ISS Security Scanner

1
Presentation

• ISS Security Scanner
• Retina
• by
• Adnan Khairi
• 100183586

2
ISS Security ScannerRetina
3
Introduction ISS Security Scanner

• The Internet Security Scanner was designed to
  help administrators explore and log network
  security vulnerabilities associated with TCP/IP
  host services.
• Internet Scanner started off in 1992 as a tiny
  Open Source scanner by Christopher Klaus.
• Shareware.

4
Introduction Retina

• Retina is a commercial vulnerability assessment
  scanner by eEye, and is considered to be one of
  the fastest scanners on the market today.

5
Why conduct penetration testing?

• If there is a single vulnerability that allows an
  intruder into a regular system, the entire
  machine becomes compromised.
• This is true for most networks for mainly two
  reasons.
• Sniffing
• Trust authentication

6
Internet Scanner 7.0Architecture
7
Internet Scanner Controller

• The Internet Scanner Controller (ISC), is
  responsible for directing the sub-processes that
  perform various scanning duties.
• These sub-processes, also known as MicroEngines
• Built-in Engine
• Plug-in Engine
• Discovery Engine
• FlexCheck Engine

8
Built-in Engine

• The Built-in checks esources that are embedded in
  the exploits, resulting in dependency
  relationships between some exploits.

9
Plug-in Engine

• Plug-ins are independent modules that perform
  vulnerability checks against a target host

10
Discovery Engine

• The Discovery Module is responsible for gathering
  identification information from hosts.
• Fingerprinter
• ICMP pinger
• TCP pinger
• TCP port scanner
• UDP port scanner
• DNS lookup utility
• NetBIOS utilities
• Operating System Identification (OSID)
• Windows Service Pack

11
Flex Check Engine

• The Flex Check engine loads and executes external
  programs that attempt to identify specific
  vulnerabilities on a host.
• Exploit Manager
• Resource Manager
• Encryption
• TCP/IP Stack Fingerprinting

12
Benefits of ISS

• Minimize business risk
• Low cost of ownership
• Proactive protection
• Scalable
• Ease of use

13
ISS Report
14
References

• http//www.iss.net/
• http//www.iss.net/products_services/enterprise_pr
  otection/vulnerability_assessment/scanner_internet
  .php
• http//www.cert.org/advisories/CA-1993-14.html
• http//archives.neohapsis.com/archives/iss/2003-q1
  /0157.html

15
Retina

• Despite its powerful capabilities, Retina was
  designed to be the easiest scanner to operate.
• Retina also features a number of automatic
  features that facilitate such functions as
  scheduling, repairing common system problems and
  updating the application.

16
Features of Retina

• Non-Intrusive Scanning
• Retina can scan the network without overloading
  its resources and without causing systems to
  crash
• Frequent Updates for New Vulnerabilities
• Retina's Auto-Update function provides easy
  Internet access for downloading the latest
  vulnerability checks

17
Features of Retina

• Rogue Wireless Access Detection
• Retina automatically detects the presence of
  unauthorized access points on networks of any
  size
• Ability to Uncover Unknown Vulnerabilities
• Retina can actually detect previously unknown or
  hidden vulnerabilities.
• High-Speed Scanning Ability
• Retina is able to scan an entire Class C network
  in about 15 minutes.

18
Features of Retina

• Remote Repair Capabilities
• Auto-Fix function allows one to automatically
  correct common system security issues such as
  registry settings, file permissions and more.
• Comprehensive and Up-to-Date Vulnerabilities
  Database
• Advanced knowledge of security issues due to
  discoveries made by its own team of security
  experts.

19
Features of Retina

• Advanced and Customized Reporting Capabilities
• Retina automatically customizes the content of
  its network audit reports to reflect the severity
  of the vulnerabilities discovered and the level
  of security risk involved.
• Custom Audit Wizard
• Audit Wizard simplifies the process of building
  custom checks
• Advanced Scheduling Capabilities
• Retina's scheduler function allows one to set the
  scanner to run on a regular basis to periodically
  check for vulnerabilities

20
Features of Retina

• Remote Scanning Capabilities
• Retina scans can be securely initiated from any
  location. (Remote Manager)
• Open Architecture
• Custom changes to the Retina interface
• Retinas Policies Wizard that walks one through
  the creation of a custom scan

21
Retina in Action
22
Pricing Information

• Retina pricing is based on the number of IP
  addresses that require scanning and the number of
  users (licenses) that will be conducting the
  scanning. Standard Retina licenses may only be
  used to scan systems within the organization for
  which the license was originally purchased.
  Retina Traveling licenses are available for
  consultants that require the ability to perform
  scans for more than one organization

23
References

• Retina References
• http//www.eeye.com/html/Products/Retina/index.htm
  l