Chapter 5: Introduction To Enterprise Scanner Policies; Introduction To Asset And Agent Policies - IBM Proventia Network Enterprise Scanner User Manual

Chapter 5: Introduction to Enterprise Scanner Policies

Introduction to Asset and Agent Policies

Introduction
Approach to asset
and agent policies
Advantages
72
The most important difference with Enterprise Scanner policies is the difference between
asset and agent policies:
Asset policies apply to groups of assets and describe the security policy for those
●
assets.
Agent policies apply to Enterprise Scanner appliances and primarily describe
●
operational settings for the agents or global settings for all scans. In addition, some
agent policies apply to only one agent.
Some policies define characteristics that apply to both assets and agents.
●
The approach to scanning with Enterprise Scanner considers the differences between asset
and agent policies:
When you configure policies for scanning a group of assets, you first identify IP
●
addresses to discover. Then, you identify assessment-related characteristics, such as
which checks to run for those assets. You do not define any characteristics of the
scanning agent, except to identify the potential pool (perspective) of agents to run the
scan.
When you define characteristics of an agent, you define operational features, such as
●
how to divide discovery and assessment scans into subtasks, the passwords for the
agent's accounts, and its perspective; but you do not define security-related
parameters.
By separating asset and agent policies, scanning is flexible and easily scalable, as
demonstrated in the following examples:
You can configure assessment scans for two groups of assets with different security
●
needs—such as a group of Web servers and a group on an internal subnet. After the
initial configuration, you could scan both groups with the same agent without
changing any policies on the agent or on the groups of assets.
You can also respond to changes in your network more easily. If a group of assets
●
grows, and you need to increase the scanning power for that group; you can add an
agent to the pool (by assigning it to the correct perspective). After you set up the agent
and register it with your the SiteProtector system, the agent immediately begins to
share the workload for the pool of agents assigned to that perspective.
Likewise, you could remove an agent from a pool, and the agents that remain would
●
continue to share the work load assigned to that pool.
IBM Internet Security Systems