Red Hat NETWORK 3.6 - Guía de usuario descargar pdf (Pagina 10)

Entering “i” for a new installation initiates prompts for configuration options.

The first screen displayed permits setting of the network devices.

All Unix servers have network devices that can be placed into “promiscuous” mode to sniff

network packets. The PVS needs to know which device to use for sniffing. On Linux

systems, this is typically “eth0”, with the 0 varying depending on the configuration of the

server. On Red Hat and other Unix systems, the ifconfig –a command can be used to list

all of the active interfaces. The PVS can be configured to read from more than one interface,

but to do this requires manual modification of the /opt/pvs/etc/pvs.conf file once

installation is complete. An example of the screen displayed follows:

--------------------------------------------------------------------------

PVS CONFIGURATION : Network Interface

--------------------------------------------------------------------------

PVS listens for vulnerabilities by "sniffing" the data flowing through

your

network. As a result, it should be attributed a specific network interface

to listen data on. This interface should be linked spanned port of a

switch, or should be linked to a hub.

On which network interface will PVS be listening on ? (ie: eth0, fxp0)

eth0

Next, the configuration script prompts for networks to monitor.

The PVS builds a model of hosts with ports, applications, and vulnerabilities based on the

observed network traffic. The PVS needs to be configured to specifically focus on one or

more networks. When the PVS focuses on a network, it will only consider the hosts within

that network for client and server vulnerabilities. For example, your web server may have

thousands of visitors each day. Unless you want the PVS to conduct passive vulnerability

analysis of each visitor, specify the network of the web server.

When entering these networks for the PVS to focus on, IP addresses and CIDR notation is

supported. There is no limit to the number of networks the PVS can focus on. When you are

finished entering networks to focus on, press “Ctrl+D” to finish.

An example of the screen displayed is as follows:

--------------------------------------------------------------------------

PVS CONFIGURATION : Networks to monitor

--------------------------------------------------------------------------

PVS can perform passive vulnerability detection on network packets. It

needs

to be configured with the information for which networks it is protecting.

For example, your network may have a web server, but you do not wish to

perform passive vulnerability analysis on the web clients visiting your

1 2 ... 5 6 7 8 9 10 11 12 13 14 15 ... 60 61

Sin comentarios

Red Hat NETWORK 3.6 - Guía de usuario Pagina 10