firewall, for example, produces different results than scanning the same group of
assets from outside the firewall.
With Enterprise Scanner, you use perspective to define logical locations on your network.
When you add an agent to SiteProtector, you assign it to a perspective that identifies the
agent's location on the network. When you configure a scan, you choose the perspective
from which you want to scan the IP addresses or the assets in the group.
Enterprise Scanner contains one predefined perspective—Global. If you plan to scan from
just one location on your network, you may use the default perspective. Or, you may
create a user-defined perspective to use instead of the default.
The network location that a perspective represents must meet the following technical
requirements:
A perspective is a set of subnets from which you expect the same results from
●
scanning or monitoring your network regardless of where you connect the agents
within that set of subnets.
Within that set of subnets, no network traffic is blocked and no network address
●
translation occurs.
Perspective makes it possible to easily distribute the workload among multiple agents:
If you have just one agent in a perspective, that agent performs all the scans that run
●
from that perspective.
If you have two or more agents in a perspective, Enterprise Scanner automatically
●
balances the distribution of tasks among the agents in that perspective.
Identifying agents by perspective instead of by a specific name or IP address makes it
easier to respond to changes in your scanning environment. If you add an agent to a
perspective, that agent automatically shares the workload with the other agents in that
perspective. Likewise, if you remove an agent from a perspective that contains multiple
agents, the remaining agents continue to run the scans assigned to that perspective. In
either case, no additional configuration is required, and there is no interruption to your
scanning cycles.
The name you use for a perspective should reflect the implications of scanning from that
location. Using the example of setting up agents inside and outside a firewall, descriptive
perspective names would be Atlanta-InsideFirewall and Atlanta-OutsideFirewall.
A perspective name has no inherent meaning to Enterprise Scanner. You must make sure
that the agents you add to each perspective make logical sense there. If you add an agent
to a perspective that is not logical for that agent, Enterprise Scanner is not able to
determine that you have made a mistake.
IBM Internet Security Systems