1. Manuals
  2. Brands
  3. IBM Manuals
  4. Scanner
  5. Proventia Network Enterprise
  6. User manual

Chapter 5: Introduction To Enterprise Scanner Policies; Introduction To Asset And Agent Policies - IBM Proventia Network Enterprise Scanner User Manual

Hide thumbs
Table of Contents

Advertisement

Chapter 5: Introduction to Enterprise Scanner Policies

Introduction to Asset and Agent Policies

Introduction
Approach to asset
and agent policies
Advantages
72
The most important difference with Enterprise Scanner policies is the difference between
asset and agent policies:
Asset policies apply to groups of assets and describe the security policy for those
assets.
Agent policies apply to Enterprise Scanner appliances and primarily describe
operational settings for the agents or global settings for all scans. In addition, some
agent policies apply to only one agent.
Some policies define characteristics that apply to both assets and agents.
The approach to scanning with Enterprise Scanner considers the differences between asset
and agent policies:
When you configure policies for scanning a group of assets, you first identify IP
addresses to discover. Then, you identify assessment-related characteristics, such as
which checks to run for those assets. You do not define any characteristics of the
scanning agent, except to identify the potential pool (perspective) of agents to run the
scan.
When you define characteristics of an agent, you define operational features, such as
how to divide discovery and assessment scans into subtasks, the passwords for the
agent's accounts, and its perspective; but you do not define security-related
parameters.
By separating asset and agent policies, scanning is flexible and easily scalable, as
demonstrated in the following examples:
You can configure assessment scans for two groups of assets with different security
needs—such as a group of Web servers and a group on an internal subnet. After the
initial configuration, you could scan both groups with the same agent without
changing any policies on the agent or on the groups of assets.
You can also respond to changes in your network more easily. If a group of assets
grows, and you need to increase the scanning power for that group; you can add an
agent to the pool (by assigning it to the correct perspective). After you set up the agent
and register it with your the SiteProtector system, the agent immediately begins to
share the workload for the pool of agents assigned to that perspective.
Likewise, you could remove an agent from a pool, and the agents that remain would
continue to share the work load assigned to that pool.
IBM Internet Security Systems

Advertisement

Table of Contents
loading

Related Manuals for IBM Proventia Network Enterprise Scanner

Related Content for IBM Proventia Network Enterprise Scanner

Table of Contents