EEye Digital Security Retina User Manual Download

Page: 1 / 103

Users Manual

Retina

Network Security Scanner

Summary of Contents for Retina

Page 1: ...Users Manual Retina Network Security Scanner...

Page 2: ...licenses are expressly or implicitly granted herein with this manual Disclaimer All brand names and product names used in this document are trademarks registered trademarks or trade names of their res...

Page 3: ...13 Shortcut Bar 13 Status Bar 15 Tabs Pane 15 Options Dialog 15 Using the Getting Started Wizard 16 Using the Discover Tab 25 Accessing the Discover Tab 25 Starting a Discovery Scan 26 Creating a New...

Page 4: ...le 54 Deleting a Scan File 54 Options 55 Customizing Retina 55 General Options 55 Appearance 56 Logging 56 Auto Update 57 Central Policy 57 Event Routing 57 REM 57 OPSEC 57 Scanner 57 Performance 58 R...

Page 5: ...Retina Users Manual Table of Contents Glossary 82 iii...

Page 6: ...hic and usage conventions of this manual Bold text represents commands interface buttons and dialog names except when they appear in window examples or the contents of files Purple underline text indi...

Page 7: ...03 Server Internet Explorer Version 5 5 or higher 512 mb of memory 1 gb of free disk space Internet connection Installing Retina from the CD ROM If you meet the system requirements specified above com...

Page 8: ...Retina Users Manual Installation 2 Click Next The License Agreement window appears 2...

Page 9: ...ers Manual Installation Review the End User Software License Agreement You must accept the license agreement to continue using the Retina Installation Wizard 3 Click Yes The Destination Folder window...

Page 10: ...ion wizard will install the Retina files 4 Do one of the following Accept the default destination folder C Program Files eEye Digital Security Retina 5 Click Browse and select a folder where you want...

Page 11: ...Retina Users Manual Installation 6 Click Next The install program displays a progress bar and shows the files as the application copies them to your system 5...

Page 12: ...Retina Users Manual Installation Once Retina is completely installed the following screen displays to confirm a successful installation 6...

Page 13: ...em so the changes can take effect Click Cancel if you plan to restart your system manually later Opening the Installation Wizard with Run Dialog Complete the following steps to open the Retina Install...

Page 14: ...o R etinaSetup exe an error message appears If need be complete the following steps to display the Welcome window of the Retina Installation Wizard Click Browse Find and double click the Retina Setup...

Page 15: ...op icon for Retina This option is enabled by default Set to 0 to prevent creation of the icon CREATEQUICKLAUNCH 0 Disables creation of a quick launch icon for Retina This option is enabled by default...

Page 16: ...ing steps to remove Retina from your workstation using the Retina Uninstall Wizard eEye recommends that you exit all Windows programs before you run the Retina Uninstall Wizard 1 Click the Windows Sta...

Page 17: ...to allow you to continue the uninstall of Retina Select Yes to continue 6 The uninstall displays a prompt asking if you would like to remove your Retina license from the machine Select Yes to remove t...

Page 18: ...using the Windows Installer from the command line eEye recommends that you exit all Windows programs before you run the Windows Installer 1 Open the Windows Command Prompt 2 Enter Msiexec exe x 59404...

Page 19: ...nterface The Retina Interface is the first window that appears when you log on to the Retina software You can select the Retina features that you want to use from the toolbar or the provided tabs The...

Page 20: ...task tab For example the shortcut bar for the Remediate Tasks menu displays tasks including Generate Reports and Print Reports Other Places appears below the Tasks shortcut bar at the middle left pan...

Page 21: ...is currently processing Tabs Pane The Tabs pane is the main window of the Retina Interface It displays tabs you can select to use the features associated with each Retina task You can select from the...

Page 22: ...the Retina Network Security Scanner to perform a vulnerability scan and analyze the results Complete the following procedure to use the Retina Getting Started Wizard 1 Select Help Getting Started from...

Page 23: ...Retina Users Manual Installation 2 Click Next on the Retina Getting Started Wizard The Beginning a Scan window appears 17...

Page 24: ...procedure to enter a range of IP addresses Enter a range of IP addresses for Retina to scan as follows Click the IP Range radio button Enter an IP address in the From field Enter another IP address i...

Page 25: ...Retina Users Manual Installation 8 Click Next on the Retina Getting Started Wizard The Selecting Audit Groups window appears 19...

Page 26: ...Retina Users Manual Installation 9 Click Next the Retina Getting Started Wizard The Analyzing Scan Results window appears 20...

Page 27: ...mages that represent the highest risk level of the audits found on the select system The image is color coded to match Retina s audit risk level settings see Audit Results on page 35 for more informat...

Page 28: ...ts Then click Generate The report you created appears in the Results pane of the Retina Interface Use the scroll box to move vertically through the report To print your report click Print Report from...

Page 29: ...Retina Users Manual Installation 16 Click Next on the Retina Getting Started Wizard The Additional Information window appears 23...

Page 30: ...Retina Users Manual Installation 17 Click Finish to exit the Retina Getting Started Wizard 24...

Page 31: ...eral machine information You can then use discovery results to create host files or to launch a vulnerability assessment scan directly from the discovery interface Accessing the Discover Tab Complete...

Page 32: ...types from the Target Type drop down Single IP Then enter the IP address or the name of the server that you want Retina to scan in the Address field By default Retina displays the scanner s IP address...

Page 33: ...very TCP Discovery on Ports Enter the port number s comma separated that you want Retina to scan in the provided field UPD Discovery Perform OS Detection Get Reverse DNS Get NetBIOS Name Get MAC Addre...

Page 34: ...ain any combination of IP addresses or example you can create a group that lists only your organization s 2000 servers Complete the following steps to create an address group After completing the disc...

Page 35: ...Appending to an Existing Address Group You can add one or more IP addresses to an existing address group For example if there is a new Windows 2000 server on your network you can add the correspondin...

Page 36: ...you to quickly clear all of the scan results that appear in the Results table You should always clear your results before you create a new scan Complete the following step to clear your scan results 1...

Page 37: ...header and drag it to the top row of the Results table as shown in the following example Retina sorts and displays your results by the column name you selected In the example above the table has been...

Page 38: ...u set targets ports and audits determine options and start or schedule scan jobs 2 The Scan Jobs pane where you determine the status of scan jobs view completed jobs view scheduled jobs control active...

Page 39: ...with 254 as the host number 1 to 254 is the full range of IP addresses you can scan CIDR Notation Enter the IP address and network prefix in the Address fields For example 192 168 205 0 18 means the...

Page 40: ...n Deselect any of the following port group options that you do not want Retina to scan You can select more than one port group in this manner you can combine several custom groups for a single scan Am...

Page 41: ...d for specific targets that are known to filter or otherwise ignore TCP UDP or ICMP probes The Retina scanning engine will drop to Connect Scan automatically when required Connect Scan should only be...

Page 42: ...evice address report date domain name and others Audits vulnerabilities or audit information found on the device Each audit or vulnerability will have an icon matching the above color scheme indicatin...

Page 43: ...nt to enter individual port numbers or groups of ports you want Retina to scan click the Modify button next to the Select Port Groups box on the Audit tab on the Ports sub tab The Port Groups Modifica...

Page 44: ...edit field to create a new address group To add a single host to the address group select Single IP or Named Host and then click Add To add a continuous range of hosts to the group select IP Range or...

Page 45: ...in the Look For text box Decide which type of text field you want to search and select it in the Search In drop down box To limit your search to a single category select it in the Filter drop down box...

Page 46: ...aving click the Reset button Credential Management Overview In Retina versions prior to 5 0 Retina ran as a desktop application in that configuration it ran audits with the permissions of the user log...

Page 47: ...ooting If you have multiple segments or systems that require different credentials to access then you should set up Retina to use a different set of stored credentials for each scan the default setup...

Page 48: ...agement from the drop down menu 3 You will see an information dialog informing you local that storage of credentials You will have to decide if you wish to store credentials If so select Yes If not yo...

Page 49: ...You may enter a number of credentials here by repeating steps 4 and 5 6 To remove a stored credential highlight the desired user name in the Username list box 7 Select the Delete button 8 When you ar...

Page 50: ...e you set filters and options and generate Remediation lists 2 The Scan Jobs pane where you determine the status of scan jobs view completed jobs view scheduled jobs control active jobs and delete or...

Page 51: ...ck the Options tab and check or uncheck to select or deselect formatting options You can select from the following options Insert page breaks between entries Which will insert page breaks between the...

Page 52: ...ediation Report in Microsoft Word If you have Microsoft Word installed you can click Open Report In Microsoft Word on the shortcut bar and the report will open in a Microsoft Word window ready for edi...

Page 53: ...e where you set filters and options and generate reports 2 The Scan Jobs pane where you determine the status of scan jobs view completed jobs view scheduled jobs control active jobs and delete or view...

Page 54: ...sections to include in the report click on the Sections tab of the Configuration pane and check the sections you want in the report 3 To change formatting for the report click the Options tab and che...

Page 55: ...k either Print Report on the shortcut bar or the printer icon in the toolbar and follow the prompts Saving a Report You can save a Report in HTML format for future use To save a Report in the top line...

Page 56: ...there can be only one Discover scan scheduled named Discover at any time To get to the Scheduler click the Schedule button in either the Discover or the Audit tab To run the scan once A Enter the name...

Page 57: ...can on a weekly basis A Select Weekly in the Frequency drop down B Select the Start Time C Select one or more Day s of the Week to run the scan D Select OK To run the scan on a monthly basis A Select...

Page 58: ...ed until the job starts Once started it will be the time that the job actually began scanning The Data Source is the filename or DSN that the job is being written to Each column can be sorted A job in...

Page 59: ...xecuted Once a job starts it will be placed in the Active tab and the next scheduled instance of the job will then show in the Scheduled tab The Job Name Data Source and Start Time are the same as the...

Page 60: ...s to open a scan file 1 Select File Open from the menu bar 2 Select the scan file you want to open 3 The scans available in that file be displayed in the Job Status Complete window Deleting a Scan Fil...

Page 61: ...You can customize Retina to meet your specific needs by using the Options Dialog located by selecting Tools Options General Options You will see the Options dialog open to the General tab This tab con...

Page 62: ...will cause Retina to drop to an icon in the system tray when minimized Logging The Generate a log file of Retina operations selection turns Retina logging on if checked and off if unchecked By defaul...

Page 63: ...must be entered in the Central Policy URI text box Check for new policies every determines how often Retina will request updates from the REM server Event Routing The Event Routing tab controls REM Ev...

Page 64: ...get machines as dropped connections for other services Though it can show up in the Retina logs in such areas as known services not being found or known open ports not being identified If you find tha...

Page 65: ...on the target machine this will show in the Retina logs as services that are initially connected but with the banners and other return information not displaying until some time after the check is com...

Page 66: ...have assigned a DSN to Retina you can then use it to store scan data By default Retina always displays the most recent scan results when a DSN is selected Complete the following steps to view results...

Page 67: ...have selected the Auto Update feature Retina will update itself with the necessary files you do not have to deal with any messy file downloads that must be manually installed Auto Update can be config...

Page 68: ...file menu 1 Select Tools Updates from the menu bar Retina will be unloaded as suggested by the initial dialog box If you would rather not be questioned about this activity each time put a checkmark in...

Page 69: ...Retina Users Manual Manual Update 3 Select Next The Downloading window displays progress bars relating to the download and install of the updates 63...

Page 70: ...Manual Manual Update 4 Select Next The Update Summary window appears allowing you to review the status of the updates performed Highlighting a product from the list allows you to see the details of t...

Page 71: ...ame and password to use to gain access to the licensing generation part of Retina s Web site Full directions to obtain your serial number are included in the post purchase email that you receive after...

Page 72: ...Retina Users Manual Retina Audit Wizard Terminating a License To terminate your Retina license follow the steps in Uninstalling Retina page 10 and when prompted delete the Retina license select Yes 66...

Page 73: ...t Wizard to create a custom audit follow the following steps 1 Start the Retina Audit Wizard by either selecting the Audits Wizard from the Tools drop down menu or by starting the Audits Wizard exe in...

Page 74: ...the Bind TSIG remote root buffer overflow that was released in the later half of the year 2000 would fall under this category o DoS Denial of Service attacks such as the ICMP fragmentation attack Ping...

Page 75: ...ecurity Audits Local Security Audits Slackware Local Security Audits Immunix Local Security Audits Conectiva Local Security Audits EnGarde Local Security Audits Trustix Local Security Audits Caldera L...

Page 76: ...e version to one that you believe to be vulnerable CGI Script This check allows you to check for the existence of a CGI script that you know to be vulnerable Registry This check type pertains to check...

Page 77: ...n to continue audit creation Banner Select the type of service being checked HTTP POP3 SMTP FTP DNS IMAP LDAP SSH or TELNET Then enter the banner to be checked Such as 220 corp ftp com MyServer 5 0 4...

Page 78: ...exist or exists to test for the absence or presence of this registry item Select the parent Hive to be searched HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS or HKEY_CURRENT_CONFIG...

Page 79: ...re service pack radio button and then fill in the service pack number in the corresponding edit box To check for a Hotfix select the Check to make sure hotfix radio button and enter the hotfix number...

Page 80: ...of the file in the Check if the File Version of edit box then select equal to greater than less than greater than or equal to or less than or equal to in the drop down selection box and enter the ver...

Page 81: ...lar expression that will match the desired package packages in the Package edit box check the Alert when matched checkbox check the Only if installed package matches checkbox enter the regular express...

Page 82: ...OS in the Version String edit box 5 The Vulnerability Details screen comes up next If you have BugTraq or CVE numbers for the audit enter them in the Bugtraq ID or CVE ID edit boxes Enter URLs that li...

Page 83: ...Retina Users Manual Retina Audit Wizard 6 The final screen will display 77...

Page 84: ...Retina Users Manual Retina Audit Wizard At this point you can click Finish to save the audit in the audits XML file or click Cancel to abort audit creation 78...

Page 85: ...itten using the Retina API For information on the Retina API see the Retina API documentation in your C Program Files Retina Help API directory New Opens up a file explorer so you can locate the modul...

Page 86: ...e use to have Retina auto assign a name based on the current timestamp DSN The name of the DSN to be used for data storage this value overrides that of outputfile Noupdate Suppresses the launch of Syn...

Page 87: ...is not running or not paused no action is performed SetWindowHandle Window ID This sets a window handle ID This is deprecated use PipeClient StopSchedule scan name This deletes scan name where scan n...

Page 88: ...ult to remember Anonymous FTP Anonymous FTP allows a user to retrieve documents files programs and other archived data from anywhere on the Internet without having to establish a user ID and password...

Page 89: ...s of a transmission channel However as typically used the amount of data that can be sent through a given communications circuit BIND Berkeley Internet Name Domain The implementation of a DNS server d...

Page 90: ...e name server name resolver relationship in DNS and the file server file client relationship in NFS See also Client and Server Congestion Congestion occurs when the offered load exceeds the capacity o...

Page 91: ...temporary as opposed to dedicated connection between machines established over a standard phone line Distributed Database A collection of several different data repositories that looks like a single d...

Page 92: ...at 10mps over fiber twisted pair and several coaxial cable types EtherTalk Networking protocol used by Apple equipment connected directly to Ethernet Apple equipment on PhoneNet uses LocalTalk F FAQ...

Page 93: ...g The Internet has three levels the backbones the midlevel and the stub networks The backbones know how to route between the midlevel the midlevel knows how to route between the sites and each site be...

Page 94: ...s structured as a network of servers each of which accepts connections from client programs one per user See also Talk Internet A collection of networks interconnected by a set of routers that allow t...

Page 95: ...Area Network LocalTalk Networking protocol used by Macintosh computers to communicate over PhoneNet M MAC Address The physical hardware address of a device connected to a shared media Mail Gateway A...

Page 96: ...host can send and receive data over any of the links but does not route traffic for other nodes Multiport Repeater An Ethernet device typically with 8 thinnet ports and one transceiver cable port Mult...

Page 97: ...System A protocol developed by Sun Microsystems and defined in RFC 1094 which allows a computer system to access files over a network as if they were on its local disks This protocol has been incorpo...

Page 98: ...e in transit between two end systems OSI Layer 7 Application Layer The top most layer of the OSI Model It provides such communication services as electronic mail and file transfer OSI Reference Model...

Page 99: ...ormal description of message formats and the rules two computers must follow to exchange those messages Protocols can describe low level details of machine to machine interfaces e g the order in which...

Page 100: ...iewed and standardized protocols that are promoted by organizations such as CCITT and ANSI See also For Your Information and STD Route The path that network traffic takes from its source to its destin...

Page 101: ...n address subnet mask See also Address Mask IP Address Network Address and Host Address Subnet Mask An IP address used in configuring a system It shows which part of the address is actually the subnet...

Page 102: ...psulation of protocol A within protocol B such that A treats B as though it were a data link layer Tunneling is used to get data between administrative domains that use a protocol that is not supporte...

Page 103: ...e number and email address Wide Area Network A network usually constructed with serial lines which covers a large geographic area Workstation A node on the network typically associated with a single u...

Search results

Summary of Contents for Retina

Reviews:

Related manuals for Retina

Brands by name

Popular brands

EEye Digital Security Retina, User Manual

Search results

Summary of Contents for Retina

Reviews:

Related manuals for Retina

Brands by name

Popular brands