Table of Contents
Advertisement
Using the Audit Tab
8. To ensure that an audit group has any updated or new audits automatically selected when Retina is updated,
check the Automatically add new audits to this group checkbox, to prevent new audits from being added to
the group, uncheck it.
Hint: To keep track of what audits are updated or added in a Retina update, create a new audit group called New,
unselect all audits in the group and then check the box. The next time Retina updates you can scroll down the list to
see what is checked.
Hint: To keep track of what audits are updated or added in a Retina update, create a new audit group called New,
unselect all audits in the group and then check the box. The next time Retina updates you can scroll down the list to
see what is checked.
Always Groups
For target, port, and audit selections that you want enabled with every scan you can create an Always group. Always
groups will not display in the group selection box. They will only be listed in the group selection drop-down list. For
example to create an always address group to prevent scanning of a group of IPs do the following:
1. From the Audit tab select the Target Type: Address Group(s) on the Targets sub-tab.
2. Click the Modify button.
3. You will see the Address Group Modification window.
4. If the Always group does not exist, click the New button and enter Always for the group name to create an
Always group.
5. To omit a single host from all scans, select Single IP or Named Host, enter the information, click the Omit check
box and then click Add.
To remove a single address or multiple addresses from the group, select them in the Address list,
and click the Delete button at the bottom of the list.
To clear changes before saving, click the Reset button.
Credential Management
Overview
In Retina versions prior to 5.0, Retina ran as a desktop application, in that configuration it ran audits with the
permissions of the user logged in (or calling the executable from a script). This meant that if the user was a domain
administrator that there would be no problems with access when scanning a remote system on the same domain. In
Retina 5.0 the scanner runs as a service. In this mode the default installation runs as the LOCAL_SYSTEM user. This
user has no access to Windows Networking connections—such as NetBIOS and remote registries.
It should also be noted that Retina utilizes the operating system's authentication settings and libraries. This means
that a Retina scanner installed on a system that has the Network security setting "LAN Manager authentication level"
set to "Send NTLMv2 response only\refuse LM & NTLM" won't be able to log on to a client that is set to a lower level,
such as "Send NTLM response only."
Deployment/Installation Decisions
eEye recommends that you install Retina in the default manner with the eEye Retina Engine service running as the
LOCAL_SYSTEM user and manage user credentials via the Retina Credential Management interface. However, to
meet your network requirements you may choose to install the eEye Retina Engine service to "Log On" as a user
with Windows access (see "How-To configure how a service is started in the Microsoft Management Console™).
Otherwise Retina will use the credentials last selected via the Retina Audit->Credential interface.
Local Access to non-Windows™ devices
To access non-Windows™ devices for scanning, Retina utilizes an SSH connection to conduct its audits. This means
that an SSH server must be running on the target device. The userid/password combination selected as the
credentials for the scan must also exist on the target system and have sufficient access to perform the checks.
Retina Users Manual
40
Advertisement
Table of Contents
