Network Detective. Security Assessment Module Using the New Network Detective User Interface Quick Start Guide

Similar documents
Network Detective. Network Assessment Module Using the New Network Detective User Interface Quick Start Guide

Network Detective. Using the New Network Detective User Interface Quick Start Guide RapidFire Tools, Inc. All rights reserved.

Paranet Solutions Network Discovery Client. Paranet Professional Services

Network Detective. PCI Compliance Module Using the PCI Module Without Inspector RapidFire Tools, Inc. All rights reserved.

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Pearl Echo Installation Checklist

Network Detective. User Guide. Copyright 2015 RapidFire Tools, inc. All Rights Reserved

Option 1 Using the Undelete PushInstall Wizard.

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Training module 2 Installing VMware View

PrintFleet Local Beacon

Metalogix Replicator. Quick Start Guide. Publication Date: May 14, 2015

Freshservice Discovery Probe User Guide

Server Edition Administrator s Guide

Universal Management Service 2015

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

AdminToys Suite. Installation & Setup Guide

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

Veeam Task Manager for Hyper-V

Installing VinNOW Client Computers

Test Case 3 Active Directory Integration

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

Tech Tips Helpful Tips for Pelco Products

How to add your Weebly website to a TotalCloud hosted Server

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

1. Installation Overview

Server Installation, Administration and Integration Guide

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

Nagios XI Monitoring Windows Using WMI

Advanced Event Viewer Manual

CafePilot has 3 components: the Client, Server and Service Request Monitor (or SRM for short).

ILTA HANDS ON Securing Windows 7

Installation Guide. Installing MYOB AccountRight in a Remote Desktop Services Environment

Network Detective. Network Detective Inspector RapidFire Tools, Inc. All rights reserved Ver 3D

ACTIVE DIRECTORY DEPLOYMENT

How To - Implement Single Sign On Authentication with Active Directory

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Interworks. Interworks Cloud Platform Installation Guide

MAPILab Reports for Hardware and Software Inventory Installation Guide. Document version 1.0

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

FlexSim LAN License Server

Enterprise Manager. Version 6.2. Installation Guide

Core Protection for Virtual Machines 1

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

support HP MFP Scan Setup Wizard 1.1

Installation and Deployment

NetIQ. How to guides: AppManager v7.04 Initial Setup for a trial. Haf Saba Attachmate NetIQ. Prepared by. Haf Saba. Senior Technical Consultant

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Installation Notes for Outpost Network Security (ONS) version 3.2

IIS, FTP Server and Windows

RSA Authentication Manager 7.1 Basic Exercises

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

CommandCenter Secure Gateway

Global VPN Client Getting Started Guide

Windows XP Service Pack 2 Windows Firewall Group Policy Setup for Executive Software Products

Windows Clients and GoPrint Print Queues

FMAudit Local Agent Deployment Expectation Settings to Prepare Your Client IT Departments

Scan to SMB(PC) Set up Guide

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

How to install/upgrade the LANDesk virtual Cloud service appliance (CSA)

Installation Overview

Quick Start Guide. User Manual. 1 March 2012

Enterprize Setup Checklist

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

Server Manager Performance Monitor. Server Manager Diagnostics Page. . Information. . Audit Success. . Audit Failure

Active Directory Integration

Quickstart Guide. First Edition, Published September Remote Administrator / NOD32 Antivirus 4 Business Edition

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Quick Start Guide. IT Management On-Demand

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

Comodo Endpoint Security Manager SME Software Version 2.1

Barracuda Message Archiver Vx Deployment. Whitepaper

Setting Up a Backup Domain Controller

XEROX, The Document Company, the stylized X, and the identifying product names and numbers herein are trademarks of XEROX CORPORATION.

Paragon Protect & Restore

QUANTIFY INSTALLATION GUIDE

Remote Desktop access via Faculty Terminal Server Using Internet Explorer (versions 5.x-7.x)

MS Lync/OCS CallRex Installation Guide

Installing S500 Power Monitor Software and LabVIEW Run-time Engine

Creating client-server setup with multiple clients

Sage Peachtree Installation Instructions

CODESOFT Installation Scenarios

Thinspace deskcloud. Quick Start Guide

Acronis Backup & Recovery 11.5 Quick Start Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

Acronis Backup & Recovery 11

SSL VPN Setup for Windows

Employee Active Directory Self-Service Quick Setup Guide

EIOBoard Intranet Installer Guide

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

Installing and Configuring Active Directory Agent

intertrax Suite resource MGR Web

Pcounter Web Report 3.x Installation Guide - v Pcounter Web Report Installation Guide Version 3.4

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

SysAid Remote Discovery Tool

Transcription:

Network Detective Security Assessment Module Using the New Network Detective User Interface Quick Start Guide 2016 RapidFire Tools, Inc. All rights reserved. V20160111 Ver 3M

Overview The Network Detective Security Assessment Module is composed of the Network Detective application, the Network Detective Data Collector used to perform network the network scan as well as local computer scans, and the Push Deploy Tool used to set-up and execute local computer scans from a centralized location on the network. Network Detective is quick and easy to use; there are just four basic steps: 1. Run the Network Detective Desktop Software to Create Site Files to Manage Your Assessments - Site files can be created to manage assessments for specific customer accounts, remote office locations, data centers, departments, organizational units, or any structure that is applicable the environment on which you are performing a network assessment. 2. Start a New Security Assessment Once the Site is created; you start a New Assessment and perform the security assessment s data collection process as detailed in the assessment process Checklist that you can view in the Assessment Window. After each scan type is complete, run the Network Detective Desktop Software tool go to your Active Assessment, and import the scan files generated in step 3 into the assessment. 3. Perform Data Collection - Run scans as required for the Security Assessment process. If possible, run the Network Scan from the Primary Domain Controller on the network. The output of the scan will be a.zip file containing module specific scan files (.ndf,.cdf,.sdf). Be sure that you document the name of the folder used to store scan data results files for later importing into your assessment. When the optional External Vulnerability Scan is performed, the scan data will be stored in a.vul file. 4. Run Security Assessment Reports - Customize the report by setting up your company s branding of the report to be generated with your logos and client information, and run the reports. The Network Detective Report Wizard will step you through this process. 1

Step 1 - Security Assessment Project Initial Set-up A. Go to www.rapidfiretools.com/nd to download and install the Network Detective application. Then run Network Detective and login with your credentials. B. Create a Site in Network Detective. Step 2 Start an Active Security Assessment A. From within the Site Window, select the Start button that is located on the far right side of the window to start the Assessment. Next, select one of the Security Assessment options presented. Select either the Domain or Workgroup option depending on the type of network you are assessing. Then follow the prompts presented in the Network Detective Wizard to start the new Assessment. 2

B. Once the new Security Assessment is started, a Checklist is displayed in the Assessment Window presenting the Required and Optional steps that are to be performed during the assessment process. Below is the Checklist for a Security Assessment. C. Complete the required Checklist Items and use the Refresh Checklist feature to guide you through the assessment process at each step until completion. You may also print a copy of the Checklist for reference purposes by using the Printed Checklist feature. Step 3 Data Collection A. Using Network Detective installed on your own computer, initiate the External Vulnerability Scan in the Scans section of the Network Detective Assessment Window. (Optional) B. To start the network scans on the target network, login to the Domain Controller with Administrator privileges. C. Download the Network Detective Data Collector program from www.rapidfiretools.com/nd and save to either your client s Domain Controller or a USB drive Note: You may extract the Data Collector files to a folder on either the Domain Controller or the USB drive. Then you can run "RunNetworkDetective.exe" to launch the GUI. Before using a USB drive in the data collection process, please refer to Appendix I Using a USB Drive found on page 9. D. Right-click on the downloaded file and run-as administrator to ensure you are running with elevated credentials. (This is a self-extracting zip file and is completely non-invasive it is not installed on the domain controller or any other machine on the client s network.) 3

Best Practices: The Data Collector makes use of multiple technologies/approaches for collecting information on the client network, including Remote Registry and Remote WMI to gather system information (CPU, Memory, Disk space, etc.) and installed applications. Enable Windows Firewall: Allow remote administration exception in Group Policy. Add/Define Windows Firewall: Define Port Exceptions enabled:remote Registry for IP range in Group Policy. (While enabling remote protocols is optional and not always possible, this will provide network access to each of the machines so that the data collector can gather data from the individual systems. Even without this, Network Detective can provide useful information on the systems from Active Directory and the port scans.) E. Next, after starting the Data Collector select the Network Data Collector and Security Data Collector options and follow the wizard-driven prompts. F. After the Data Collector Network Scan is complete, either save the scan results file to a USB drive for later importing of the results into the assessment or email the file for later access. Make sure the USB has sufficient free space to extract and save the Data Collector files and to store the scan results data files. G. Importing the Network Scan file into your Assessment From within the Scans section of the Assessment Window, select the Import Scan File button H. Then, browse the folder storing the Network Scan results data file generated by the Network Data Collector either stored on a USB drive or in another location on your computer. Select the file, and then Open the file to import the scan results into your assessment. Upon completing the Import of the Network Scan data, review the Checklist in the Assessment Window and then proceed to the next step below. 4

I. Next, to perform the Security Data Collection Scans of computers and wireless networks within the network, download and install the Push Deploy Tool on your USB drive from www.rapidfiretools.com/nd. Information about surrounding wireless networks is collected if the Collector scans a computer that has a wireless Network Interface Card (NIC) installed. J. Then initiate the Security Data Scan using the Push Deploy Tool by selecting the Security Data.SDF scan option selected and then run the scan. Next Import the scan results into your assessment. Note: For the Push Deploy Tool to push the local security scans to computers throughout the network to perform local computer security scans, you need to ensure that the Windows Management Instrumentation (WMI) service is running and able to be managed remotely on the computers that you wish to scan. Sometimes Windows Firewall blocks Remote Management of WMI, so this service may need to be allowed to operate through the Firewall. Push/Deploy also relies on using the Admin$ share to copy and run the data collector locally. Admin$ must be present on the computers you wish to scan, and be accessible with the login credentials you provide for the scan. For Workgroup based networks, the Administrator credentials for all workstations and servers that are to be scanned are recommended to be the same. If the Workgroup based network does not have a consistent set of Administrator credentials for all machines to be scanned, then proceed to the next step of using the Computer Data Collector to perform local computer scans on each computer, one at a time. Or, you can also run the Push Deploy Tool on the Workgroup network multiple times using each set of Administrator credentials. Tip!: Create a shared network folder to centralize and store all Local Computer Security Scan results data files created by the scans performed by the Push Deploy Tool. Then reference this folder in the Storage Folder field to enable the local computer security scan data files to be stored in this central location. K. For computers that were unreachable during the Local Scans run using the Push Deploy Tool, you will need to run the NetworkDetectiveDataCollector.exe program downloaded previously from a folder on a local computer or a USB drive. The Network Detective Data Collector is a 5

self-extracting.zip file. Once this file is downloaded and extracted into a folder, right click on the file named RunNetworkDetective.exe and run the Data Collector file as an Administrator. Then, select the Local Computer Data Collector and Security Data Collector options, select the Next button, and complete the set-up of the local computer scans by following the prompts. In this instance, the Data Collector is being used to perform Local Scans on individual computers (workstations or servers) to collect information for each system. Use this if/when WMI and other network protocols are blocked from working over the network from the Network Data Collector scan, or when scanning non- Domain networks. When you run the Data Collector to perform local scans you will see a scan progress window present on the computer you are scanning. Once a computer scan is performed, the scan results files will be placed within a.zip file (that contains.cdf,.sdf, and.wdf files) stored in the folder where the Data Collector was executed from or specified during the scan set-up process. Copy and save the scan results file to a USB drive for later importing of the results of each computer scan performed into your security assessment. L. Once all of the scan data is imported into the Assessment, the assessment s Checklist will indicate that the Reports are ready to be generated. 6

Step 4 Generating Reports NOTE: This step is NOT performed at the client site or network. Network Detective should be installed on your workstations or laptop. Install Network Detective from www.rapidfiretools.com/download if you have not already done so. A. Run Network Detective and login with your credentials. B. Then select the Site, go to the Active Assessment, and then select the Reports link to the center of the Assessment Window in order select the reports you want to generate. Then select which of the Network Assessment reports that you want to generate. C. Select the Create Reports button and follow the prompts to generate the reports you selected. D. At the end of the report generation process, the generated reports will be made available for you to open and review. The Security Assessment module can generate the following reports: Network Security Risk Review - This report includes a proprietary Security Risk Score and chart showing the relative health (on a scale of 1 to 10) of the network security, along with a summary of the number of computers with issues. This powerful lead generation and sales development tool also reports on outbound protocols, System Control protocols, User Access Controls, as well as an external vulnerabilities summary list. Network Security Management Plan - Network Management Plan This report will help prioritize issues based on the issue's risk score. A listing of all security related risks are provided along with recommended actions. Network Security PowerPoint - Use our generated PowerPoint presentation as a basis for conducting a meeting presenting your findings from the Network Detective. General summary information along with the risk and issue score are presented along with specific issue recommendations and next steps. External Vulnerabilities Scan Detail Report - A comprehensive output including security holes and warnings, informational items that can help make better network security decisions, plus a full NMap Scan which checks all 65,535 ports and reports which are open. This is an essential item for many standard security compliance reports. 7

Outbound Security Report - Highlights deviation from industry standards compared to outbound port and protocol accessibility, lists available wireless networks as part of a wireless security survey, and provides information on Internet content accessibility. Security Policy Assessment Report - A detailed overview of the security policies which are in place on both a domain wide and local machine basis. Share Permission Report - Comprehensive lists of all network shares by computer, detailing which users and groups have access to which devices and files, and what level of access they have. User Permissions Report - Organizes permissions by user, showing all shared computers and files to which they have access. User Behavior Analysis Report - Shows all logins, successful and failure, by user. Report allows you to find service accounts which are not properly configured (and thus failing to login) as well as users who may be attempting (and possibly succeeding) in accessing resources (computers) which they should not be. Login History by Computer Report - Same data as User Behavior but inverted to show you by computer. Quite useful, in particular, for looking at a commonly accessed machines (file server, domain controller, etc.) or a particularly sensitive machine for failed login attempts. An example would be CEO s laptop or the accounting computer where you want to be extra diligent in checking for users trying to get in. Login Failures by Computer Report This report identifies users who have succeeded in logging in to another machine. Great for auditing/logging purposes to know of all attempts. 8

Appendix I Using a USB Drive It is often handy to use a USB drive so that you are not downloading anything onto the client or prospect machine. And it is extremely useful when using the Local Data Collector. To setup the USB drive, simply download and run NetworkDetectiveDataCollector.exe, and unzip it directly to the USB drive (uncheck When done unzipping ). To run a scan from the USB, run any of: RunNetworkDetective.exe runs the interactive Data Collector. This is the same as downloading and unzipping/running the Data Collector from the download site. runlocalsecurity.bat runs the Data Collector to perform a local Security data collection. The Data Collector opens in a command prompt window and produces an SDF file which is then stored inside of a zip file where the zip file name itself contains the name of the PC. The zip file produced containing the security scan data is located in the directory/folder that the Data Collector is run from. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information