Os Identification (Osid) In Enterprise Scanner - IBM Proventia Network Enterprise Scanner User Manual

Table of Contents

OS Identification (OSID) in Enterprise Scanner

Introduction

Sources of OSID

What determines

certainty?

Certainty of OSID

sources

Comparing results

between Enterprise

Scanner and

Internet Scanner

IBM Proventia Network Enterprise Scanner User Guide, Version 1.3

An Enterprise Scanner agent does not check for vulnerabilities that do not apply to the

operating system of an asset. An Enterprise Scanner agent determines whether to run a

check against an asset based on the following:

the certainty of the OS information in SiteProtector

●

the setting in the Assessment policy that specifies what action to take if the OSID is

●

uncertain (See page 107.)

SiteProtector receives OSID information in any of the following ways:

entered manually by a user

●

imported from Active Directory

●

reported by Proventia Desktop agent

●

discovered by Enterprise Scanner

●

discovered by Internet Scanner

●

Each source has access to slightly different data, which makes some sources relatively

more certain than others.

The certainty with which a source provides a completely accurate OSID is based on the

quality of the information available to the source. For example, OSID from a Desktop

agent is always considered certain because the agent has full access to information about

the asset. OSID from an Enterprise Scanner scan is considered certain if the agent had

authenticated access but uncertain if it did not.

The following table describes the relative certainty of the sources of OSID data:

Source of OSID Data

Active Directory

Desktop agent

User

Enterprise Scanner

Internet Scanner

Table 59: Certainty of OSID sources

If you want to make a valid comparison of OSID results between Enterprise Scanner and

Internet Scanner, you must make sure that you provide equivalent log on access to

accounts from both products.