office of the vice president copyright notice copyright greg hedrick, matthew wirges 2004. this work...
TRANSCRIPT
Office of the Vice President
Copyright NoticeCopyright Notice
Copyright Greg Hedrick, Matthew Wirges 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.
Office of the Vice President
Vulnerability Scanning Cluster Vulnerability Scanning Cluster (VSC)(VSC)
Office of the Vice President
IntroductionIntroduction
Greg Hedrick, CISSP
Manager, Security Services
Matt Wirges
IT Security and Privacy Analyst
Office of the Vice President
VSC AgendaVSC Agenda
Motivations
Design and Implementation of the VSC
Problems Encountered
Current and Future Development
Summary
Resources
Questions
Office of the Vice President
VSC Motivations VSC Motivations
CERIAS• Ability to review or perform vulnerability scans in incident
response/analysis.
ITSP• Centrally organize scanning reports.• Increase computing power required for vulnerability scanning especially
simultaneous scanning.• Provide necessary bandwidth for scanning the entire campus, for
example.• Make it self-serve.• Scan when necessary.• No internal Security development skills.
Office of the Vice President
VSC DesignVSC Design
Three main components
Web Interface
Scanning Queue
Scanning Cluster
Office of the Vice President
VSC ImplementationVSC Implementation
Web Interface
Scanning Queue
Scanning Cluster• Nessus• LVS• Cluster configuration
Office of the Vice President
VSC Problems EncounteredVSC Problems Encountered
Many problems encountered with testing version 1.0 and follow-up production version 1.1• Web Interface• Scanning Queue• Scanning Cluster
Office of the Vice President
VSC Current and Future WorkVSC Current and Future Work
Development towards VSC 2.0• Adds many new features• Attempts to fix most of the problems
encountered with initial releases
Redeployment of VSC production environment
Office of the Vice President
VSC 2.0VSC 2.0
Redesigned interface• Better layout, smarter navigation• More consistent widgets• More efficient management of scanning policies and
plugins• Abandon Nessus report formats for customizable
report generation• Overhaul people management• Abandon PHP OOP in favor of database interface
libraries; result is a quicker application, but still easy to develop with
Office of the Vice President
VSC 2.0VSC 2.0
Redesigned queue• PHP dropped in favor of a Perl daemon• Nessus client abandoned in favor of
Net::Nessus::ScanLite module• Allows the queue to talk directly to the scanner
server• Results stored directly in database in custom tables
to allow easy lookup of data• Many cron-based tasks (plugin nightly updates) and
resource consuming tasks from web interface moved to Perl daemon (i.e. DNS lookup, NetBIOS name querying)
Office of the Vice President
VSC 2.0 CVSVSC 2.0 CVS
Features already implemented• Redesigned page layout; better presentation of menus• Increased usability of management interfaces• Expanded policy and scan-time configuration options for the
Nessus scanner• DNS and NetBIOS lookups for hosts• Rewritten scan queue in Perl; added many enhancements to
scheduling algorithm• Policy weighting• Scan priorities• Hosts scanned in batches, rather than one at a time• NetBIOS lookups (where applicable) at scan time to correlate
scan results with DHCP hosts
Office of the Vice President
VSC 2.0 DevelopmentVSC 2.0 Development
Features in development• Enhanced scan reporting tool• Customizable• Differential• Available in a variety of formats
• Ability to pause scans• Better LDAP integration
Office of the Vice President
VSC ResourcesVSC Resources
Vulnerability Scanning Cluster homepage:
http://vscweb.sourceforge.net• VSC 1.99 Preview Release• CVS repository• Help us out! Bug reports, feature requests, development
contributions!
Linux Virtual Server software
http://www.linuxvirtualserver.org
Nessus Vulnerability Scannerhttp://www.nessus.org
Office of the Vice President
VSC ResourcesVSC Resources
VSC Development List• Questions• Bugs• Development discussion
General Questions