Configuring Symantec Vulnerability Assessment 1.0 for network audits

Article:TECH111985  |  Created: 2003-01-13  |  Updated: 2003-01-16  |  Article URL http://www.symantec.com/docs/TECH111985
Article Type
Technical Solution

Environment

Issue



You want information to help you configure Symantec Vulnerability Assessment (SVA) to perform network vulnerability audits.


Solution



SVA can perform network audits after the SESA Agent is configured to do so. This process includes:
    • Adding the network vulnerability configuration
    • Changing the values of the configuration properties
    • Adding the Network Vulnerability Scanner license

NOTE: A SESA Agent can perform network-based audits only when the SVA Provider is enabled to perform network scans, during the Provider installation. For more information, see the "Symantec Vulnerability Assessment 1.0 Implementation Guide."

Adding the network vulnerability configuration
SESA Agents limit network-based audits to the resources and time intervals that are specified in the network vulnerability configurations.
    • If you enable only one SESA Agent to perform all of your network scans, you can use the default network vulnerability configuration. See the section, "Add the default network vulnerability configuration," below.
    • If you enable a separate SESA Agent to perform network scans on each subnet, you must add a new network vulnerability configuration for each SESA Agent. See the section, "Add a new network vulnerability configuration," below.
Add the default network vulnerability configuration
To add the default network vulnerability configuration, do the following:
  1. On the SESA Console System view tab, in the left pane, expand Organizational Units.
  2. Click Default.
  3. In the right pane, right-click the name of the selected SESA Agent.
  4. Click Properties.
  5. In the Computer Properties dialog box, click the Configurations tab.
  6. Click Add.
  7. In the Searching for Configurations dialog box, do the following:
    1. In the Select a Product field, select Vulnerability Assessment.
    2. In the Software Feature list, select Network Vulnerability Configurations.
    3. Click OK.
  8. In the Computer Properties dialog box, on the Configurations tab, do the following:
    1. In the Software feature list, click Network Vulnerability Configurations.
    2. Click Apply.
    3. Click OK.
  9. In the default network vulnerability configuration, change the values of the properties to support your network. For more information, see the section, "Changing the values of the configuration properties," below.

Add a new network vulnerability configuration
The Create a New Configuration Wizard leads you through the process of adding a new network vulnerability configuration to a network scan-enabled SESA Agent. The process includes:
    • Selecting a network scan-enabled SESA Agent
    • Adding a new network vulnerability configuration to the selected SESA Agent
To select a network scan-enabled SESA Agent, do the following:
  1. On the SESA Console Configurations view tab, in the left pane, expand Vulnerability Assessment.
  2. Right-click Network Vulnerability Configurations.
  3. Click New.
  4. In the Create a new Configuration dialog box, click Next.
  5. In the General dialog box, do the following:
    1. In the Configuration name field, type the name of the authorized SESA Agent computer.
    2. In the Description field, type the name of the network or subnet.
    3. Click Next.
  6. In the Computers dialog box, click Add.
  7. In the Searching for Computers dialog box, do the following:
    1. Select the name of the authorized SESA Agent computer.
    2. Click OK.

To add the network vulnerability configuration to the SESA Agent, do the following:
  1. In the Computers dialog box, do the following:
    1. Select the name of the authorized SESA Agent computer.
    2. Click Properties.
  2. In the Computer Properties dialog box, do the following:
    1. Click the Configurations tab.
    2. Click Add.
  3. In the Searching for Configurations dialog box, do the following:
    1. In the Select a Product field, select Vulnerability Assessment.
    2. In the Software Feature list, select Network Vulnerability Configurations.
    3. Click OK.
  4. In the Computer Properties dialog box, do the following:
    1. Select Network Vulnerability Configurations.
    2. Click Apply.
    3. Click OK.
  5. In the Computers dialog box, click Next.
  6. In the Configuration Groups dialog box, click Next.
  7. In the Organizational Units dialog box, click Next.
  8. In the Configuration Properties dialog box, click Next.
  9. In the Configuration Summary dialog box, do the following:
    1. Click Finish.
    2. When the process finishes, click Close.
  10. In the new network vulnerability configuration, change the values of the properties to support your network. For more information, see the document, "Changing the values of the configuration properties," below.

Changing the values of the configuration properties
The SESA Agent uses two configuration properties to determine the scope of its network-based audits:
    • Host name or IP range
    • Scan duration time

Host name or IP range
This property specifies the range of network resources to include in the audit. Examples of common network resources include the following:
      • Computers
      • Printers
      • Routers
      • Certain types of hubs
Since these devices can identify themselves to the network in multiple ways, the number of network resources that a network-based audit can discover generally exceeds the number of physical devices on the network. Note that the Host Name or IP range property is language dependent. If you are using a single-byte language such as English, you can specify the following:
      • Computer name
      • DNS name
      • Universal Naming Convention (UNC) system or resource name
      • IP address
      • MAC address
      • IP address range

If you are using a double-byte language such as Japanese, you can specify only an IP address or IP address range.

CAUTION: Use care when configuring this property. If you enter the wrong value, the network scanner can mistakenly probe a network that you do not have authorization to audit. Auditing a network without authorization can result in civil litigation, criminal prosecution, or both.

Scan duration time:
This property limits the time that a network scanner can take to perform a network-based audit. You can specify an interval from 0 to 999 minutes.
      • By default, the property has a value of zero. This value lets the network scanner run until it finishes auditing all of the network resources in the specified range.
      • A small number may stop the scanner before it can finish the audit.
      • A large number lets the scanner continue to look for new IP addresses after it finishes the audit. This can help you to audit network resources that connect to or disconnect from the network.
      • The scanner reports all of the information that it discovers at the end of the time interval. New audits always start at the beginning of the IP range.
NOTE: Depending on the number of network resources attached to the network subnet being scanned, the audit can take several hours, an entire day, or more. Keep this in mind when setting the scan duration time. If you are not sure, leave the setting at 0 to ensure that the entire sub-net is scanned.
    Change the properties of a network vulnerability configuration
    To change the properties of a network vulnerability configuration, do the following:
    1. On the SESA Console Configurations view tab, in the left pane, expand Vulnerability Assessment.
    2. Expand Network Vulnerability Configurations and do one of the following:
      • If you use the default configuration, click Default, and then right-click the name of the SESA Agent.
      • For a new configuration, right-click the name of the SESA Agent.
    3. In the right pane, click Properties.
    4. In the Properties dialog box, do the following:
      • In the Hostname or IP Range Value field, type a computer name, DNS name, UNC system or resource name, IP address, MAC address, or IP address range. If you type an IP address range, separate the starting and ending IP addresses with a dash; for example, 127.1.3.1-127.1.3.20. If you type several IP addresses, separate the IP addresses with commas;for example, 127.1.3.1,127.1.3.4,127.1.3.7.

        NOTE: Do not use spaces, but only a dash or comma to separate IP addresses.
      • In the Scan Duration Time Value field, type a number from 0 to 999 minutes.
    5. Click Apply to save the changes to the SESA Directory.
    6. Click Yes to distribute the changes to the affected computers.

    Adding the Network Vulnerability Scanner license
    The SESA Agent cannot perform network-based audits without a license. Symantec provides a media kit, maintenance kit, and license kit when you purchase Symantec Vulnerability Assessment. The license kit contains a license certificate. The license certificate lists the information that you need to obtain the Network Vulnerability Scanner license file.

    Symantec provides a walk-around license that all of your network scanners can use. You must make the license available to the SESA Agents that perform network-based audits. This process involves three steps:
      • Obtain the Network Vulnerability Scanner license file
      • Install the Network Vulnerability Scanner license
      • Distribute the Network Vulnerability Scanner license

    Obtain the Network Vulnerability Scanner license file
    To obtain the Network Vulnerability Scanner license file, do the following:
    1. Contact the Symantec Web site at http://www.symantec.com/certificate/.
    2. On the Licensing and Registration Web page, do the following:
      • In the Select a product field, select Symantec Vulnerability Assessment.
      • In the Select a version field, select 1.0.
    3. On the Symantec Vulnerability Assessment Licensing & Registration Web page in the License your Product pane, click Purchased.
    4. On the Symantec Software License Agreement Web page, if you agree to the terms of the License Agreement, click "Yes, I have read the License Agreement and Agree with it."
    5. On the License Form Web page, enter all of the required information.

      NOTE: In both the Company and Product Serial Number field, enter the information exactly as it appears on your license certificate.
    6. Click Submit. Symantec licensing provides the network scanner license file in an email response.

    Install the Network Vulnerability Scanner license
    To install the Network Vulnerability Scanner license, do the following:
    1. On the SESA Console Configurations view tab, in the left pane, expand Vulnerability Assessment.
    2. Expand Licenses.
    3. Click Network Agents.
    4. In the right pane, click Properties.
    5. In the Properties dialog box, enter the following information:
      • In the License Key field, type the 19-character (including dashes) network scanner license key as it appears in the email response.
      • In the Company field, enter the company name from your license certificate.
      • In the Serial Number field, enter the serial number from your license certificate.
    6. Click Apply to save the changes to the SESA Directory.
    7. Click Yes to distribute the changes to the affected computers.
    Distribute the Network Vulnerability Scanner license
    To distribute the Network Vulnerability Scanner license, do the following:
    1. On the SESA Console Configurations view tab, in the left pane, expand Vulnerability Assessment.
    2. Expand Licenses.
    3. Right-click Network Agents.
    4. Click Properties.
    5. In the Configuration Properties dialog box, do the following:
      1. Click the Computers tab.
      2. Click Add.
    6. In the Searching for Computers dialog box, do the following:
      1. Select the name of the network scan-enabled SESA Agent.
      2. Click OK.
    7. In the Configuration Properties dialog box, select the name of the network scan-enabled SESA Agent.
    8. Click Apply to save the changes to the SESA Directory.
    9. Click Yes to distribute the changes to the affected computer.






    Legacy ID



    2003051310444553


    Article URL http://www.symantec.com/docs/TECH111985


    Terms of use for this information are found in Legal Notices