manualshive.com logo in svg

EEye Digital Security Retina, Руководство пользователя

EEye Digital Security Retina - надежное программное обеспечение для цифровой безопасности. Ищите пользовательское руководство? Скачайте его бесплатно с manualshive.com. Узнайте, как эффективно защитить свои данные с помощью нашего продукта.

Поделиться
Скачать
background image

Retina Users Manual 

 

Using the Audit Tab 

8. 

To ensure that an audit group has any updated or new audits automatically selected when Retina is updated, 
check the 

Automatically add new audits to this group 

checkbox, to prevent new audits from being added to 

the group, uncheck it. 

Hint:

 To keep track of what audits are updated or added in a Retina update, create a new audit group called New, 

unselect all audits in the group and then check the box. The next time Retina updates you can scroll down the list to 
see what is checked. 

Hint:

 To keep track of what audits are updated or added in a Retina update, create a new audit group called New, 

unselect all audits in the group and then check the box. The next time Retina updates you can scroll down the list to 
see what is checked. 

Always Groups 

For target, port, and audit selections that you want enabled with every scan you can create an 

Always

 group. Always 

groups will not display in the group selection box. They will only be listed in the group selection

 

drop-down list. For 

example to create an always address group to prevent scanning of a group of IPs do the following: 
1. From 

the 

Audit 

tab select the 

Target Type: Address Group(s)

 on the 

Targets

 sub-tab. 

2. Click 

the 

Modify 

button. 

3.  You will see the 

Address Group Modification 

window.  

4. If 

the 

Always

 group does not exist, click the 

New 

button and enter 

Always

 for the group name to create an 

Always

 group.  

5.  To omit a single host from all scans, select Single IP or Named Host, enter the information, click the 

Omit 

check 

box and then click Add. 

ƒ

 

To remove a single address or multiple addresses from the group, select them in the Address list, 
and click the Delete button at the bottom of the list. 

ƒ

 

To clear changes before saving, click the Reset button. 

Credential Management  

Overview 

In Retina versions prior to 5.0, Retina ran as a desktop application, in that configuration it ran audits with the 
permissions of the user logged in (or calling the executable from a script). This meant that if the user was a domain 
administrator that there would be no problems with access when scanning a remote system on the same domain. In 
Retina 5.0 the scanner runs as a service. In this mode the default installation runs as the LOCAL_SYSTEM user. This 
user has no access to Windows Networking connections—such as NetBIOS and remote registries.  
 
It should also be noted that Retina utilizes the operating system’s authentication settings and libraries. This means 
that a Retina scanner installed on a system that has the Network security setting “LAN Manager authentication level” 
set to “Send NTLMv2 response only\refuse LM & NTLM” won’t be able to log on to a client that is set to a lower level, 
such as “Send NTLM response only.” 

Deployment/Installation Decisions 

eEye recommends that you install Retina in the default manner with the 

eEye Retina Engine 

service running as the 

LOCAL_SYSTEM user and manage user credentials via the Retina 

Credential Management

 interface. However, to 

meet your network requirements you may choose to install the 

eEye Retina Engine

 service to “Log On” as a user 

with Windows access (see “How-To configure how a service is started in the Microsoft Management Console™). 
Otherwise Retina will use the credentials last selected via the Retina 

Audit->Credential

 interface. 

Local Access to non-Windows™ devices 

To access non-Windows™ devices for scanning, Retina utilizes an SSH connection to conduct its audits. This means 
that an SSH server must be running on the target device. The userid/password combination selected as the 
credentials for the scan must also exist on the target system and have sufficient access to perform the checks.  

 

40

 

 

Содержание Retina

Страница 1: ...Users Manual Retina Network Security Scanner...

Страница 2: ...licenses are expressly or implicitly granted herein with this manual Disclaimer All brand names and product names used in this document are trademarks registered trademarks or trade names of their res...

Страница 3: ...13 Shortcut Bar 13 Status Bar 15 Tabs Pane 15 Options Dialog 15 Using the Getting Started Wizard 16 Using the Discover Tab 25 Accessing the Discover Tab 25 Starting a Discovery Scan 26 Creating a New...

Страница 4: ...le 54 Deleting a Scan File 54 Options 55 Customizing Retina 55 General Options 55 Appearance 56 Logging 56 Auto Update 57 Central Policy 57 Event Routing 57 REM 57 OPSEC 57 Scanner 57 Performance 58 R...

Страница 5: ...Retina Users Manual Table of Contents Glossary 82 iii...

Страница 6: ...hic and usage conventions of this manual Bold text represents commands interface buttons and dialog names except when they appear in window examples or the contents of files Purple underline text indi...

Страница 7: ...03 Server Internet Explorer Version 5 5 or higher 512 mb of memory 1 gb of free disk space Internet connection Installing Retina from the CD ROM If you meet the system requirements specified above com...

Страница 8: ...Retina Users Manual Installation 2 Click Next The License Agreement window appears 2...

Страница 9: ...ers Manual Installation Review the End User Software License Agreement You must accept the license agreement to continue using the Retina Installation Wizard 3 Click Yes The Destination Folder window...

Страница 10: ...ion wizard will install the Retina files 4 Do one of the following Accept the default destination folder C Program Files eEye Digital Security Retina 5 Click Browse and select a folder where you want...

Страница 11: ...Retina Users Manual Installation 6 Click Next The install program displays a progress bar and shows the files as the application copies them to your system 5...

Страница 12: ...Retina Users Manual Installation Once Retina is completely installed the following screen displays to confirm a successful installation 6...

Страница 13: ...em so the changes can take effect Click Cancel if you plan to restart your system manually later Opening the Installation Wizard with Run Dialog Complete the following steps to open the Retina Install...

Страница 14: ...o R etinaSetup exe an error message appears If need be complete the following steps to display the Welcome window of the Retina Installation Wizard Click Browse Find and double click the Retina Setup...

Страница 15: ...op icon for Retina This option is enabled by default Set to 0 to prevent creation of the icon CREATEQUICKLAUNCH 0 Disables creation of a quick launch icon for Retina This option is enabled by default...

Страница 16: ...ing steps to remove Retina from your workstation using the Retina Uninstall Wizard eEye recommends that you exit all Windows programs before you run the Retina Uninstall Wizard 1 Click the Windows Sta...

Страница 17: ...to allow you to continue the uninstall of Retina Select Yes to continue 6 The uninstall displays a prompt asking if you would like to remove your Retina license from the machine Select Yes to remove t...

Страница 18: ...using the Windows Installer from the command line eEye recommends that you exit all Windows programs before you run the Windows Installer 1 Open the Windows Command Prompt 2 Enter Msiexec exe x 59404...

Страница 19: ...nterface The Retina Interface is the first window that appears when you log on to the Retina software You can select the Retina features that you want to use from the toolbar or the provided tabs The...

Страница 20: ...task tab For example the shortcut bar for the Remediate Tasks menu displays tasks including Generate Reports and Print Reports Other Places appears below the Tasks shortcut bar at the middle left pan...

Страница 21: ...is currently processing Tabs Pane The Tabs pane is the main window of the Retina Interface It displays tabs you can select to use the features associated with each Retina task You can select from the...

Страница 22: ...the Retina Network Security Scanner to perform a vulnerability scan and analyze the results Complete the following procedure to use the Retina Getting Started Wizard 1 Select Help Getting Started from...

Страница 23: ...Retina Users Manual Installation 2 Click Next on the Retina Getting Started Wizard The Beginning a Scan window appears 17...

Страница 24: ...procedure to enter a range of IP addresses Enter a range of IP addresses for Retina to scan as follows Click the IP Range radio button Enter an IP address in the From field Enter another IP address i...

Страница 25: ...Retina Users Manual Installation 8 Click Next on the Retina Getting Started Wizard The Selecting Audit Groups window appears 19...

Страница 26: ...Retina Users Manual Installation 9 Click Next the Retina Getting Started Wizard The Analyzing Scan Results window appears 20...

Страница 27: ...mages that represent the highest risk level of the audits found on the select system The image is color coded to match Retina s audit risk level settings see Audit Results on page 35 for more informat...

Страница 28: ...ts Then click Generate The report you created appears in the Results pane of the Retina Interface Use the scroll box to move vertically through the report To print your report click Print Report from...

Страница 29: ...Retina Users Manual Installation 16 Click Next on the Retina Getting Started Wizard The Additional Information window appears 23...

Страница 30: ...Retina Users Manual Installation 17 Click Finish to exit the Retina Getting Started Wizard 24...

Страница 31: ...eral machine information You can then use discovery results to create host files or to launch a vulnerability assessment scan directly from the discovery interface Accessing the Discover Tab Complete...

Страница 32: ...types from the Target Type drop down Single IP Then enter the IP address or the name of the server that you want Retina to scan in the Address field By default Retina displays the scanner s IP address...

Страница 33: ...very TCP Discovery on Ports Enter the port number s comma separated that you want Retina to scan in the provided field UPD Discovery Perform OS Detection Get Reverse DNS Get NetBIOS Name Get MAC Addre...

Страница 34: ...ain any combination of IP addresses or example you can create a group that lists only your organization s 2000 servers Complete the following steps to create an address group After completing the disc...

Страница 35: ...Appending to an Existing Address Group You can add one or more IP addresses to an existing address group For example if there is a new Windows 2000 server on your network you can add the correspondin...

Страница 36: ...you to quickly clear all of the scan results that appear in the Results table You should always clear your results before you create a new scan Complete the following step to clear your scan results 1...

Страница 37: ...header and drag it to the top row of the Results table as shown in the following example Retina sorts and displays your results by the column name you selected In the example above the table has been...

Страница 38: ...u set targets ports and audits determine options and start or schedule scan jobs 2 The Scan Jobs pane where you determine the status of scan jobs view completed jobs view scheduled jobs control active...

Страница 39: ...with 254 as the host number 1 to 254 is the full range of IP addresses you can scan CIDR Notation Enter the IP address and network prefix in the Address fields For example 192 168 205 0 18 means the...

Страница 40: ...n Deselect any of the following port group options that you do not want Retina to scan You can select more than one port group in this manner you can combine several custom groups for a single scan Am...

Страница 41: ...d for specific targets that are known to filter or otherwise ignore TCP UDP or ICMP probes The Retina scanning engine will drop to Connect Scan automatically when required Connect Scan should only be...

Страница 42: ...evice address report date domain name and others Audits vulnerabilities or audit information found on the device Each audit or vulnerability will have an icon matching the above color scheme indicatin...

Страница 43: ...nt to enter individual port numbers or groups of ports you want Retina to scan click the Modify button next to the Select Port Groups box on the Audit tab on the Ports sub tab The Port Groups Modifica...

Страница 44: ...edit field to create a new address group To add a single host to the address group select Single IP or Named Host and then click Add To add a continuous range of hosts to the group select IP Range or...

Страница 45: ...in the Look For text box Decide which type of text field you want to search and select it in the Search In drop down box To limit your search to a single category select it in the Filter drop down box...

Страница 46: ...aving click the Reset button Credential Management Overview In Retina versions prior to 5 0 Retina ran as a desktop application in that configuration it ran audits with the permissions of the user log...

Страница 47: ...ooting If you have multiple segments or systems that require different credentials to access then you should set up Retina to use a different set of stored credentials for each scan the default setup...

Страница 48: ...agement from the drop down menu 3 You will see an information dialog informing you local that storage of credentials You will have to decide if you wish to store credentials If so select Yes If not yo...

Страница 49: ...You may enter a number of credentials here by repeating steps 4 and 5 6 To remove a stored credential highlight the desired user name in the Username list box 7 Select the Delete button 8 When you ar...

Страница 50: ...e you set filters and options and generate Remediation lists 2 The Scan Jobs pane where you determine the status of scan jobs view completed jobs view scheduled jobs control active jobs and delete or...

Страница 51: ...ck the Options tab and check or uncheck to select or deselect formatting options You can select from the following options Insert page breaks between entries Which will insert page breaks between the...

Страница 52: ...ediation Report in Microsoft Word If you have Microsoft Word installed you can click Open Report In Microsoft Word on the shortcut bar and the report will open in a Microsoft Word window ready for edi...

Страница 53: ...e where you set filters and options and generate reports 2 The Scan Jobs pane where you determine the status of scan jobs view completed jobs view scheduled jobs control active jobs and delete or view...

Страница 54: ...sections to include in the report click on the Sections tab of the Configuration pane and check the sections you want in the report 3 To change formatting for the report click the Options tab and che...

Страница 55: ...k either Print Report on the shortcut bar or the printer icon in the toolbar and follow the prompts Saving a Report You can save a Report in HTML format for future use To save a Report in the top line...

Страница 56: ...there can be only one Discover scan scheduled named Discover at any time To get to the Scheduler click the Schedule button in either the Discover or the Audit tab To run the scan once A Enter the name...

Страница 57: ...can on a weekly basis A Select Weekly in the Frequency drop down B Select the Start Time C Select one or more Day s of the Week to run the scan D Select OK To run the scan on a monthly basis A Select...

Страница 58: ...ed until the job starts Once started it will be the time that the job actually began scanning The Data Source is the filename or DSN that the job is being written to Each column can be sorted A job in...

Страница 59: ...xecuted Once a job starts it will be placed in the Active tab and the next scheduled instance of the job will then show in the Scheduled tab The Job Name Data Source and Start Time are the same as the...

Страница 60: ...s to open a scan file 1 Select File Open from the menu bar 2 Select the scan file you want to open 3 The scans available in that file be displayed in the Job Status Complete window Deleting a Scan Fil...

Страница 61: ...You can customize Retina to meet your specific needs by using the Options Dialog located by selecting Tools Options General Options You will see the Options dialog open to the General tab This tab con...

Страница 62: ...will cause Retina to drop to an icon in the system tray when minimized Logging The Generate a log file of Retina operations selection turns Retina logging on if checked and off if unchecked By defaul...

Страница 63: ...must be entered in the Central Policy URI text box Check for new policies every determines how often Retina will request updates from the REM server Event Routing The Event Routing tab controls REM Ev...

Страница 64: ...get machines as dropped connections for other services Though it can show up in the Retina logs in such areas as known services not being found or known open ports not being identified If you find tha...

Страница 65: ...on the target machine this will show in the Retina logs as services that are initially connected but with the banners and other return information not displaying until some time after the check is com...

Страница 66: ...have assigned a DSN to Retina you can then use it to store scan data By default Retina always displays the most recent scan results when a DSN is selected Complete the following steps to view results...

Страница 67: ...have selected the Auto Update feature Retina will update itself with the necessary files you do not have to deal with any messy file downloads that must be manually installed Auto Update can be config...

Страница 68: ...file menu 1 Select Tools Updates from the menu bar Retina will be unloaded as suggested by the initial dialog box If you would rather not be questioned about this activity each time put a checkmark in...

Страница 69: ...Retina Users Manual Manual Update 3 Select Next The Downloading window displays progress bars relating to the download and install of the updates 63...

Страница 70: ...Manual Manual Update 4 Select Next The Update Summary window appears allowing you to review the status of the updates performed Highlighting a product from the list allows you to see the details of t...

Страница 71: ...ame and password to use to gain access to the licensing generation part of Retina s Web site Full directions to obtain your serial number are included in the post purchase email that you receive after...

Страница 72: ...Retina Users Manual Retina Audit Wizard Terminating a License To terminate your Retina license follow the steps in Uninstalling Retina page 10 and when prompted delete the Retina license select Yes 66...

Страница 73: ...t Wizard to create a custom audit follow the following steps 1 Start the Retina Audit Wizard by either selecting the Audits Wizard from the Tools drop down menu or by starting the Audits Wizard exe in...

Страница 74: ...the Bind TSIG remote root buffer overflow that was released in the later half of the year 2000 would fall under this category o DoS Denial of Service attacks such as the ICMP fragmentation attack Ping...

Страница 75: ...ecurity Audits Local Security Audits Slackware Local Security Audits Immunix Local Security Audits Conectiva Local Security Audits EnGarde Local Security Audits Trustix Local Security Audits Caldera L...

Страница 76: ...e version to one that you believe to be vulnerable CGI Script This check allows you to check for the existence of a CGI script that you know to be vulnerable Registry This check type pertains to check...

Страница 77: ...n to continue audit creation Banner Select the type of service being checked HTTP POP3 SMTP FTP DNS IMAP LDAP SSH or TELNET Then enter the banner to be checked Such as 220 corp ftp com MyServer 5 0 4...

Страница 78: ...exist or exists to test for the absence or presence of this registry item Select the parent Hive to be searched HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS or HKEY_CURRENT_CONFIG...

Страница 79: ...re service pack radio button and then fill in the service pack number in the corresponding edit box To check for a Hotfix select the Check to make sure hotfix radio button and enter the hotfix number...

Страница 80: ...of the file in the Check if the File Version of edit box then select equal to greater than less than greater than or equal to or less than or equal to in the drop down selection box and enter the ver...

Страница 81: ...lar expression that will match the desired package packages in the Package edit box check the Alert when matched checkbox check the Only if installed package matches checkbox enter the regular express...

Страница 82: ...OS in the Version String edit box 5 The Vulnerability Details screen comes up next If you have BugTraq or CVE numbers for the audit enter them in the Bugtraq ID or CVE ID edit boxes Enter URLs that li...

Страница 83: ...Retina Users Manual Retina Audit Wizard 6 The final screen will display 77...

Страница 84: ...Retina Users Manual Retina Audit Wizard At this point you can click Finish to save the audit in the audits XML file or click Cancel to abort audit creation 78...

Страница 85: ...itten using the Retina API For information on the Retina API see the Retina API documentation in your C Program Files Retina Help API directory New Opens up a file explorer so you can locate the modul...

Страница 86: ...e use to have Retina auto assign a name based on the current timestamp DSN The name of the DSN to be used for data storage this value overrides that of outputfile Noupdate Suppresses the launch of Syn...

Страница 87: ...is not running or not paused no action is performed SetWindowHandle Window ID This sets a window handle ID This is deprecated use PipeClient StopSchedule scan name This deletes scan name where scan n...

Страница 88: ...ult to remember Anonymous FTP Anonymous FTP allows a user to retrieve documents files programs and other archived data from anywhere on the Internet without having to establish a user ID and password...

Страница 89: ...s of a transmission channel However as typically used the amount of data that can be sent through a given communications circuit BIND Berkeley Internet Name Domain The implementation of a DNS server d...

Страница 90: ...e name server name resolver relationship in DNS and the file server file client relationship in NFS See also Client and Server Congestion Congestion occurs when the offered load exceeds the capacity o...

Страница 91: ...temporary as opposed to dedicated connection between machines established over a standard phone line Distributed Database A collection of several different data repositories that looks like a single d...

Страница 92: ...at 10mps over fiber twisted pair and several coaxial cable types EtherTalk Networking protocol used by Apple equipment connected directly to Ethernet Apple equipment on PhoneNet uses LocalTalk F FAQ...

Страница 93: ...g The Internet has three levels the backbones the midlevel and the stub networks The backbones know how to route between the midlevel the midlevel knows how to route between the sites and each site be...

Страница 94: ...s structured as a network of servers each of which accepts connections from client programs one per user See also Talk Internet A collection of networks interconnected by a set of routers that allow t...

Страница 95: ...Area Network LocalTalk Networking protocol used by Macintosh computers to communicate over PhoneNet M MAC Address The physical hardware address of a device connected to a shared media Mail Gateway A...

Страница 96: ...host can send and receive data over any of the links but does not route traffic for other nodes Multiport Repeater An Ethernet device typically with 8 thinnet ports and one transceiver cable port Mult...

Страница 97: ...System A protocol developed by Sun Microsystems and defined in RFC 1094 which allows a computer system to access files over a network as if they were on its local disks This protocol has been incorpo...

Страница 98: ...e in transit between two end systems OSI Layer 7 Application Layer The top most layer of the OSI Model It provides such communication services as electronic mail and file transfer OSI Reference Model...

Страница 99: ...ormal description of message formats and the rules two computers must follow to exchange those messages Protocols can describe low level details of machine to machine interfaces e g the order in which...

Страница 100: ...iewed and standardized protocols that are promoted by organizations such as CCITT and ANSI See also For Your Information and STD Route The path that network traffic takes from its source to its destin...

Страница 101: ...n address subnet mask See also Address Mask IP Address Network Address and Host Address Subnet Mask An IP address used in configuring a system It shows which part of the address is actually the subnet...

Страница 102: ...psulation of protocol A within protocol B such that A treats B as though it were a data link layer Tunneling is used to get data between administrative domains that use a protocol that is not supporte...

Страница 103: ...e number and email address Wide Area Network A network usually constructed with serial lines which covers a large geographic area Workstation A node on the network typically associated with a single u...

Отзывы:

Нет отзывов

Похожие инструкции для Retina

Unitech MS920 Quick Start Manual preview
MS920
Бренд: Unitech Страницы: 2
Grecom PSR-120 Owner'S Manual preview
PSR-120
Бренд: Grecom Страницы: 47
3DHISTECH Ltd. Pannoramic DESK II User Manual preview
Pannoramic DESK II
Бренд: 3DHISTECH Ltd. Страницы: 82
Garnet SeeLevel 710-AR Manual preview
SeeLevel 710-AR
Бренд: Garnet Страницы: 12
Zebrex Z-3051BT Quick Operation Manual preview
Z-3051BT
Бренд: Zebrex Страницы: 2
Kodak i6000 Series User Manual preview
i6000 Series
Бренд: Kodak Страницы: 38
Panasonic KV-S3105C Specifications preview
KV-S3105C
Бренд: Panasonic Страницы: 2
Uniden BC346XT Manual preview
BC346XT
Бренд: Uniden Страницы: 16
Xerox DocuMate 3125 User Manual preview
DocuMate 3125
Бренд: Xerox Страницы: 47
Whistler WS1025 Owner'S Manual preview
WS1025
Бренд: Whistler Страницы: 34
Spector IN-02 User Manual preview
IN-02
Бренд: Spector Страницы: 16
PeakSonic M4-HD User Manual preview
M4-HD
Бренд: PeakSonic Страницы: 91
Savin IS200e Operating Instructions Manual preview
IS200e
Бренд: Savin Страницы: 240
Radio Shack 20-419 Owner'S Manual preview
20-419
Бренд: Radio Shack Страницы: 40

Бренды по названию

Популярные бренды

Загрузить еще бренды