3. www.rac.cz
RiskAnalysisConsultants
V060420
RAC QualysGuard InfoDay 2012 3
Testování s autentizací
V současné době převládající typ testování
2013 přibyla podpora dalších platforem
Podpora dalších typů autentizací
Některé autentizace pouze pro PC testování
Testování s autentizací
4. www.rac.cz
RiskAnalysisConsultants
V060420
RAC QualysGuard InfoDay 2012 4
Testování s autentizací
Jsou nutné vysoká práva, nejlépe domain admin či root
Nedůvěra zákazníků při ukládání hesel a přístupových
informací do „Cloudu“
Řešení – použití externích úložišť pro autentizaci
První platforma, která byla k dispozici - Cyber Ark
2013 doplněna podpora dalších platforem pro úschovu
přístupových údajů
Authentication Vaults
5. Authentication Vaults
• In large organizations where thousands of machines are scanned
regularly for vulnerabilities, managing passwords is a challenge.
• Some organizations are reluctant to let their credentials leave the
network
6. Vault Integration: How it works
1. User launches a trusted
scan from the Qualys
SOC
2. The Scanner Appliance
(SA) get the credentials
from the Vault
3. The SA scans the target
using the credentials
(Windows and Unix)
4. Scan results are exported
to the Qualys SOC
12. www.rac.cz
RiskAnalysisConsultants
V060420
RAC QualysGuard InfoDay 2012 12
Standard (OVA)
VMware vCenter Server (+ESXi or ESX), VMware ESXi; ESX,
VMware Workstation; Player; Fusion, Oracle VM VirtualBox, Citrix
XenServer
VMDK
older VMware platforms lacking support for OVA and OVF formats
Microsoft Hyper-V
Microsoft Windows 2008 R2, Windows 2008, Windows 2012,
Windows 8
Amazon Machine Image
Amazon EC2-Classic, Amazon EC2-VPC
VMware vApp
VMware vCenter, VMware vCloud (with IP Pool)
OVF 0.9
VMWare ESX/ESXi 3.5
Virtual Appliance – nové platformy
14. www.rac.cz
RiskAnalysisConsultants
V060420
RAC QualysGuard InfoDay 2012 14
Přidány další platormy
AIX 5-7, HPUX 11.iv1, HPUX 11.iv2, HPUX 11.iv3
CentOS 4-6, Debian GNU/Linux, SUSE Linux Enterprise 9, 10, 11, Ubuntu 9.x- 12.x
Oracle Enterprise Linux 4.x, 5.x, 6.x, Red Hat Enterprise Linux 3, 4, 5.x, 6.x, openSUSE 10.x, openSUSE 11.x
Cisco IOS 12.x, Cisco IOS 15.x
IBM DB2 9.x, IBM HTTP Server 7.x
IBM WebSphere Application Server 7.x
Mac OS X 10.x
Microsoft SQL Server 2000, 2005, 2008, 2012
MS IIS 6.0, MS IIS 7.x
Oracle 9i, 10, 11g
Solaris 8,9,10,11
VMWare ESX Server 3.x, VMWare ESX Server 4.x, VMware ESXi 4.x, VMware ESXi 5.x, VMware vFabric Web
Server 5.x
Windows 2000
Windows 2000 Active Directory
Windows 2003 Active Directory
Windows 2003 Server
Windows 2008 Active Directory
Windows 2008 Server
Windows 2012 Server
Windows 7, Windows 8, Windows Vista, Windows XP desktop
Podpora platforem
Users now have the option to leverage their existing Quest One Privileged Password Manager (formerly e-DMZ PAR) for their QualysGuard authenticated scans – for both vulnerability scans and compliance scans of Windows and Unix hosts. How it works: In order to retrieve the password from Quest, the scanning engine authenticates to the Quest server using the credentials provided in the vault record, and then searches for the System Name provided in the Windows/Unix authentication record to get the password. A single exact match of the system name must be found in order for authentication to be successful. Follow these steps to create and deploy a Quest Vault:1) Go to the vaults list. Go to Scans > Authentication and then select New > Authentication Vaults. 2) Create a new Quest Vault authentication record. Select New > Quest Vault. 3) Enter the vault record definition. Enter vault record details including a vault title, the IP address of the Quest server where the vault is stored, the port number where the Quest server is running, the user name to be used, and the encryption key that is required to access the vault. Be sure to click Save. 4) Select the Authentication Vault option in authentication records. You can select a vault in Windows and Unix records. In the Login Credentials section, select “Authentication Vault” and the vault type “Quest Server”. In the fields provided enter the user name for the system user account to be used, the title of the Quest Vault record you created in your QualysGuard account, and the name of the managed system that contains the password to be used for authenticated scans. 5) Launch a scan. To launch a vulnerability scan, go to VM > Scans and then select New > Scan or select New > Schedule Scan to schedule it for later. To launch a compliance scan, go to PC > Scans and then select New > Scan or select New > Schedule Scan to schedule it.
Using the Quick Actions menu, you can pull a report for the specific vulnerability listed from iDefense. This allows you to see your asset groups at the most risk. You can also get a list of the impacted hosts for this particular vulnerability. Introducing Microsoft Patch Tuesday Predictions (Beta) We are pleased to announce the launch of the QualysGuard Vulnerability Predictive Analytics Engine (Beta). The Predictive Analytics Engine provides users with vulnerability predictions and analyzes whether systems are vulnerable to attacks without the need to perform a new scan. A complimentary new dashboard widget called “New MS Patch Releases” leverages the Predictive Analytics Engine for Microsoft Patch Tuesday vulnerabilities to give users a preview into the risk of the most recent vulnerabilities associated with Microsoft security bulletins, also without the need to perform scans. Please contact your Technical Account Manager to learn more about the Beta program. New MS Patch Releases New MS Patch Releases is a new dashboard widget that is available to complement the service. Tip: If the New MS Patch Releases widget does not appear on your dashboard, click the Configure link next to “Dashboard” and select it in the Dashboard Setup. KnowledgeBase Predictions The Predictive Analytics Engine also makes predictions for many more vulnerabilities in the KnowledgeBase. Go to KnowledgeBase > Predictions to explore all the available vulnerabilities that can be predicted and their impact on your host assets. How it Works As new vulnerabilities are inserted in the KnowledgeBase on an ongoing basis, some of them can be predicted based on an analysis of the current host scan results within your account without the need to perform a new scan. These host scan details are used to make predictions: operating system, software installed and software version installed. The Predictive Analytics Engine assigns a confidence level to predictions, Likely or Potential, and when hosts with predicted vulnerabilities are scanned and they are detected the confidence level will be changed to Confirmed .