Вы находитесь на странице: 1из 20

Lumension® Vulnerability Scanner

User Guide for Installation, Setup, and Evaluation

Version 1.8

© Copyright 2009, Lumension Security, Inc.


User Guide - Lumension Vulnerability Scanner

Table of Contents

Lumension Vulnerability Scanner.................................................................................................3


System Requirements .................................................................................................................3
Getting Started ............................................................................................................................4
How do I get the Vulnerability Scanner? ................................................................................... 5
How do I install the Vulnerability Scanner? ............................................................................... 6
How do I set up the Vulnerability Scanner? .............................................................................. 7
Start the Vulnerability Scanner .............................................................................................7
Point the Scanner to a Target Domain in Your Network Environment .................................... 8
How do I use the Vulnerability Scanner? ................................................................................ 12
Discover all the Assets on your Network ............................................................................. 12
Scan the Network for Vulnerabilities ................................................................................... 14
Assess the Vulnerabilities on your Network Assets ............................................................. 15
Report Your Results ........................................................................................................... 17
How can I find out more about the Vulnerability Scanner? ...................................................... 19
1. Request a Free 30-day Evaluation Trial...................................................................... 19
2. Request a Product Demonstration .............................................................................. 19
3. Contact Us or Request to be contacted ...................................................................... 19
4. Visit the Lumension website ....................................................................................... 19

www.lumension.com
2
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Lumension Vulnerability Scanner


The Lumension Vulnerability Scanner is a network-based scanning utility that provides IT departments
with comprehensive visibility into their entire heterogeneous network environment through in-depth scans
and the automated discovery of all assets, both managed and unmanaged. The vulnerability scanner is
able to discover silent or hidden network nodes, even if they are not currently managed by agents. By
leveraging Lumension’s large pre-built vulnerability and configuration repositories as well as customized
vulnerability policies, the network scanner assesses Operating System, Application, and Security
Configuration 1 vulnerabilities that exist within the network environment to proactively identify and prioritize
known issues before they can be exploited. Utilizing an intuitive user interface, vulnerability assessment
information can be prioritized by vulnerability severity as well as organizational impact, and grouped by
vulnerability specifics or computing assets (machines).

The main benefits of the Lumension vulnerability scanner are:


» Complete identification and inventory of all devices on the network
» Accurate scans of all devices for software and configuration-based* vulnerabilities
» Risk-based prioritization of identified threats
» Continuously updated vulnerability database for orderly remediation
» Comprehensive reports of scan results
» Detect the vulnerability that enables Conficker (MS08-067) as well as assess for a
Conficker infection

System Requirements
To ensure that the Vulnerability Scanner will work properly, it is important that your system meet the
minimum requirements below, before attempting to install the Vulnerability Scanner. Please note that the
virtual version (based on the VMware ACE Player) has higher memory requirements than the fully-
licensed version of Lumension Scan.

1
Requires Security Configuration Management Add-on

www.lumension.com
3
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Machine where Lumension Computer to be scanned


Vulnerability Scanner is installed
Processor Pentium-Compatible 2 GHz Processor Minimal
Operating Windows XP Professional SP2+ x86, BSD Unix, CentOS, Cisco / IOS,
System Windows 2003 SP1+ x86, CatOS, PIX OS, Cisco VPN, FreeBSD,
Windows 2003 R2+ x86 HP / HP-UX, HP / Tru64, IBM AIX,
Juniper / JunOS, Fedora Linux /
Mandriva, RHEL, NetBSD, Novell
SuSE Linux, Apple Mac OS X,
OpenBSD, Oracle Enterprise Linux,
Scientific Linux, Sun Solaris, Windows
2000, Windows XP, Windows XP
Embedded, Windows 2003, Windows
Vista, Windows 2008
Hard Disk Space 20 GB available disk space Minimal for provisional files created
during the scan
Memory 1) For this virtual version of the 256 KB
vulnerability scanner (based on
VMware ACE Player): 1.5 GB RAM

2) For the fully-licensed Lumension


Scan product (based on full product
installation): 1 GB RAM
Display 1024 x 768 Monitor Resolution N/A

If you are uncertain if your system meets the necessary requirements for the Lumension Vulnerability
Scanner, please contact us at vulnerability.scanner@lumension.com or dial 1.888.725.7828.

Getting Started
You are only a few steps away from using the Lumension Vulnerability Scanner! Please follow the
instructions below to download and install the Vulnerability Scanner.

Please note that this version of the Vulnerability Scanner is configured to support up to 25 nodes.

www.lumension.com
4
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

How do I get the Vulnerability Scanner?


You can get the Vulnerability Scanner by clicking on the “Free Vulnerability Scanner” offer on the
Vulnerability Scanner landing page or by simply navigating to
http://www.lumension.com/Resources/Security-Tools/Vulnerability-Scanner.aspx. Follow the instructions
to register and download your free vulnerability scanner.

www.lumension.com
5
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

How do I install the Vulnerability Scanner?


The Lumension Vulnerability Scanner takes only a few minutes to install. The Windows Installation
Wizard will guide you through the installation process outlined below:

1. Click on the Download link to download the Vulnerability Scanner;


2. When prompted, click “Run” to start the download. If you encounter another Security
Warning, please click “Run” again;
Note: If the Installer does not start automatically, open the downloaded .zip file and run the
“setup.exe” program;
3. Click “Next” on the VMware ACE/Lumension Scan Setup Wizard to start the installation;
4. Click “Next” to install to the suggested default folder, or click Browse to install to a different
folder and click “Next”;
5. Click “Next” to create a shortcut on your desktop, or uncheck the box provided and click
“Next”;
6. Click “Install” on the “Ready to Install” screen;
7. Click “Next” to run Lumension Scan when the Setup Wizard finishes, or uncheck the box
provided and click “Next”;
8. Click the “Finish” button to exit the Setup Wizard;

Note: If you do not already have a licensed version of VMware ACE player running on your
system, you may encounter the following licensing error message:

In this case, please click “OK” and enter the credentials below into the serial number window:

Serial Number: A008H-3WDAE-K7P4H-48LC1


Name: [Your Name]
Company Name: Lumension

» Restart your computer to fully activate the license key.

www.lumension.com
6
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

9. Accept the license agreement and click “Next”;


10. The system will prompt you for an activation password/token to activate the VMware ACE
player.

» Please enter the password/token: “lumension”.

11. Click “OK” to Activate the password/token and start using the Vulnerability Scanner.
12. The system should now automatically load the scanner.

Congratulations! You have now successfully installed the Lumension Vulnerability Scanner!

How do I set up the Vulnerability Scanner?


To help you get started quickly, the following overview will provide the basic steps for setting up the
Vulnerability Scanner. Please refer to the Security Management Console Help included in the scanner’s
help menu for a more thorough description of the Vulnerability Scanner functionality.

START THE VULNERABILITY SCANNER


After successful installation, you will automatically arrive at a standard Windows Logon prompt.

Note: If you start the Vulnerability Scanner manually, you can do so by either clicking on the shortcut
icon on your desktop or by clicking on the “Start” menu at the bottom left of your screen and selecting
“Lumension Scan”.

Press Ctrl-Alt-Insert to begin the logon. If Ctrl-Alt-Insert does not change the prompt, then you may
need to mouse-click in the center of the ACE Player window.

www.lumension.com
7
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Enter “Administrator” as User Name and “lumension” as the password in the Windows Logon prompt.

You should now see the logon window to the main console of the Lumension Vulnerability Scanner:

Enter the User Name “sa” and the password “lumension” to log on to the “localhost” Engine on Port
“205”. After clicking “OK”, you may be presented with the following prompts:

1. Acceptance of the “X509 Certificate Validation”: Click “Always Accept”.


2. Check for Automatic Updates: Click «Accept » at the prompt.
Note: We strongly recommend running Windows Update at least once before you start
using the scanner to ensure that the virtual machine has the latest patches and is
secure to operate. This evaluation version was shipped without the latest Windows Updates
in order to keep a reasonable download file size.

POINT THE SCANNER TO A TARGET DOMAIN IN YOUR NETWORK


ENVIRONMENT
To enable the scanner to discover all the assets on your network, you will need to define the network
environment (domain) that the vulnerability scanner should point to.

www.lumension.com
8
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Click the “Start” menu on the virtual machine desktop, then right-click on the “My Computer” icon and
select “Properties” in the drop-down menu – this will open the “System Properties” dialog window.

Now select the “Computer Name” tab.

Click on the button labeled “Change…” – this will open the “Computer Name Changes” dialog window
below.

www.lumension.com
9
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Note: DO NOT change the “Computer Name:” from the value “LumensionScan”; otherwise, the
Vulnerability Scanner Console will not be able to find the Server 2 that is installed on the localhost.

In this window, you will need to enter your own network domain in the “Domain” value to set the
membership and target domain.

Click OK and enter your domain credentials when prompted to join your target domain.

Reboot the virtual machine according to the instructions following the membership change. After the
reboot, you will be presented with the logon window to the main console of the Lumension
Vulnerability Scanner.

Note: To start the Vulnerability Scanner manually, double-click the blue Lumension icon on the virtual
desktop machine to start the Console.

2
http://msdn.microsoft.com/en-us/library/ms143799.aspx

www.lumension.com
10
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Enter the User Name “sa” and the password “lumension” to log on to the “localhost” Engine on Port
“205”.

You have now set up your Vulnerability Scanner and are ready to perform your first vulnerability scan
and assessment to find out what vulnerabilities may exist in your network environment!

www.lumension.com
11
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

How do I use the Vulnerability Scanner?


DISCOVER ALL THE ASSETS ON YOUR NETWORK
To perform a vulnerability scan, you will first need to discover all the assets on your network by
defining a Discovery Job.

You can start a new Discovery Job by clicking either on the “Discovery Job” drop-down in the left-
hand corner or the icon in the left-hand navigation. A new window will open that allows you to define
the various settings of the discovery job below:

» Name your job: Name the Discovery Job for easy reference
» Schedule Method: Schedule a time when the job should run (the default is Immediately)
» Selected Discovery Methods: Choose whether you wish to search by IP address or IP
range, Active Directory, Named Target, Network Neighborhood, Previously Discovered
Target, or Imported File. You can add or delete discovery methods on the “Targets” list on
the lower right.

To further configure your discovery search, you can define additional Credential Sets in the
“Credentials” tab. The “Console” tab allows you to send job results to one or more Console(s) for
additional or consolidated reporting purposes.

www.lumension.com
12
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Once you click the “Save” button on the Discovery Job window, the scan will start (or be scheduled at
the specified time) and appear in the “Active” tab of the “Job Queue” section at the bottom of the
Vulnerability Scanner.

When the Discovery Job is complete, it will move to the “Completed” tab.

When selecting a specific completed Discovery Job, the results will populate in the detailed boxes
above. You now have full visibility into the assets that are on your network. The Discovery job will
display all managed as well as unmanaged (rogue) assets.

www.lumension.com
13
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

SCAN THE NETWORK FOR VULNERABILITIES


Now that you have discovered all the assets on your network, you can now explore what is actually
on these assets by performing a full vulnerability assessment.

You can use the results of the discovery phase to scan and assess the levels of vulnerability and
types of risks on the discovered machines. For a previously un-patched network, you may want to
start with small groups of critical machines, such as those in the finance department, which can be
grouped by IP address or network neighborhood.

Using the Lumension Management Console, you can define a scan job that interrogates the
machines found in the discovery phase. There are several pre-configured scans that can be
customized for your assets, or you can design your own scan jobs to meet your needs.

You can initiate a Scan Job by clicking on either the “Scan Job” drop-down in the left-hand corner or
the icon in the left-hand navigation. A new window will open that allows you to define the various
settings of the scan job below:

» Name your job: Name the Discovery/Scan Job for easy reference
» Schedule Method: Schedule a time when the job should run (the default is Immediately)
» Selected Discovery Methods: Choose whether you wish to search by IP address or IP
range, Active Directory, Named Target, Network Neighborhood, Previously Discovered
Target, or Imported File. You can add or delete discovery methods on the “Targets” list on
the lower right.

www.lumension.com
14
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Now click on the “Scan” Tab and define the criteria for the vulnerability scan:

» Vulnerability Set: Select whether to scan all possible vulnerabilities or focus on a specific
vulnerability set, such as BSD, CERT, CIAC, CVE, NIST, NT4_0, Network Device,
Password, Password Checker, Platform Independent, Policy, and a Quickscan.
» Port Set: Specify whether to scan all available ports, default ports or no ports.
» Other Scan Options: Select the applicable checkboxes if you wish to include services,
shares, users, or groups in your scan. Adjust the vulnerability scan timeout, if needed.
» Credentials: Enter credentials that may be required to access the machines being
interrogated

Once you click the “Save” button on the Scan Job window, the scan will start (or be scheduled at the
specified time) and appear in the “Active” tab of the “Job Queue” section at the bottom of the
Vulnerability Scanner.

When the scan job is complete, it will move to the “Completed” tab. Once you select the scan job, it
will return all the vulnerabilities found for the criteria you set for the job and populate them in the
applicable boxes.

ASSESS THE VULNERABILITIES ON YOUR NETWORK ASSETS


Now that you have successfully discovered the assets on your network and run a vulnerability scan
on these assets, you can now examine the vulnerabilities detected on your network and create a
strategy to eliminate or mitigate them.

www.lumension.com
15
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Scan results can be grouped by scanned computers or vulnerabilities. The number of vulnerabilities
found in an environment depends on how well patched the systems are and how much control users
have over individual machines. The results of an assessment scan can be sorted by patch severity,
status, CVE identifier, and CERT identifier, among others. The sorting capability lets you focus on
high-severity warnings first.

The Lumension Management Console lets you drill down to see the details of a particular vulnerability
including links to additional descriptions of the issue from vendors and the National Institute of
Standards and Technology (NIST).

www.lumension.com
16
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

The detail summary of each vulnerability provides information such as a description illustrating how
the vulnerability causes damage; type; category; severity; and identifications by CVE, Bugtraq, CERT,
and CIAC. It also provides information about available patches.

The system also computes a Score, a numerical value 1 – 100, which is a weighted number
combining criticality and number of vulnerabilities. Assets with a high Score (80 – 100) need
immediate attention. Based on the Score of affected machines and your judgment on the impact a
vulnerability exploit could have on your business, you can then prioritize and decide which
vulnerabilities to patch on which machines, and in what order. To do so consistently and efficiently,
you’ll need to establish your own vulnerability remediation policies.

The Target view of a scan reveals the vulnerabilities of each machine and the Score ranking to help
you prioritize remediations.

REPORT YOUR RESULTS


The Reports menu allows you to generate a variety of pre-defined on-board reports, including
Compliance Network-based, Executive Summary, Job Summary, etc.

The generated reports are PDF files that can be viewed in Adobe Acrobat Reader. Reports can be
printed, copied, converted, and saved, as required.

www.lumension.com
17
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

To generate a report, select a Completed Scan job in your Job Queue, then click on the “Graphical
Reports” drop-down at the top of screen and select a Report Type, such as Executive Summary.
Finally, click on the “Generate” button.

Below is the example of an Executive Summary Report.

Reports, especially Executive Summaries, provide evidence of progress or alert you to the need for
more frequent scans and remediation.

Summaries and executive reports provide a foundation for reviewing enterprise security policies,
dealing with criticality, and instituting changes to increase effectiveness.

Congratulations! You have now successfully setup and run your Vulnerability Scanner to Discover,
Scan, Assess, and Report on the vulnerabilities within your network!

www.lumension.com
18
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

How can I find out more about the Vulnerability Scanner?


If you like what you see and would like to get more information or have questions about the Lumension
Vulnerability Scanner, we encourage you to contact us in one of the following ways:

1. REQUEST A FREE 30-DAY EVALUATION TRIAL


Request a free 30-day trial in your own environment for up to 100 endpoints at the following URL:
http://www.lumension.com/Products/Evaluation-Request/Vulnerability-Management/VMS-Total-Track-
Evaluation.aspx?rpLeadSourceId=699

2. REQUEST A PRODUCT DEMONSTRATION


Request a product demonstration that is tailored to your needs. Once you submit your request, you
will be contacted by your dedicated Solutions Consultant to confirm the date and time. Request your
product demo now at http://www.lumension.com/Products/Request-a-Product-
Demonstration.aspx?rpLeadSourceId=699

3. CONTACT US OR REQUEST TO BE CONTACTED


If you have any questions or feedback on the Vulnerability Scanner or wish to simply be contacted by
us, feel free to drop us a note at vulnerability.scanner@lumension.com or dial 1.888.725.7828.

4. VISIT THE LUMENSION WEBSITE


You can visit us on our website at http://www.lumension.com/default.aspx?rpLeadSourceId=699.

We look forward to speaking with you soon!

www.lumension.com
19
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance
User Guide - Lumension Vulnerability Scanner

Lumension Global Headquarters


8660 East Hartford Drive, Suite 300
Scottsdale, AZ 85255 USA
Phone: +1.888.725.7828
Fax: +1.480.970.6323

www.lumension.com
20
Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance