Download pdf - Sunbelt Network Security Inspector v2 Quick Start Guide

Sunbelt Network Security Inspector Quick Start Guide

Sunbelt Network Security Inspector™ v.2.0 Quick Start Guide 2 http://www.sunbeltsoftware.com/support Copyright© 2004-2008 Sunbelt Software, Inc. All rights reserved. [email protected] Other product and company names herein may be trademarks of their respective companies. Toll-free Technical Support: 877-673-1153

Use of this software is subject to the End User License Agreement found in the product directory (C:\Program Files\Sunbelt Software\SNSI\eula.rtf). By installing the software, you agree to accept the terms of the License Agreement. Sunbelt Network Security Inspector™ v.2.0. Copyright (c) 2004-2008 Sunbelt Software, Inc. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Information in this document is subject to change without notice. No part of this publication may be reproduced, photocopied, stored in a retrieval system, transmitted, or translated into any language without the prior written permission of Sunbelt Software, Inc.



Table of Contents

Introduction............................................................................................................................................4 System Requirements .......................................................................................................................................4 About Installing and Running SNSI.................................................................................................................5 Configuring the Proxy Settings ........................................................................................................................6 Registering SNSI..............................................................................................................................................7 SNSI's User Interface .......................................................................................................................................8

Getting Started with SNSI...................................................................................................................10 1. Creating Authentication Groups.................................................................................................................10 2. Creating Vulnerability Groups ...................................................................................................................11 3. Creating Port Groups..................................................................................................................................12 4. Creating a Policy ........................................................................................................................................14 5. Running a Scan...........................................................................................................................................15 6. Drilling-down in the Scan History..............................................................................................................17 7. Generating Reports.....................................................................................................................................19

Contacting Customer Support............................................................................................................20



Introduction Sunbelt Network Security Inspector™ (SNSI) is a network vulnerability scanner that enables system administrators to quickly and accurately identify network security holes, offering proactive protection from hackers, viruses, and other threats. SNSI scans for security risks on any networked machine, including Windows servers, workstations, and printers that have IP addresses.

There are three ways to get information about SNSI: The Quick Start Guide covers the basic information needed to get SNSI up and running so that you can start scanning and protecting your network right away. The Online Help is your primary resource for answers to questions you may have while using SNSI. The Help contains overviews and procedural information about the tasks you can perform in the application, as well as descriptions of each screen and dialog box in the application with detailed information about each field they contain. The User Guide contains the same information as the Online Help structured in a way that is to be used as a reference manual.

System Requirements Your computer must meet the following system requirements in order to run SNSI effectively:

Administrator Requirements

• 1 GHz Processor, minimum 2 GHz or higher processor, recommended

• Windows XP Professional SP2 • Windows Server 2003 SP1 • .NET 2.0 SP1 • 20 GB available disk space • 1 GB RAM, minimum

2 GB RAM or higher, recommended • Monitor resolution 1024 x• PDF reader (for reports)

768 or higher

Target Computer Requirements Target computers should have one of the following platforms:

• Windows Server 2003 • Windows 95 / 98 / Me / 2000 / XP Pro and Home / Vista

4.0

se Linux 2.1 and later

inux™

• Windows NT 3.51 /• Red Hat® Linux® • Red Hat Enterpri• Red Hat Fedora • Mandrake L• Mac OSX


• SUSE Linux™


d later 1 and later

• Sun™ Solaris™ 2.5.1 an• HP-UX 10, 1• HP Printers • Cisco® Routers

About Installing and Running SNSI Important: If you are running SNSI v.1.6, you MUST uninstall it manually before beginning the installation for SNSI v.2.0. The new database for v.2.0 has been upgraded from Access to SQL for better back-end performance; therefore, any previous settings and reports are not transferable to the new version.

When you run the SNSI installation, it installs the Lumension Engine, SQL Express 2005, and Java

to a server and port. If you need to change SNSI's default, enter th

Runtime. Each time you run the SNSI application, you will be prompted to connect

e server name as <servername>:<port>.

Impo a

0 has a better performing database

• ort les to resolve the issue. By default, log files are stored on the C drive in the following

tware\Network Security Inspector\logs

• It is necessary to have .NET 2.0 installed on your computer for SNSI to run.

rt nt Notes

• The new database for Sunbelt Network Security Inspector (SNSI) 2.back end. Therefore, SNSI 1.6 will not upgrade to SNSI 2.0.

• It is necessary to have a PDF reader in order to view SNSI reports. • When installing SNSI, the following files will install: Lumension Engine, SQL Express 2005, and Java

Runtime If you encounter any issues with SNSI 2.0, you need to supply Sunbelt Software, Inc.'s Technical Suppwith your log filocation: C:\Documents and Settings\All Users\Application Data\Sunbelt Sof


Configuring the Proxy Settings SNSI requires access to the Internet in order to perform certain operations, such as vulnerability updates, software updates, and registration. If you connect to the Internet through a proxy server, enter the information in the Proxy Settings tab.

To configure the proxy settings:

1. From the SNSI Toolbar, select Tools>Options>Proxy Settings tab. The Proxy Settings tab displays.

2. Select Use a proxy server and input your server's address and port. 3. Enter the authentication information, if required. 4. Click Test. SNSI verifies that the proxy information is correct. The result of the test is displayed

in the box below the button. 5. If the test fails, verify the information you entered is correct and try again. 6. If the test is successful, click OK. Your proxy settings are set and the Options dialog box closes.



Registering SNSI There are certain features that are unavailable in SNSI until you have a License Key. To get a License Key, call Sunbelt Sales at 888-688-8457. To register SNSI, you must have the program installed and open. You also need to have an Internet connection.

To register SNSI:

1. From the SNSI Toolbar, select Tools>Options>Registration tab. The Registration tab displays.

2. Enter your License Key that you received from Sunbelt. 3. Click Register Product. Your product is registered, allowing full access to all of SNSI's features. 4. Click OK to exit out of the dialog box.



SNSI's User Interface SNSI has two main panes: the Explorer Pane and the Page pane. The first page displayed, before any actions are made, is the Start Page as shown below.

By default arrangement, the Explorer Pane is located on the left side of the computer screen, running vertically. The Page Pane is located to its right. This pane divides the displayed pages horizontally as more details exist for a selected item. For instance, if you were to select a vulnerability, details about that vulnerability will be displayed as shown below.



Notice that there are now two tabs at the top of the Page Pane. Each time a page opens, a new tab is shown. This allows you to keep recent work open and pull them up with a single click of a tab.




Getting Started with SNSI

SNSI scans your network based on user-defined policies. A policy consists of User Defined Groups—Authentication, Vulnerability, and Port groups. Once you create these groups, you can create a Policy with any combination of these groups.

SNSI' high-level workflow:

1. Create an Authentication Group - set the authentication parameters so that SNSI can access your machines.

2. Optionally, create a Vulnerability Group - you can create user-defined groups of vulnerabilities or select from a list of default groups when you create a policy in Step 4.

3. Optionally, create a Port Group - you can create user-defined groups of ports or select from a list of default groups when you create a policy in Step 4.

4. Create a Policy - a policy brings together the configured settings of the User Defined Groups above. Select targets to be scanned, and then configure your scan for Vulnerability, Port, and Authentication groups.

5. Run a scan by right-clicking on the policy and selecting Scan Now. 6. View the status and results of the scan by clicking on Scan History under the policy. 7. Generate a report.

1. Creating Authentication Groups You create an Authentication Group for access rights to devices (machines, printers, etc.) that require passwords. Without proper logon credentials, the machines will not be scanned.

Tip: You can create authentication groups based on the operating system devices are on, including Windows, Unix/Linux, and Simple Network Management Protocol (SNMP). Tip: To get a listing of all devices on your network, run a scan on a policy with Null Credential selected for the Authentication group. This scans the network for the devises it contains without actually scanning the devises.

To create an Authentication Group:

1. Click the Group Explorer tab located at the bottom of the Explorer pane. The Group Explorer displays.

2. Right-click on Authentication Groups and select New Authentication Group from the menu. The Authentication Group Wizard displays.

3. In the Group Name text box, enter a unique name for your authentication group (e.g., Domain Admin, Windows XP, etc.).

4. Optionally, enter a description for this group in the Description box. 5. Click Next. The Windows Accounts window displays.


6. If you have windows devices to be scanned, click the New Windows credential icon . and enter the credentials in the dialog box

7. If you have Unix/Linux devices to be scanned, click the Add New Unix Credential icon and

enter the credentials in the dialog box.

8. If you have SNMP devices to be scanned, click the Add New SNMP Credential icon and enter the credentials in the dialog box.

9. Click Next. The Completing the Authentication Group Wizard window displays. 10. Click Finish. Your newly created group now exists within the Authentication Groups folder of

the Group Explorer.

You are now ready to create a user-defined vulnerability and/or port group, or use default groups and create a policy.

2. Creating Vulnerability Groups You can create a user-defined vulnerability group based on pre-existing Default Groups.

To create a Vulnerability Group:

1. Click the Groups tab at the bottom of the Explorer pane. The Groups Explorer pane displays. 2. Right-click on Vulnerability Groups and select New Vulnerability Group from the menu. The

Vulnerability Group Wizard opens, starting at the Existing Group window. 3. To create a group from scratch, select Start with a blank group.

-or- To start with an existing group of vulnerabilities, click Use an existing group and select a group from the list.

Note: Each group includes a description of the type of vulnerabilities in each group. For example, SANS contains the vulnerabilities that are in the SANS Top 20 list.).

4. Click Next. The Group Name window opens.

5. Enter a Group Name and Description, and then click Next. The Vulnerabilities window displays, listing all of the vulnerabilities in the group you selected. You can sort this list further by ID, Name, Category, Type, or Severity columns.

Tip: You can remove any item from the list or view its details by selecting it and clicking the appropriate icon above the list.



6. To add more vulnerabilities to this group, click the Add Additional Vulnerabilities icon . The Advanced Find dialog box displays allowing you to search for vulnerabilities to be added.

• Enter your search term in the Search word or phrase text box and click Find Now. SNSI searches for your search criteria in the Vulnerability database and displays your search results below.

• Select one or more vulnerabilities and click the Add Additional Vulnerabilities icon . The selected vulnerabilities are added to the list.

7. Click Next and then click Finish. Your new Vulnerability Group is created and displayed under the User Defined Groups in the Group Explorer.

You are now ready to create a user-defined port group, or use a default group and create a policy.

3. Creating Port Groups In order for a policy to scan ports, you need to select a port group. There are several default groups to choose from; however, you can create a user defined port group that will scan for 1 or more ports. Port scanning allows you to check for open ports that should not be open on host machines. You can use the predefined Port Groups already established in SNSI as they are, or create user-defined Port Groups.

Note: You are able to include port scanning in conjunction with vulnerability scans for security risks by including port scanning in your Policies.

To create a port group:

1. Click the Groups tab at the bottom of the Explorer pane. The Groups Explorer pane displays. 2. Right-click on Port Groups and select New Port Group from the menu. The Port Group

Wizard opens, starting at the Existing Group window. 3. To create a group from scratch, select Start with a blank group.

-or- To start with an existing group, click Use an existing group and select a group from the list.

Note: The default groups are All, Default, Default Discovery, and None.

4. Click Next. The Group Name window displays. 5. Enter a Group Name and Description, and then click Next. The Ports to Scan window displays.



• Choose Select from a predefined list and select a port. Port details display in the Port Detail area to the right. -or- Choose Enter a custom port or port range. The Port Editor options change, as pictured below.

1. Enter a single port number or select a port range. 2. Select one or more port types and click OK. Your selections are entered and you are

returned back to the Ports to Scan window of the Port Group Wizard.

6. To remove ports from the group, select the port(s) and click the Remove icon above the list. -or- To view the details of a port, select a port and click the View Details icon above the list. -or- To add additional ports to this group click the Add New Ports icon . The Port Editor dialog box displays.



7. Click Next and then click Finish. Your port group is created and is displayed in the Group Explorer under User Defined Groups.

4. Creating a Policy Once you have created an Authentication Group and then have either created a Vulnerability Group and Port Group (or plan to choose from the Default Groups), you are then ready to create a Policy. The Policy Wizard is used to create a policy.

Tip: To get a listing of all devices on your network, run a scan on a policy with Null Credential selected for the Authentication group. This scans the network for the devises it contains without actually scanning the devises.

To create a policy:

1. Click the Policy Explorer tab located at the bottom of the Explorer pane. The Policy Explorer displays.

2. Right-click on Policies and select New Policy from the menu or click the New Policy icon . The Policy Wizard displays.

3. To begin from a scratch, select Start with a blank policy. -or- To use an existing policy as a template, select Use an existing policy and then select a policy from the list.

Tip: Once you create one policy, you can use it as a template to create additional policies. Instead of starting with a blank policy, select the policy you want to start with.

4. Click Next. The Policy Name window displays. 5. Enter a name in the Policy Name box (for example, Windows XP Machines). 6. Enter a description for this policy (for example, search for vulnerabilities on Windows XP

machines) and then click the Next button. The Discovery Methods window displays.



7. In the Discovery Methods window, click the Add New Target icon in the toolbar or right-click within the white box area and select Add New Target. The Discovery Target Editor window displays.

8. From the Discovery Target Editor, select the method(s) for identifying targets. (See the Policy Wizard: Discovery Target Editor section)

9. Click Next. The Discovery Configuration and Ping Options window displays.

10. Select the scan parameters for searching the machines on your network. (See the Policy Wizard: Discovery Configuration and Ping Options section)

11. Click Next. The Scan Configuration window in the Policy Wizard displays. 12. Define the vulnerability, port groups, Windows scanning options, and click Next. The Scan

Schedule window displays. 13. Set the desired schedule and click Next. The Completing the Policy Wizard window opens.

Note: The Scan Schedule option is only available with a license key.

14. Click Finish. The Policy Wizard closes and your policy is created, displaying in the Policy Explorer.

Note: Once created, you can edit a policy by expanding it from the Policy Explorer and then clicking Settings.

5. Running a Scan Once you have established your Authentication, Vulnerability and Port groups and set up a Policy, you can run a scan. Follow the procedure below to complete a scan.

To run a scan:

1. Click the Policy tab at the bottom of the Explorer pane to reveal the Policy Explorer.



2. Right-click over a Policy and select Scan Now in the menu that opens. SNSI begins scanning.

3. Click the sign for your Policy in the Policy Explorer and select Scan History.

As a result, the scan status and results display in the Scan History page located to the right of the Explorer pane.

4. You can observe your scan's progress or look at past scans from the View Scans tab bar, located at the top

right of the Scan History page.



6. Drilling-down in the Scan History The View Scans feature in Scan History allows for drilling down for more details about your scans.

To drill down for more information:

1. Once your scan has been completed, click the Completed tab from the View Scans tab bar and your scan information populates in the top frame.

2. When you select the item in the list, more information about the scan is displayed in the second

frame below it.



3. By clicking on the information in the second frame, more information populates in the third frame located at the bottom of the Scan History page.

4. Even further drill-down information can be viewed by clicking the signs in the third Scan

History frame for Ports, Services, Shares, Users and Vulnerabilities.



7. Generating Reports SNSI has four predefined reports that can be run on any completed scan. The reports can be accessed by clicking the Report Explorer tab located at the bottom of the Explorer pane. Once created, full-color reports may be printed. The reports are automatically saved in SNSI, allowing you to access them again later.

• Executive Summary - Gives a high-level summary of the vulnerabilities found in a network or machine. • Scan Summary - Provides a list of scans and vulnerabilities found. • Vulnerability Details - The Vulnerability Detail report shows a list of vulnerabilities found, sorted by risk

level - highest to lowest - and provides a description of each. • Vulnerability details by Target - Gives a high-level summary of all vulnerabilities sorted by target.

Note: A PDF reader is required to view reports.

To generate a report: 1. Click the Report Explorer tab located at the bottom of the Explorer pane. 2. Select one of the four reports from the Report Explorer. The policies that have been created to

date will populate in the top area to the right of the Explorer pane. 3. Select a policy. The completed scans for this policy to date will populate in the pane below it. 4. Select a scan and click Generate Report. The report is generated and displays in the PDF viewer.




Contacting Customer Support

Note: If you encounter any issues with SNSI v.2.0, you will need to supply Technical Support with your log files to resolve the issue. By default, log files are stored in the following location: C:\Documents and Settings\All Users\Application Data\Sunbelt Software\Network Security Inspector\logs.

Online Technical Support http://www.sunbeltsoftware.com/Support/

Email Technical Support: [email protected]: [email protected]

Phone Main: (727) 562-0101 Toll-free technical support: 877-673-1153

Address Sunbelt Software, Inc. 33 N. Garden Ave., Ste. 1200 Clearwater, FL 33755

http://www.sunbeltsoftware.com/Support

mailto:[email protected]?subject=Help%20with%20Sunbelt%20Network%20Security%20Inspector%202.0

mailto:[email protected]?subject=Sales%20for%20Sunbelt%20Network%20Security%20Inspector