NCIRC Security Tools NIAPC Submission Summary Harris STAT Scanner

Transcription

1 NCIRC Security Tools NIAPC Submission Summary Harris STAT Scanner Document Reference: Security Tools Internal NIAPC Submission NIAPC Category: Vulnerability Scanning Date Approved for Submission: Evaluation/Submission Agency: NCIRC Issue Number: Draft 0.01 NATO UNCLASSIFIED RELEASABLE TO THE INTERNET

2 TABLE of CONTENTS 1 Product Category Role Overview Certification Company Country of Origin Web Link Product Description Technical Requirements Limitations Evaluation/Review Conclusions/Comments...5 NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 2 of 5

3 1 Product Harris STAT Scanner version 6 2 Category Vulnerability Scanning 3 Role STAT Scanner is a complete stand-alone vulnerability scanning solution. 4 Overview STAT Scanner is a complete stand-alone vulnerability scanning solution. 5 Certification Earlier versions of Harris STAT Scanner has the following certifications: a) Harris STAT Scanner (STAT Scanner Professional Version 5.08) has been tested and awarded the International Common Criteria Certification (NIAP) Level EAL 2+ a. Certified By The Canadian CSE b. Certification Documents Are Available in English and French c. EAL 2+ augmentations for ACM_CAP.4, ACM_SCP.1, ALC_DVS.1, ALC_FLR.3, ALC_LCD.1, ALC_TAT.1, AVA_MSU.1 b) US Army ACERT Approved Product c) US Navy SPAWAR Preferred Product d) DOD IAVA / SANS Top 20 / MITRE CVE / MITRE OVAL. 6 Company Harris Corporation. 7 Country of Origin USA. 8 Web Link 9 Product Description STAT Scanner is a complete stand-alone vulnerability scanning solution. It includes comprehensive reports, local scan engine Role-Based Access Control (RBAC), many automation features, and a robust vulnerability database. The combination of a field-proven solution, a stringent software development process, and internationally recognized industry certifications NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 3 of 5

4 provides a vulnerability scanning solution that will help support your overall business and operational objectives of securing the network from all threats. STAT Scanner 5 was the first vulnerability scanner to obtain Common Criteria certification, and holds several certifications that required extensive verification testing. Some of these certifications are listed on the Certifications and Standards page. STAT Scanner is engineered to deliver a solid balance of speed and accuracy via its adaptive scanning techniques and false-response correlation technology. Through deep inspection of target systems that include redundant file attribute and registry value correlation, as well as SSH tunneling and authenticated OS fingerprinting refinement, STAT Scanner dramatically reduces the risk of false positives and false negatives. This built-in capability provides a powerful tool to reduce the inherent waste associated with pursuing false alarms, and consequently will optimize the use of your resources. In addition to credential-based scanning, STAT Scanner performs anonymous scans on target systems to which it cannot authenticate. With these null-credential interrogations, it performs a multitude of enumeration techniques including in-depth OS fingerprinting, null session enumeration, port scanning, service identification, and protocol verification. STAT Scanner is capable of adapting its scanning technique based on its access-level to target systems. This adaptive profiling and interrogation of systems guarantees that the most accurate and comprehensive results available to the scan engine are provided. It also indicates the exact level of access it had for each target while performing an assessment to further validate the accuracy of results. This technology helps produce faster results because fewer checks are assessed against each machine. For network-based scanning, the scanning and network discovery operations are performed by the scan engine. Network discovery can be performed in a variety of ways, including IP ranges, Active Directory and/or Network Neighborhood enumerations. These discovery methods can be used separately or in conjunction because the scan engine transparently merges all the results into one cohesive list. STAT Scanner has no issues executing on or scanning any current Microsoft Service Pack, and requires no vendor-provided hardware for operation. STAT Scanner has the following capabilities: a) New vulnerability updates frequently during the month as they are identified and tested b) User is notified upon startup if a more recent STAT Scanner update is present to download from the website c) AutoFix capability for any registry fix or file deletion with re-test feature, also has undo and redo option d) Takes the user to an advisory or patch via hot URL links e) Runs on TCP/IP, NetBEUI, or IPX/SPX protocol f) Network discovery using Network Neighborhood/My Network Places or IP range g) Assesses one host or an entire domain h) Performs a complete security analysis of Windows NT, Windows 95/98/2000/Me/XP, Windows Server 2003, Sun Solaris, HP-UX, RedHat /Mandrake Linux, HP Printers and Cisco Routers. i) Checks for open ports and allows user to customize list of ports to be examined j) Includes password cracker and 200,000 word dictionary k) Contains Online Help to explain every command and feature l) Compares two analysis results for differences and similarities m) Includes many different configuration (policy) files like Quickscan.dat, CVE.dat, and SANS.dat n) Configuration files can be created by user o) Detects operating system type, version, server or workstation p) Sorts on vulnerability name, risk factor, machine name, CVE ID, and SANS Top 20 q) Provides vulnerability description, solution, source, advisory, URL, etc. NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 4 of 5

5 r) Provides executive, network, vulnerability summary or detail Crystal reports s) Exports report results to PDF, XML, HTML, Word, Excel and many more. t) Furnishes history list of an analysis and provides vulnerability STAT us u) Compatible with Mitre Common Vulnerabilities and Exposures (CVE) v) Identifies the SANS Top Technical Requirements STAT Scanner is run by a user with administrative rights to the host or target machine(s) to be scanned. The logon account being used to scan the target machine must be a member of that machine's Administrators group or a domain Administrators group. For target machines with UNIX/Linux operating systems, the user must be able to log onto machine via SSH with administrative account, however 'root' access is not required. STAT Scanner must be installed on a Windows NT 4.0 machine (Server or Workstation) with Service Pack 3 or later, Windows 2000 (Server or Professional), or Windows XP running TCP/IP, NetBEUI, or IPX/SPX.. 11 Limitations STAT Scanner is run by a user with administrative rights. NITC approval must be sought for use of as this application as inappropriate and misconfigured software can cause severe network infrastructure degradation and data loss. 12 Evaluation/Review Conclusions/Comments Harris STAT Scanner has proven to be an effective vulnerability scanning tool used to proactively improve network security within NITC. NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 5 of 5