LANDesk Management Suite 8, v8.1 Creating Custom Vulnerabilities



Similar documents
Software License Monitoring

LANDesk Management Suite 8.7 Extended Device Discovery

LANDesk Management Suite 9.0. Getting started with Patch Manager

LANDESK SOLUTION BRIEF. Patch Management

ALTIRIS Notification Connector Configuration Guide

Resolving the Top Three Patch Management Challenges

LANDESK Service Desk. Desktop Manager

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Tech Brief Q&A: Implementing Endpoint Security in 9.6 SP 2. Presented by Martin Gannon June 21, 2015

ALTIRIS Software Delivery Solution for Windows 6.1 SP3 Product Guide

Custom Vulnerabilities. NA Channel SE Team Lead landesk.com

Event Manager. LANDesk Service Desk

LANDesk Patch and Compliance. Common Troubleshooting steps for Vulnerability Remediation.

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Mobility Manager 9.5. Installation Guide

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Copy Tool For Dynamics CRM 2013

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client

Resetting USB drive using Windows Diskpart command

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Mobility Manager 9.5. Users Guide

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

IBM Endpoint Manager Version 9.2. Software Use Analysis Upgrading Guide

IBM Connections Plug-In for Microsoft Outlook Installation Help

Product Support Notice. FTP backup MSS to a Windows 2003 Server

Directory Integration in LANDesk Management Suite

LANDesk Data Analytics

LANDesk Management Suite 9. Best Practices for Agent Configuration and Deployment (BKM)

Intel Storage System SSR212CC Enclosure Management Software Installation Guide For Red Hat* Enterprise Linux

EventTracker: Configuring DLA Extension for AWStats Report AWStats Reports

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Oracle Enterprise Manager. Description. Versions Supported

Intel RAID Volume Recovery Procedures

SyAM Software* Server Monitor Local/Central* on a Microsoft* Windows* Operating System

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

Recovery BIOS Update Instructions for Intel Desktop Boards

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Intel HTML5 Development Environment. Tutorial Building an Apple ios* Application Binary

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Oracle Enterprise Manager

Patch Management for Red Hat Enterprise Linux. User s Guide

LANDesk Patch Manager. Strategic and Tactical Implementation Guide

EventTracker: Configuring DLA Extension for AWStats report AWStats Reports

Document Exchange Server 2.5

Business Portal for Microsoft Dynamics GP Field Service Suite

DEPLOYING EMC DOCUMENTUM BUSINESS ACTIVITY MONITOR SERVER ON IBM WEBSPHERE APPLICATION SERVER CLUSTER

IBM TRIRIGA Anywhere Version 10 Release 4. Installing a development environment

Print Management. User's Guide

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

Trend Micro PC-cillin Internet Security 2006

Integrate Cisco IronPort Web Security Appliance (WSA)

Basic. Exchange Server. Backup and Restoration. A step by step guide to backing up and restoring

Troubleshooting File and Printer Sharing in Microsoft Windows XP

Novell ZENworks 10 Configuration Management SP3

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Defender Delegated Administration. User Guide

AG MacOS Standalone Array Client Administration Guide

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

Microsoft Dynamics GP SQL Server Reporting Services Guide

Integrate Check Point Firewall

Instructions for Recovery BIOS Update

Managing Qualys Scanners

Configuring the SST DeviceNet OPC Server

Front-Office Server 2.7

EventTracker: Support to Non English Systems

IBM Tivoli Provisioning Manager V 7.1

Lab 05: Deploying Microsoft Office Web Apps Server

for Small and Medium Business Quick Start Guide

Server Installation Guide ZENworks Patch Management 6.4 SP2

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Oracle Enterprise Manager. Description. Versions Supported. Prerequisites

Canaveral iq WBT Add-on for Windows CE 2.12-based Wyse Terminals

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Proven LANDesk Solutions

HP Quality Center. Software Version: Microsoft Word Add-in Guide

Integrating Symantec Endpoint Protection

Active Directory Synchronization with Lotus ADSync

Promotion Model. CVS SUITE QUICK GUIDE 2009 Build 3701 February March Hare Software Ltd

Automating client deployment

DocAve 6 Service Pack 1 Job Monitor

Symantec NetBackup for Lotus Notes Administrator's Guide

Decommissioning the original Microsoft Exchange

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Intel HTML5 Development Environment. Tutorial Test & Submit a Microsoft Windows Phone 8* App (BETA)

Altiris Task Server 6.0 Help

RSA Security Analytics Netflow Collection Configuration Guide

Good Share Client User Guide for ios Devices

RSA Security Analytics Netflow Collection Configuration Guide

Archive One Policy V4.2 Quick Start Guide October 2005

GFI Product Manual. Outlook Connector User Manual

Deploying Business Objects Crystal Reports Server on IBM InfoSphere Balanced Warehouse C-Class Solution for Windows

4.0. Offline Folder Wizard. User Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Symantec AntiVirus Corporate Edition Patch Update

Sage 300 ERP Sage CRM 7.1 Integration Guide

Transcription:

LANDesk Management Suite 8, v8.1 Creating Custom Vulnerabilities Revision 1.0 Rex Moffitt May 26, 2004

Information in this document is provided in connection with LANDesk Software products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in terms and conditions for such products, LANDesk Software assumes no liability whatsoever, and LANDesk Software disclaims any express or implied warranty, relating to sale and/or use of LANDesk Software products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. LANDesk Software products are not intended for use in medical, life saving, or life sustaining applications. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of LANDesk Software. LANDesk Software retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. LANDesk Software makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. Copyright 2004, LANDesk Software, Ltd., All rights reserved. LANDesk, Targeted Multicast, and Peer Download are registered trademarks or trademarks of LANDesk Software, Ltd. or its affiliates in the United States and/or other countries. *Other brands and names may be claimed as the property of others. 2

Table of Contents Introduction... 4 Possible Implementations... 4 Assumptions... 4 Creating a Custom Vulnerability... 4 Creating a Custom Detection Rule... 7 Scanning the Managed Device... 11 Conclusion... 11 3

Introduction In LANDesk Patch Manager 8, v8.1, the ability to create a user defined vulnerability provides an extremely flexible and powerful tool used to implement and maintain patch security on the LANDesk Management Suite network. Users can create Custom Vulnerabilities (and detection rules) to scan managed devices for any Operating System, application, single file, or registry condition to be termed vulnerability. For vulnerable devices, there is the ability to remediate that vulnerability by configuring the appropriate response, such as deploying a patch file, replacing files on the managed devices hard drives, or updating installed applications. Possible Implementations Implementations of the Custom Vulnerabilities are almost limitless. Custom Vulnerabilities can be used to update any application on managed devices. Custom Vulnerabilities can also be used to apply any single file executable to a managed device based on detection rules defined by the LANDesk Management Suite administrator. The following step-by-step procedure is an example of how to create a Custom Vulnerability to update the LANDesk Management Suite client to the same patch level that is on the Core Server. Assumptions Readers need be able to install LANDesk Management Suite 8, v8.1, with the Patch Manager add-on. Managed devices need to be configured with the latest versions of the LANDesk Management Suite Inventory Scanner and Vulnerability Scanner. The reader also needs to be able to create an Enhanced Software Distribution (ESWD) package of a client configuration, used for updating the client. Creating a Custom Vulnerability Creating a Custom Vulnerability allows users to detect the vulnerability of the client not having the latest version of LANDesk Management Suite installed. How to create a Custom Vulnerability: 1. From the Management Suite Console, click Tools Patch Manager. The Patch Manager window appears. 2. Click on the Create New Vulnerability toolbar icon. The General tab appears on the Properties for <Vulnerability> window. 4

Figure 1. General Tab for Properties for <Vulnerability> 3. Type any unique Vulnerability ID number in the Vulnerability ID field. The system generated Vulnerability ID code can be edited. The default entry for the Vulnerability ID is CDateTimestam. The Publish Date is the date the vulnerability is created and cannot be edited. 4. Type any descriptive title for the vulnerability in the Title field. This is the title that is displayed on the Vulnerabilities List. 5. From the Severity drop down list, click Medium. For this vulnerability, a severity of Medium is sufficient, but any option can be selected. 5

6. From the Status drop down list, click on a status. Available options include: Disabled, Enabled, and Unassigned. When a status is specified, the vulnerability is placed in the corresponding group in the Patch Manager Tree view. If the vulnerability is to be part of the next vulnerability scan, click on Enabled, or the vulnerability can be moved to the Enabled Vulnerabilities group after the vulnerability is created. The language setting is automatically set to International or Language neutral (INTL), indicating that the vulnerability can be applied to any language version of the available Operating Systems and/or applications. The Detection Rules field displays all the rules to be used by this vulnerability definition. Create one or more detection rules that tell the Vulnerability Scanner what information to look for on the target clients when they are scanned to determine if they are vulnerable. For this custom vulnerability, the condition (i.e., Vulnerability) to scan for is the presence and version of an application in this case the LANDesk Management Suite client on managed devices. The easiest way to do this is to create a detection rule that scans for a specific representative of LANDesk Management Suite client file (a file that would reside on any device that can be managed via the LANDesk Management Suite console, no matter how basic the client configuration). 7. Click on the Description Tab and type any additional comments in the provided text field that may give a better description of this vulnerability. 8. To create a Detection Rule, comtinue withythe Creating a Custom Detection Rule procedure. 6

Creating a Custom Detection Rule This creates a Custom Detection rule that scans for the LANDesk Management Suite client, and performs the remediation by updating the client files to the desired version. How to create a Custom Detection Rule: 1. From the Properties for <Vulnerability> window, click the Add button. The General tab appears in the Properties for Rule 1 window. Figure 2. General tab for Properties for Rule 1 2. Click on the Remediate radio button. When the Remediate radio button is selected, the Commands tab appears to the right of the Comments tab and the Patch File Name and Patch URL fields become activated for editing. 7

This rule detects the vulnerability and remediates it by updating the LANDesk Management Suite client on the managed device. In this example, the LANDesk Management Suite client is updated to the latest version on managed devices by deploying an Enhanced Software Distribution (ESWD) package as a Patch file. 3. Type the name of the ESWD package in the Patch File Name field, to deploy to the LANDesk Management Suite client to affected computers 4. Type the http:// path for the location of the ESWD patch file in the Patch URL field. 5. Click Generate MD5 Hash to ensure patch file integrity. LANDesk Software strongly recommends always generating a hash file for a patch that needs to be installed on managed devices. A hash file is used to ensure the integrity of the patch file during remediation. The Vulnerability Scanner does this by comparing the hash code the Vulnerability Scanner generates immediately before it attempts to install the patch. If the two hash codes match, remediation proceeds. If they do not match, indicating the patch file has changed in someway since being downloaded to the patch repository, the remediation process quits. 6. Click on the platform(s) in the Affected Platforms field that the Vulnerability Scanner will run on to scan for the LANDesk Management Suite client version. At least one platform must be selected. The list of available platforms is determined by the vulnerabilities that have been updated from the LANDesk Patch Manager Service. If no platforms appear in the list, first update vulnerabilities with the Update Vulnerabilities Settings window. 8

7. Click on the Files tab. The Files tab allows the configuration of specific file condition that the Vulnerability Scanner searches for on managed devices. Figure 3. Files Tab for Properties for Rule 1 8. Click Add to add a new file to scan for. This makes the fields editable. 9. From the Verify Using drop down list, click File Version. The scanner determines if the file is at the same level defined in this rule. The representative LANDesk Management Suite client file that the Vulnerability Scanner searches for on the managed devices is the LANDesk Management Suite Inventory Scanner agent file (LDSISCN32.EXE). VULSCAN.EXE should not be used. In Patch Manager 8, v8.1 the VULSCAN.EXE updates itself to the same version that is in the LDLOGON directory when VULSCAN.EXE is run. 9

10. Type the path the file is located in on the managed device in the Path field. The default path for the Inventory Scanner file is: C:\ldclient\LDISCN32.EXE. Unlike the Inventory Scanner the Vulnerability Scanner only looks in the path specified for the file. It does not search the entire drive for the file. 11. Click Gather Data to obtain the latest version number of the Inventory Scanner agent file. The Select File Representing Target Path Filepath Goes Here window appears. 12. Browse to the Core Server s \LDLOGON directory. 13. Click on the LDISCN32.EXE file. 14. Click Open. The file s version number automatically appears in the Minimum Version field. This is the version number needed on the managed devices. If the version number of the LDISCN32.EXE file currently residing on the managed device is lesser, then the vulnerability is considered to be detected. In order for the vulnerability to be remediate the auto-fix option must be turned on, a scheduled task or a policy must be run to deploy the patch to remediate the vulnerability. 15. From the Requirements drop down list, click File must exist. 16. Click Update. The changes are saved. 17. Click OK. Additional comments can be entered to help describe this detection rule, click the Comments tab and type the desired comments. The detection rule is saved and the Properties for window appears. 18. Click OK. The vulnerability is saved. 10

Scanning the Managed Device Once the Vulnerability and Detection Rule is created, the managed devices need to be scanned to find the vulnerable devices. The Vulnerability Scanner needs to be run on the managed device manually or from a Scheduled Task. Once the vulnerability is detected the Patch needs to be applied by setting the patch to an Auto-Fix state, an Application Policy, or a Scheduled Task to deploy the patch to the vulnerable devices. Conclusion A limitless number of vulnerabilities and remediation tasks, based on a file or registry key values, can be created by following the steps in this document and following the example provided. A managed device can be scanned to apply any single file executable as a Patch for a Custom Vulnerability. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information