Presentation ISS Security Scanner Retina by Adnan Khairi
Presentation ISS Security Scanner & Retina by Adnan Khairi 100183586 1
ISS Security Scanner & Retina 2
Introduction ISS Security Scanner • The Internet Security Scanner was designed to help administrators explore and log network security vulnerabilities associated with TCP/IP host services. • Internet Scanner started off in 1992 as a tiny Open Source scanner by Christopher Klaus. • Shareware. 3
Introduction Retina • Retina is a commercial vulnerability assessment scanner by e. Eye, and is considered to be one of the fastest scanner’s on the market today. 4
Why conduct penetration testing? • If there is a single vulnerability that allows an intruder into a regular system, the entire machine becomes compromised. This is true for most networks for mainly two reasons. 1. Sniffing 2. Trust authentication 5
Internet Scanner 7. 0 Architecture 6
Internet Scanner Controller • The Internet Scanner Controller (ISC), is responsible for directing the sub-processes that perform various scanning duties. These sub-processes, also known as Micro. Engines – Built-in Engine – Plug-in Engine – Discovery Engine – Flex. Check Engine 7
Built-in Engine • The Built-in checks esources that are embedded in the exploits, resulting in dependency relationships between some exploits. 8
Plug-in Engine • Plug-ins are independent modules that perform vulnerability checks against a target host 9
Discovery Engine The Discovery Module is responsible for gathering identification information from hosts. – – – – – Fingerprinter ICMP pinger TCP port scanner UDP port scanner DNS lookup utility Net. BIOS utilities Operating System Identification (OSID) Windows Service Pack 10
Flex Check Engine • The Flex Check engine loads and executes external programs that attempt to identify specific vulnerabilities on a host. – Exploit Manager – Resource Manager – Encryption – TCP/IP Stack Fingerprinting 11
Benefits of ISS • • • Minimize business risk Low cost of ownership Proactive protection Scalable Ease of use 12
ISS Report 13
References • http: //www. iss. net/products_services/enter prise_protection/vulnerability_assessment/ scanner_internet. php • http: //www. cert. org/advisories/CA-199314. html • http: //archives. neohapsis. com/archives/iss /2003 -q 1/0157. html 14
Retina • Despite its powerful capabilities, Retina was designed to be the easiest scanner to operate. • Retina also features a number of automatic features that facilitate such functions as scheduling, repairing common system problems and updating the application. 15
Features of Retina • Non-Intrusive Scanning – Retina can scan the network without overloading its resources and without causing systems to crash • Frequent Updates for New Vulnerabilities – Retina's Auto-Update function provides easy Internet access for downloading the latest vulnerability checks 16
Features of Retina • Rogue Wireless Access Detection – Retina automatically detects the presence of unauthorized access points on networks of any size • Ability to Uncover Unknown Vulnerabilities – Retina can actually detect previously unknown or hidden vulnerabilities. • High-Speed Scanning Ability – Retina is able to scan an entire Class C network in about 15 minutes. 17
Features of Retina • Remote Repair Capabilities – Auto-Fix function allows one to automatically correct common system security issues such as registry settings, file permissions and more. • Comprehensive and Up-to-Date Vulnerabilities Database – Advanced knowledge of security issues due to discoveries made by its own team of security experts. 18
Features of Retina • Advanced and Customized Reporting Capabilities – Retina automatically customizes the content of its network audit reports to reflect the severity of the vulnerabilities discovered and the level of security risk involved. • Custom Audit Wizard – Audit Wizard simplifies the process of building custom checks • Advanced Scheduling Capabilities – Retina's scheduler function allows one to set the scanner to run on a regular basis to periodically check for vulnerabilities 19
Features of Retina • Remote Scanning Capabilities – Retina scans can be securely initiated from any location. (Remote Manager) • Open Architecture – Custom changes to the Retina interface – Retina’s Policies Wizard that walks one through the creation of a custom scan 20
Retina in Action 21
Pricing Information • Retina pricing is based on the number of IP addresses that require scanning and the number of users (licenses) that will be conducting the scanning. Standard Retina licenses may only be used to scan systems within the organization for which the license was originally purchased. Retina Traveling licenses are available for consultants that require the ability to perform scans for more than one organization 22
References • Retina References • http: //www. eeye. com/html/Products/Retina /index. html 23
- Slides: 23