Red Hat NETWORK 3.6 - Guía de usuario descargar pdf (Pagina 29)

To prevent the PVS from having to relearn the network each time it starts, a file can be

specified to save the active host information. This file contains a list of all the current active

hosts for the PVS. The scanner also requires that an interval to update this file be specified.

Tenable recommends an update time of at least one day (1440 minutes).

When the PVS logs a new host, the Ethernet address is saved in the message.

When the PVS is more than one hop away from the sniffed traffic, the Ethernet

address will be that of the local switch, not the actual host. If the scanner is

deployed in the same collision domain as the sniffed server, the Ethernet address

will be accurate.

For DHCP networks, the PVS will detect a “new” host very often. Tenable

recommends deploying this feature on non-volatile networks such as demilitarized

zone (DMZ). Users should also consider analyzing PVS “new” host alerts with

Tenable’s SecurityCenter, which can sort real-time PVS events by networks.

INTERNAL PASSIVE VULNERABILITY SCANNER IDS

WHAT IS A PASSIVE VULNERABILITY SCANNER ID?

This section describes the PVS’s advanced signature language for each plugin. Each

vulnerability and real-time check that the PVS performs has a unique associated ID. Since

Tenable manages the Nessus vulnerability scanner, we have added the IDs used by the PVS

into the overall Nessus architecture. PVS IDs start from #00000 and go through #10000.

Nessus IDs start from #10001 and extend upward.

INTERNAL PASSIVE VULNERABILITY SCANNER IDS

Some of the PVS’s checks, such as detecting open ports, are built in. The following chart

lists each of the internal checks and describes what they mean:

PVS ID

Name

Description

00000

Detection of open

port

The PVS has observed a SYN-ACK leave from a server.

00001

Passive OS

Fingerprint

The PVS has observed enough traffic about a server to

perform a guess of the operating system.

00002

Client Side Port

Usage

The PVS has observed browsing traffic from a host.

00003

Show Connections

The PVS has logged a unique network session of source

IP, destination IP and destination port.

00004

Internal Interactive

Sessions

The PVS has detected one or more interactive network

sessions between two hosts within your focus network.

00005

Outbound

Interactive Sessions

The PVS has detected one or more interactive network

sessions originating from within your focus network and

1 2 ... 24 25 26 27 28 29 30 31 32 33 34 ... 60 61

Comentarios a estos manuales

Sin comentarios

Red Hat NETWORK 3.6 - Guía de usuario Pagina 29

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Red Hat NETWORK 3.6 -