Академический Документы
Профессиональный Документы
Культура Документы
Version 1.8
Table of Contents
www.lumension.com
2
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
System Requirements
To ensure that the Vulnerability Scanner will work properly, it is important that your system meet the
minimum requirements below, before attempting to install the Vulnerability Scanner. Please note that the
virtual version (based on the VMware ACE Player) has higher memory requirements than the fully-
licensed version of Lumension Scan.
1
Requires Security Configuration Management Add-on
www.lumension.com
3
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
If you are uncertain if your system meets the necessary requirements for the Lumension Vulnerability
Scanner, please contact us at vulnerability.scanner@lumension.com or dial 1.888.725.7828.
Getting Started
You are only a few steps away from using the Lumension Vulnerability Scanner! Please follow the
instructions below to download and install the Vulnerability Scanner.
Please note that this version of the Vulnerability Scanner is configured to support up to 25 nodes.
www.lumension.com
4
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
www.lumension.com
5
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Note: If you do not already have a licensed version of VMware ACE player running on your
system, you may encounter the following licensing error message:
In this case, please click “OK” and enter the credentials below into the serial number window:
www.lumension.com
6
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
11. Click “OK” to Activate the password/token and start using the Vulnerability Scanner.
12. The system should now automatically load the scanner.
Congratulations! You have now successfully installed the Lumension Vulnerability Scanner!
Note: If you start the Vulnerability Scanner manually, you can do so by either clicking on the shortcut
icon on your desktop or by clicking on the “Start” menu at the bottom left of your screen and selecting
“Lumension Scan”.
Press Ctrl-Alt-Insert to begin the logon. If Ctrl-Alt-Insert does not change the prompt, then you may
need to mouse-click in the center of the ACE Player window.
www.lumension.com
7
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Enter “Administrator” as User Name and “lumension” as the password in the Windows Logon prompt.
You should now see the logon window to the main console of the Lumension Vulnerability Scanner:
Enter the User Name “sa” and the password “lumension” to log on to the “localhost” Engine on Port
“205”. After clicking “OK”, you may be presented with the following prompts:
www.lumension.com
8
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Click the “Start” menu on the virtual machine desktop, then right-click on the “My Computer” icon and
select “Properties” in the drop-down menu – this will open the “System Properties” dialog window.
Click on the button labeled “Change…” – this will open the “Computer Name Changes” dialog window
below.
www.lumension.com
9
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Note: DO NOT change the “Computer Name:” from the value “LumensionScan”; otherwise, the
Vulnerability Scanner Console will not be able to find the Server 2 that is installed on the localhost.
In this window, you will need to enter your own network domain in the “Domain” value to set the
membership and target domain.
Click OK and enter your domain credentials when prompted to join your target domain.
Reboot the virtual machine according to the instructions following the membership change. After the
reboot, you will be presented with the logon window to the main console of the Lumension
Vulnerability Scanner.
Note: To start the Vulnerability Scanner manually, double-click the blue Lumension icon on the virtual
desktop machine to start the Console.
2
http://msdn.microsoft.com/en-us/library/ms143799.aspx
www.lumension.com
10
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Enter the User Name “sa” and the password “lumension” to log on to the “localhost” Engine on Port
“205”.
You have now set up your Vulnerability Scanner and are ready to perform your first vulnerability scan
and assessment to find out what vulnerabilities may exist in your network environment!
www.lumension.com
11
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
You can start a new Discovery Job by clicking either on the “Discovery Job” drop-down in the left-
hand corner or the icon in the left-hand navigation. A new window will open that allows you to define
the various settings of the discovery job below:
» Name your job: Name the Discovery Job for easy reference
» Schedule Method: Schedule a time when the job should run (the default is Immediately)
» Selected Discovery Methods: Choose whether you wish to search by IP address or IP
range, Active Directory, Named Target, Network Neighborhood, Previously Discovered
Target, or Imported File. You can add or delete discovery methods on the “Targets” list on
the lower right.
To further configure your discovery search, you can define additional Credential Sets in the
“Credentials” tab. The “Console” tab allows you to send job results to one or more Console(s) for
additional or consolidated reporting purposes.
www.lumension.com
12
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Once you click the “Save” button on the Discovery Job window, the scan will start (or be scheduled at
the specified time) and appear in the “Active” tab of the “Job Queue” section at the bottom of the
Vulnerability Scanner.
When the Discovery Job is complete, it will move to the “Completed” tab.
When selecting a specific completed Discovery Job, the results will populate in the detailed boxes
above. You now have full visibility into the assets that are on your network. The Discovery job will
display all managed as well as unmanaged (rogue) assets.
www.lumension.com
13
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
You can use the results of the discovery phase to scan and assess the levels of vulnerability and
types of risks on the discovered machines. For a previously un-patched network, you may want to
start with small groups of critical machines, such as those in the finance department, which can be
grouped by IP address or network neighborhood.
Using the Lumension Management Console, you can define a scan job that interrogates the
machines found in the discovery phase. There are several pre-configured scans that can be
customized for your assets, or you can design your own scan jobs to meet your needs.
You can initiate a Scan Job by clicking on either the “Scan Job” drop-down in the left-hand corner or
the icon in the left-hand navigation. A new window will open that allows you to define the various
settings of the scan job below:
» Name your job: Name the Discovery/Scan Job for easy reference
» Schedule Method: Schedule a time when the job should run (the default is Immediately)
» Selected Discovery Methods: Choose whether you wish to search by IP address or IP
range, Active Directory, Named Target, Network Neighborhood, Previously Discovered
Target, or Imported File. You can add or delete discovery methods on the “Targets” list on
the lower right.
www.lumension.com
14
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Now click on the “Scan” Tab and define the criteria for the vulnerability scan:
» Vulnerability Set: Select whether to scan all possible vulnerabilities or focus on a specific
vulnerability set, such as BSD, CERT, CIAC, CVE, NIST, NT4_0, Network Device,
Password, Password Checker, Platform Independent, Policy, and a Quickscan.
» Port Set: Specify whether to scan all available ports, default ports or no ports.
» Other Scan Options: Select the applicable checkboxes if you wish to include services,
shares, users, or groups in your scan. Adjust the vulnerability scan timeout, if needed.
» Credentials: Enter credentials that may be required to access the machines being
interrogated
Once you click the “Save” button on the Scan Job window, the scan will start (or be scheduled at the
specified time) and appear in the “Active” tab of the “Job Queue” section at the bottom of the
Vulnerability Scanner.
When the scan job is complete, it will move to the “Completed” tab. Once you select the scan job, it
will return all the vulnerabilities found for the criteria you set for the job and populate them in the
applicable boxes.
www.lumension.com
15
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
Scan results can be grouped by scanned computers or vulnerabilities. The number of vulnerabilities
found in an environment depends on how well patched the systems are and how much control users
have over individual machines. The results of an assessment scan can be sorted by patch severity,
status, CVE identifier, and CERT identifier, among others. The sorting capability lets you focus on
high-severity warnings first.
The Lumension Management Console lets you drill down to see the details of a particular vulnerability
including links to additional descriptions of the issue from vendors and the National Institute of
Standards and Technology (NIST).
www.lumension.com
16
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
The detail summary of each vulnerability provides information such as a description illustrating how
the vulnerability causes damage; type; category; severity; and identifications by CVE, Bugtraq, CERT,
and CIAC. It also provides information about available patches.
The system also computes a Score, a numerical value 1 – 100, which is a weighted number
combining criticality and number of vulnerabilities. Assets with a high Score (80 – 100) need
immediate attention. Based on the Score of affected machines and your judgment on the impact a
vulnerability exploit could have on your business, you can then prioritize and decide which
vulnerabilities to patch on which machines, and in what order. To do so consistently and efficiently,
you’ll need to establish your own vulnerability remediation policies.
The Target view of a scan reveals the vulnerabilities of each machine and the Score ranking to help
you prioritize remediations.
The generated reports are PDF files that can be viewed in Adobe Acrobat Reader. Reports can be
printed, copied, converted, and saved, as required.
www.lumension.com
17
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
To generate a report, select a Completed Scan job in your Job Queue, then click on the “Graphical
Reports” drop-down at the top of screen and select a Report Type, such as Executive Summary.
Finally, click on the “Generate” button.
Reports, especially Executive Summaries, provide evidence of progress or alert you to the need for
more frequent scans and remediation.
Summaries and executive reports provide a foundation for reviewing enterprise security policies,
dealing with criticality, and instituting changes to increase effectiveness.
Congratulations! You have now successfully setup and run your Vulnerability Scanner to Discover,
Scan, Assess, and Report on the vulnerabilities within your network!
www.lumension.com
18
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
www.lumension.com
19
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner
www.lumension.com
20
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance