Custom Vulnerabilities. NA Channel SE Team Lead John.Wyckoff @ landesk.com 802-825-5863



Similar documents
LANDesk Management Suite 8, v8.1 Creating Custom Vulnerabilities

Tech Brief Q&A: Implementing Endpoint Security in 9.6 SP 2. Presented by Martin Gannon June 21, 2015

Software License Monitoring

LANDESK Service Desk. Desktop Manager

Resolving the Top Three Patch Management Challenges

LANDesk Patch and Compliance. Common Troubleshooting steps for Vulnerability Remediation.

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Self Service. Jeff Hance LANDESK Software

Proven LANDesk Solutions

LANDESK Service Desk. Supported Platforms and Feature Compatibility

System Event Log (SEL) Viewer User Guide

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Event Manager. LANDesk Service Desk

Endpoint Security Management

Ben Hall Technical Pre-Sales Manager Barry Kew Pre-Sales Consultant

LANDesk Data Analytics

System Event Log (SEL) Viewer User Guide

Managing Security Risks in Modern IT Networks

LANDesk Patch Manager. Strategic and Tactical Implementation Guide

LANDESK SOLUTION BRIEF. Patch Management

Active Directory 2008 Operations

Getting Ahead of Malware

Intel System Event Log (SEL) Viewer Utility

NovaScale Blade 2GB Brocade SAN Switch Module (BBRM)

Resetting USB drive using Windows Diskpart command

LANDesk Management Suite 8.7 Extended Device Discovery

What s New in LANDESK Service Desk Version 7.8. Abstract

Intel System Event Log (SEL) Viewer Utility

Intel Entry Storage System SS4000-E

Intel System Event Log (SEL) Viewer Utility

Dialogic System Release 6.0 PCI for Windows

Pre-Installation Instructions

Mobility Manager 9.5. Installation Guide

XID ERRORS. vr352 May XID Errors

Intel Storage System SSR212CC Enclosure Management Software Installation Guide For Red Hat* Enterprise Linux

SapphireIMS 4.0 Asset Management Feature Specification

How To Secure An Rsa Authentication Agent

GFI Product Comparison. GFI LanGuard 2011 vs Retina Network Security Scanner

Front-Office Server 2.7

GFI Product Comparison. GFI LanGuard 2011 vs Microsoft Baseline Security Analyzer 2.2

BlackBerry Enterprise Server Resource Kit BlackBerry Analysis, Monitoring, and Troubleshooting Tools Version: 5.0 Service Pack: 2.

Siebel Application Deployment Manager Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

Third-party software is copyrighted and licensed from Kofax s suppliers.

Sage HRMS 2014 Sage Employee Self Service

RSA SecurID Software Token Security Best Practices Guide

Front-Office Server 2.7

Intel Matrix Storage Console

Document Exchange Server 2.5

Intel System Event Log (SEL) Viewer Utility. User Guide SELViewer Version 10.0 /11.0 December 2012 Document number: G

Linux. Managing security compliance

Securing Endpoints without a Security Expert

Desktop Authority vs. Group Policy Preferences

IBM Endpoint Manager Version 9.2. Software Use Analysis Upgrading Guide

LANDesk Service Desk Certified in All 15 ITIL. v3 Suitability Requirements. LANDesk demonstrates capabilities for all PinkVERIFY 3.

Streamlining Web and Security

Intel Cyber Security Briefing: Trends, Solutions, and Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp

Terminal Emulation Productivity Continues

FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO

Windows Scheduled Tasks Management Pack Guide for System Center Operations Manager. Published: 07 March 2013

Classroom Management, part of Intel Education User Manual

How To Fix An Lmx9838 Bluetooth Serial Port Module With Bluetooth (Bluetooth 2) From A Bluetooth Bluetooth 4.2 Device With A Bluembee 2.2 Module

CA Nimsoft Monitor. Probe Guide for E2E Application Response Monitoring. e2e_appmon v2.2 series

Mobility Manager 9.5. Users Guide

Web Service. User Manual

Intel SSD 520 Series Specification Update

KofaxExpress. Installation Guide

Directory Integration in LANDesk Management Suite

BlackBerry Enterprise Server for Microsoft Office 365. Version: Release Notes

Intel NetStructure Host Media Processing Release 2.0 for Windows

Reference Architecture: Enterprise Security For The Cloud

Intel Management and Security Status Application

Android Driver s App Update Version 1.89 Samsung Galaxy Tab 4

Front-Office Server 2.7

IBM Endpoint Manager for OS Deployment Windows Server OS provisioning using a Server Automation Plan

Wimba Create. Version 2.6. Installation Guide

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Intel RAID Volume Recovery Procedures

Intel Solid-State Drive Data Center Tool User Guide Version 1.1

Intel HTML5 Development Environment. Article - Native Application Facebook* Integration

Oracle WebLogic Server

Intel Remote Configuration Certificate Utility Frequently Asked Questions

Altiris Task Server 6.0 Help

System Image Recovery* Training Foils

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

Intel Dialogic System Release 6.1 CompactPCI for Windows

Keynote DeviceAnywhere/HP Application Lifecycle Management (HP ALM/QC) Integration Guide. TCE Automation 5.2

Hadoop Applications on High Performance Computing. Devaraj Kavali

Document Exchange Server 2.5

How to Configure Intel X520 Ethernet Server Adapter Based Virtual Functions on Citrix* XenServer 6.0*

Spambrella SaaS Support Terms & Conditions

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

IBM TRIRIGA Anywhere Version 10 Release 4. Installing a development environment

FLoader User's Manual

Decommissioning the original Microsoft Exchange

How Configuration Management Tools Address the Challenges of Configuration Management

LANDesk Management Suite 9.0. Getting started with Patch Manager

LVS Troubleshooting Common issues and solutions

Oracle 10g ODBC Installation Guide. Voyager Version 9.0+

Software Usage Analysis Version 1.3

Intel Media SDK Library Distribution and Dispatching Process

Transcription:

Custom Vulnerabilities NA Channel SE Team Lead John.Wyckoff @ landesk.com 802-825-5863

LANDesk Solutions Systems Lifecycle Management Power & Infrastructure Management Endpoint Security & Compliance Virtualization Management Management Automation Platform IT Service Management Asset Lifecycle Management 2

Agenda What is a custom vulnerability? Custom Vulnerability details Vulscan command-line parameters How to create user-defined Vulnerabilities Configure detection Configure remediation with patch commands Export User-defined vulnerabilities in XML format for import to additional cores Customer Examples

Docs and references Custom Vul Community section http://community.landesk.com/support/community/security/customvuls Mode Cmd http://community.landesk.com/support/message/50390#50390 4

What is a Custom Vulnerability? lets you target specific situations, run programs/scripts to change an unwanted situation to one you want or report wanted information back into database! If OS= this and App ver= this and xyz= this, then do this

Instead of..try this...inventory ALL software (mode=all for 8.7) looking for Oracle config files.create a custom vul to detect and report with option to update or delete.ora cfg files.search registry for possible undesirable changes..create custom vul to detect changes to specific reg key value and report with option to change back & report of change! Example system restore, runonce keys, wallpaper, etc.guess WMI values on a client or server..create a custom vul to run a VB Script to grab WMI parameters and place into LANDesk database Active Dir GPOs applied, windows share names, etc

Anything you can do, I can do custom. 7

Anything you can do, I can do custom.pg 2 8

Managed Client Vulscan operation vulscan.exe It performs both scan and repair operations on managed node Vulnerability Scan task launches vulscan.exe with: 9 /AgentBehavior=x /scan=y commandline option Vulscan finds core is by: hklm\software\intel\landesk\ldwm, value CoreServer. Overridden with the /CoreServer=corename commandline Requests the latest vulnerability info, one type at a time Performs the scan Submits the results to the core for that type Moves on to the next type When all types scanned, asks for any patches it should apply. Web service on core returns list of patches (found vulnerable) with autofix If installs one or more patches: Re-scan and submit new results to core Or it will reboot the machine runonce key to scan again. Decides whether to reboot with PendingFileRename key in the registry

command-line options Vulscan supports other command-line options which are not documented in the end user documentation. These options are used for testing or internally by vulscan when it launches itself. /fix - Same as repair option. /norepair - runonce key after installing one or more patches which require a reboot of the system. /o=outputfilename /I=InputFilename - submit a previously saved scan /logfile= or /log= use a log filename other than vulscan.log. /deviceid=value - submit a different deviceid /coreserver= - Overrides the CoreServer value found in the registry /remove - uninstall itself /local - only get files from its peer /noelevate /reset - remove delta file /noupdate - stops vulscan.exe update /clear or /clearscanstatus - remove all vulnerability scan information 10

Vulscan action VB Scripting as a repair action Multiple, separate vbscript actions could be created in between other non-vbscript actions. Custom variables that were available at scan time are available at repair time Custom variables are used in scan or repair section Element of the vulnerability, not the individual rules in a definition CustomVariable ( variable Name ) is to get variable value Result is always treated as a single string integer Types of custom variables: string, integer, multi-value string, and enumeration 11

Question? What is the difference between a Custom Vul, Vul, Security Threat, etc in the LANDesk database? Mode type

Content Definition Types ID Type Description Detected using 0 Vulnerabilities Security related patches Files and/or registry keys 1 Spyware Spyware families Specialized (lsas.dll) 2 Security threats Security configuration issues VBscript 3 LANDesk updates Patches for LANDesk software Files and/or registry keys 4 Custom definitions User-defined vulnerabilities VBscript, files, or registy 5 Blocked applications Prohibited applications Specialized (softmon) 6 Software updates Non-security patches Files / registry keys 7 Driver updates Non-security driver updates VBscript 8 Antivirus Antivirus configuration issues VBscript

So What can a Cust Vul do? Chg a Reg key from wrong to right Tweak LANDesk client settings Grab Reg key data and place into LD DB Remove software Update software Parse WMI fields and post to LD DB inv record Parse Win OS event log for specific event name and # of within a time frame

Thank You! The information herein is the confidential information and/or proprietary property of LANDesk Software, Inc. and its affiliates (referred to collectively as LANDesk ), and may not be disclosed or copied without prior written consent of LANDesk. To the maximum extent permitted under applicable law, LANDesk assumes no liability whatsoever, and disclaims any express or implied warranty, relating to the sale and/or use of LANDesk products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right, without limiting the rights under copyright. LANDesk retains the right to make changes to the information herein or related product specifications and descriptions, at any time, without notice. LANDesk makes no warranty for the use of the information herein and assumes no responsibility for any errors that can appear nor does it make a commitment to update the information contained herein. For the most current product information, please visit www.landesk.com. Copyright 2010, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or trademarks of LANDesk Software, Inc. and its affiliates in the United States and/or other countries. Other brands and names may be claimed as the property of others. 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information