In this list you will find answers to the most frequently asked questions about SecureScout (Windows Edition)™.
The list will be updated according to need.
-
What is SecureScout (Windows Edition)?
SecureScout (Windows Edition) is a network vulnerability assessment tool that determines whether networks and firewalls are vulnerable to attacks, and recommends corrective action for identified vulnerabilities.
-
What is unique about SecureScout (Windows Edition)?
Most vulnerability assessment solutions are single point devices designed to scan individual or multiple remote IP hosts. SecureScout (Windows Edition) provides a distributed console-remote engine architecture which allows multi-level,
multi-segment scanning of all subnets behind firewalls and a complete evaluation of the firewall filtering rules between the scanning agent and the console. This multi-level, multi-segment scanning enables assessments of any size
networks and is more efficient than other solutions in the marketplace.
-
Why would a customer need to run a vulnerability assessment tool inside the network?
IT systems are getting more complex over time. More applications and features result in more bugs and risks due to configuration mistakes. Out-of-the-box configurations are based on sound choices that ease installation. However,
these default choices are often less secure. Security assessment of all IP connected devices in a network reduces these business risks.
-
What is included with SecureScout (Windows Edition)?
SecureScout (Windows Edition) is made up of several modules:
-
The Vulnerability Database contains Test Cases that are continually updated.
-
The Console provides a centralized location for conducting and managing security assessment and firewall tests of one or more networks.
-
The Report Generator produces an integrated HTML or PDF report on test results and fixes for any number of tested network segments.
-
The SecureScout (Windows Edition) Engine injects packets on the network to test for vulnerabilities or security weaknesses.
-
The SecureScout (Windows Edition) Firewall Scan tests firewalls for policy compliance in order to prevent illegal traffic.
-
The SecureScout (Windows Edition) Remote Agent enables distribution of the test load in an enterprise-wide network.
-
What is the SecureScout (Windows Edition) Engine?
The Engine is the core technology of SecureScout (Windows Edition). It plays what we call 'test cases'; The SecureScout (Windows Edition) version of a hacker attack script. The Engine is able to inject packets onto the network,
receive answers from remote systems, check if they are still running, determine whether security policies are appropriate, and detect vulnerabilities. The efficient SecureScout (Windows Edition) Engine uses modern programming techniques
such as multi-threading to make the best use of the computing power, and a dedicated network driver to inject packets at a very high rate on the network. Test cases are implemented in DLLs. Other solutions have interpreted scripts
that usually prove slower and more CPU intensive.
-
What is the Vulnerability Database?
The Vulnerability Database is the collection of all installed test cases. A test case includes:
-
a text description of the vulnerability, and its consequences.
-
suggestions to solve the issue,
-
access to additional information such as reference URLs on the World Wide Web, and
-
a coded script played by the SecureScout (Windows Edition) Engine, to determine if a target system is vulnerable.
Test cases are stored in a local ODBC-compliant database. An embedded MS-SQL engine is supplied with SecureScout (Windows Edition), and its installation is completely integrated in the SecureScout (Windows Edition) installation.
-
What is the Console?
The Console is the powerful, yet easy-to-use graphical user interface of SecureScout (Windows Edition). From the unified centralized Console, a user can manage all SecureScout (Windows Edition) activities, including network, firewall,
and remote segment security testing via distributed engines. Sessions can be created that recall all configuration choices. This process allows the user to run jobs with identical parameters and compare changes. Session results
are stored in the local database for easy retrieval.
-
What is the Report Generator?
All job results can be saved in a set of HTML or PDF reports, easily read through any Web browser.
The reports include:
-
the Executive Overview, which gives an overview of the prioritized vulnerabilities
-
the Administrator View, which provides all the technical details of test session results
-
the hosts view, that gives information about the hosts.
-
What is the Firewall Scan?
The SecureScout (Windows Edition) has mode that test firewalls. In a typical configuration, the remote agent is located inside the firewall, while the Console is outside the firewall (e.g., on the Internet side of the firewall).
The Console and the Remote Agent communicate with a secure encrypted communication channel that passes transparent through the firewall.
The key points of the firewall session are:
-
reverse engineer filtering rules,
-
policy compliance to verify that no illegal traffic can go through the firewall, and
-
check the protection offered by the firewall in application protocols
The SecureScout (Windows Edition) architecture does not make particular assumptions about the firewall technology and supports any kind of configuration, including homemade and shrink-wrapped products.
-
What is the Remote SecureScout (Windows Edition) Engine?
The Remote SecureScout (Windows Edition) Engine allows users to setup additional testing engines on remote segments, instead of running all test cases from the Console. These engines act like the conventional SecureScout (Windows
Edition) Engines, only the Console has been suppressed. In other words, an administrator can control a Remote SecureScout (Windows Edition) Engine from his/her own SecureScout (Windows Edition) Console, even if the engine is located
far away on a remote segment.
Benefits of this solution are:
-
All SecureScout (Windows Edition) activities are centralized in a single location, reducing the burden on scarce security resources.
-
A single SecureScout (Windows Edition) report or job can include systems from several segments: this eases follow-up.
-
The scan of a remote segment has a lower network overhead as test cases are played locally. Real-time feedback from the remote engine to the console is buffered to optimize network transmission.
-
The remote engine packet injection is not altered by the WAN performance, or any packet filtering that could take place between the console and the remote segment.
-
Sessions with remote engines can be scheduled via regular OS features,
-
Updates of remote engines are supported via the SecureScout (Windows Edition) Web site.
-
How should an organization evaluate and compare security assessment offerings?
According to some vendors, the quality of a security assessment solution is based on its number of test cases, i.e., the number of vulnerabilities it can detect. This is only partially true.
An organization should also ask the following about the implemented test cases:
-
How many are obsolete, testing for outdated versions of systems and servers?
-
How many are disguised redundant tests and not network tests?
-
How many are NT4 or Windows specific (an organization may have heterogeneous networks to scan)?
Other important questions to ask are:
-
Is the test case implementation accurate?
-
How complete is the test analysis?
-
How frequently are the test cases updated?
With SecureScout (Windows Edition), the focus is on adding test cases that are relevant to current configurations. The accuracy of SecureScout (Windows Edition) is ensured by testing a large number of configurations and adding new
test cases for relevant vulnerabilities as they are discovered.
-
What is a SecureScout (Windows Edition) "Network Session"?
In a typical use of SecureScout (Windows Edition), the Network Session:
-
Scans a network segment for existing hosts.
-
Scans for services (TCP, UDP and RPC) and provides an exact picture of services running on the target system.
-
Plays test cases, running all (or just a subset selected by the user) of the test cases supplied with SecureScout (Windows Edition).
-
Stores results in the SecureScout (Windows Edition) Database.
-
Generates reports as required by the user.
-
What is a SecureScout (Windows Edition) "Firewall Session"?
The Firewall Session:
-
Discovers active systems on its segments and reports to the Console.
-
Determines the filtering rules on the firewall, i.e., which packets can go through the firewall? - Does it filter by internal destination (machine / port)? Does it block illegally built packets? Does it prevent inbound and outbound
IP spoofing?
-
Checks whether internal systems have been seriously affected by test cases, (e.g., system crash). In order to initiate a Firewall session, a SecureScout (Windows Edition) remote agent is installed inside the firewall (e.g., private
network, DMZ.) and the SecureScout (Windows Edition) Console is outside the firewall (e.g., Internet side).
-
The Remote Agent and the Console communicate with each other via a channel that is established across the firewall. In the Firewall Session, the Console injects test cases against targets inside the firewall.
-
Is encryption built into SecureScout (Windows Edition)?
Yes. The Probe or Remote Engine to Console dialog is encrypted using SSL v3. Traffic sniffing cannot be exploited by an attacker.
-
How is SecureScout (Windows Edition) protected?
A unique license key protects SecureScout (Windows Edition). The license is issued using:
-
The MAC address of the system used to host the SecureScout (Windows Edition) console
-
the customer company name as well as the individual using the scanner, and
-
the IP address range(s) the customer will be scanning
This means that:
-
a user cannot scan segments outside of the initial segments supplied, and
-
a user cannot scan an outside network (e.g., via Internet, try and test a competitor's network.)
-
What are the invaluable features of SecureScout (Windows Edition) that are not available with other network security assessment solutions?
The unique and valuable features of SecureScout (Windows Edition) include the following:
-
Faster Assessment: All activities are centrally managed in one single location enabling faster assessment of medium to large enterprise-wide networks.
-
Consolidated Reporting: A single SecureScout (Windows Edition) report can include results from one or more network segments.
-
Low Network Overhead: Test cases are played locally and real-time reports are buffered to optimize network transmission.
-
Efficient Testing: WAN performance or packet filtering mechanism never affects a Remote Test Engine's activities.
-
Easy Scheduling: Sessions with remote engines can be scheduled via regular OS features.
-
In-depth Firewall Configuration Testing: includes reverse engineering filtering rules with active probing on all types of firewalls.
-
Automated On-line Updates: Test cases and dynamic report generation are updated regularly.
The traditional approach for network vulnerability assessment has reached its limits. Point-in-time and segment-by-segment scanners are extremely time consuming for security professionals, as they generate only snapshots and unrelated
per segment reports. The SecureScout (Windows Edition) distributed 3rd generation architecture combines consoles, remote test engines and proactive probes, and introduces a real technological breakthrough designed to meet the security
assessment needs of any size organization.
|