New Features - IBM Proventia Network Enterprise Scanner User Manual

Chapter 1: Introduction to Enterprise Scanner

New Features

Introduction
ICMP ping
When to use ICMP
ping
Application
fingerprinting
Non-standard port
assignments
When to use
application
fingerprinting
18
Enterprise Scanner Version 1.3 provides an update to the firmware, and introduces a
smaller, portable version of the appliance hardware, the ES750.
Enterprise Scanner Version 1.2 fixed some known issues, and it introduced features to
improve discovery speed and assessment accuracy:
ICMP ping
●
application fingerprinting
●
SSH support
●
A discovery scan can run faster if it can determine which assets in the scanning range are
available, and then scan only those assets with operating system identification (OSID)
techniques. The ICMP ping option in the Enterprise Scanner Discovery policy determines
which assets are available, as follows:
At the beginning of each scanning window, the agent sends four (4) ICMP ping
●
commands to each asset identified in the discovery policy.
The agent considers each asset that responds to a command as available, and keeps
●
track of all available assets.
The discovery scan then continues to scan only the available assets.
●
The ICMP ping function is especially useful in the following cases:
The network is sparsely populated.
●
Every asset on the network is configured to respond to ICMP ping commands.
●
To configure ICMP ping, see "Defining Assets to Discover (Discovery Policy)" on page 99.
The application fingerprinting option identifies which applications are communicating
over which ports and discovers any non-standard port usage. If you enable the
application fingerprinting option, you must select from the following:
Run checks that apply to the protocol of the application communicating over a port,
●
such as HTTP.
Run checks that apply to the specific application communicating over a port, such as
●
Apache running Coldfusion.
Individuals in a corporation may use non-standard port assignments thinking that the
practice increases network security. Using non-standard port assignments may make it
harder—although not impossible—for an intruder to determine which applications are
communicating on ports. The practice may also hide critical vulnerabilities from your
agent, however, which could understate the real risk to a corporate network.
Application fingerprinting is especially useful in the following cases:
You know that some applications on the network communicate over non-standard
●
ports.
IBM Internet Security Systems