Introduction to Symantec Vulnerability Assessment 1.0

Article:TECH111970  |  Created: 2003-01-01  |  Updated: 2005-01-06  |  Article URL http://www.symantec.com/docs/TECH111970
Article Type
Technical Solution

Environment

Issue



This document describes Symantec Vulnerability Assessment 1.0.


Solution



Symantec Vulnerability Assessment (SVA) provides a cost-effective way to quickly determine whether new security incidents or vulnerabilities (security events) threaten an enterprise computer network. SVA allows you to evaluate system and network vulnerabilities by performing host-based and network-based audits.

SVA is integrated with the Symantec Vulnerability Database and Symantec Security Response through LiveUpdate to help ensure the most up to date vulnerability assessment capability. Symantec Security Response posts newly-discovered vulnerabilities and countermeasures to the LiveUpdate servers one time per week. During alert situations, Symantec Security Response posts new critical information to the LiveUpdate servers as soon as it is available.

NOTE: In all situations, if desired, the manual download feature in Symantec LiveUpdate can be used. For more information see the Symantec Security Response Web site at http//securityresponse.symantec.com.

SVA integrates with Symantec Enterprise Security Architecture (SESA) and Symantec Incident Manager for centralized management of data security and secure updating over the Internet through LiveUpdate. Adding SVA to SESA and Symantec Incident Manager provides a pro-active approach to network security that compliments the reactive security management provided by SESA and Symantec Incident Manager alone.

SVA also provides a unified approach to discovering the patch level of computers, locating required patches from vendors, and tracking the history of patches applied to computers on the network.

Symantec Vulnerability Assessment lets you:
    • Understand the state of vulnerability within your network.
    • Eliminate the guesswork in evaluating the risks from new vulnerabilities.
    • Learn about new vendor recommended fixes and work-arounds from a single source.
    • Avoid unplanned downtime and lost productivity.
    • Minimize the costs that are associated with security incidents.

Host-based audits
Host-based audits are conducted on individual computers. This capability is provided by the SVA Provider components supplied as part of SVA.The advantages of host-based assessment are:
    • Greatly reduced numbers of false positive and false negative reports when compared with network-based products.
    • Superior scalability over network-based products.
    • Increased security over agent-less assessments that require administrative privileges.
Network-based audits
Network-based audits are conducted from central locations on the network The advantages of network-based assessment are:
    • Immediate vulnerability information without having to deploy SESA Agents.
    • Immediate vulnerability information about network resources that cannot install SESA Agents; for example, network routers or firewalls.
    • Discovery of unknown computers and other resources on the network.
    • Ability to audit the vulnerability of computers to attacks from inside or outside the network.

Additional features
    • Centralized reporting and management of vulnerabilities.
    • Comprehensive "health check" of the network is available from a central location with a consistent, automated, repeatable, and on-demand system.
    • Identifies vulnerabilities in mission critical systems and applications, not just the operating system.
    • Scalable, three-tier architecture providing coverage for the entire enterprise that can extend across the Internet.
    • Authorized users can make security corrections on remote systems from a central location.

Installation considerations
SESA Integration Components for SVA are installed on each SESA Manager. The SESA Manager and therfore the SESA Integration Components require Windows 2000 Server.

SVA Provider components for SVA, which allow host-based audits, can be installed on the following platforms:
    • AIX 5L 5.1
    • HP-UX 11.0 and 11i
    • Red Hat Linux 7.2 and 7.3
    • Solaris 2. 8 and 2.9
    • Tru64/Digital UNIX 4.0G and 5.1A
    • Intel-compatible Windows NT 4.0, 2000, and XP Workstation or Server

Contact your Symantec Sales Representative for information regarding purchase, licensing, and support contract options for SVA.





Legacy ID



2003050111024653


Article URL http://www.symantec.com/docs/TECH111970


Terms of use for this information are found in Legal Notices