Adding a SAINT Security Suite Vulnerability Scanner in JSA

Live Scan

JSA creates and runs a new scan on the SAINT Security Suite appliance. After the scan completes, JSA collects and imports a scan report from the SAINT Security Suite appliance.

Report Only

JSA collects and imports scan reports for all scans that are already on the SAINT Security Suite appliance that match the following requirements.

• The scan is not older than the age specified in the Max Report Age field.

• The scan level of the scan matches the specified Scan Level.

• The target map of the scan has at least one IP address in common with the CIDR range.

This option does not start new scans on the SAINT Security Suite appliance. To collect accurate results, ensure that relevant, regularly run scans are scheduled on the SAINT Security Suite appliance.

Normal

SAINT collects information to get the general character of a host and establishes the operating system type and, if possible, the software release version.

Heavy/Vulnerability Scan

The Heavy/Vulnerability Scan level is also known as the heavy policy. SAINT looks for services that are listening on TCP or UDP ports. Any services that are detected are scanned for any known vulnerabilities. This scan includes SAINT's entire set of vulnerability checks, and is the scan policy that SAINT suggests you use in most situations.

Discovery

SAINT scans the targets and determines which targets have live hosts. This scan level only completes the minimum scanning that is required to identify live hosts. Therefore, the Discovery scan is not very intrusive.

Port Scan

SAINT identifies services that are listening on TCP or UDP ports.

Web Crawl

SAINT detects web directories on the targets by scanning ports for web services, and then finds directories by following HTML links, starting from the home page.

SQL/XSS

SAINT looks for SQL injection and cross-site scripting vulnerabilities on web servers. Both generic tests are included. SAINT finds HTML forms and tests all parameters for SQL injection and cross-site scripting, and then checks for known SQL injection and cross-site scripting vulnerabilities.

Windows Patch

SAINT looks for missing Windows patches. Most of the checks for Windows patches require Windows domain authentication.

Content Search

SAINT searches files on Windows and Linux/Mac targets for credit card numbers, social security numbers, or any other patterns that are specified. Authentication is needed. If you are scanning a Linux/Mac target, SSH must be enabled.

PCI

SAINT scans the targets by using all vulnerability checks that are relevant for Payment Card Industry and Data Security Standard (PCI DSS) compliance.

Anti-virus Information

Information is collected about installed AV software, such as last scan date, enabled, definition file dates, and other information that is useful for auditing requirement 5 of the PCI DSS. Information is also collected for Windows versions for many of the AV software products, such as McAfee, Symantec, AVG, F-Secure, MS Forefront, and Trend Micro. Authentication is needed. Facts that contain the string '(Master)' indicate that an anti-virus server, manager, or admin is installed on the target.

FISMA

SAINT scans the targets by using all vulnerability checks that are relevant for Federal Information Security Management Act (FISMA) compliance.

Authentication Test

SAINT authenticates against the targets by using the credentials that are specified when adding a vulnerability scanner.

Win Password Guess

Completes password guess checks against Windows targets by using the password guess and password dictionary configuration options. Authentication is suggested for SAINT to enumerate accounts.

Microsoft Patch Tuesday

Checks for the last published Microsoft patch Tuesday vulnerabilities on the second Tuesday of each month. This scan level and associated content are usually updated by SAINTexpress by noon on Wednesday.

Web Scan (OWASP Top 10)

Checks for vulnerabilities in web servers and web applications, such as SQL injection, cross-site scripting, unpatched web server software, weak SSL ciphers, and other OWASP Top 10 vulnerabilities. It also enables file content checks. Authentication might be necessary for some of the checks that are included.

IAVA (Maps CVEs to IAVA codes)

SAINT scans the targets by using all vulnerability checks that are relevant for Information Assurance Vulnerability Alert (IAVA) compliance.

OS Password Guess

Includes all SAINT password guess features that are designed to guess the operating system password. This policy includes checks for default FTP passwords, and dictionary-based password guesses through Telnet, SSH, and FTP. Authentication is suggested to ensure user account enumeration.

NERC CIP

SAINT scans the targets by using all vulnerability checks that are relevant for North American Electric Reliability Corporation and Critical Infrastructure Protection (NERC CIP) compliance.

Software Inventory

Generates a list of software that is installed on Windows targets. Authentication is needed. The software list is generated by enumerating the uninstall key in the Windows registry. Only software that was registered with the operating system during installation is included. Software that was placed on the system without running an installer program is usually omitted. Registered software that was incorrectly removed from the system might be included in the list after removal.

HIPAA

SAINT scans the targets by using all vulnerability checks that are relevant for Health Insurance Portability and Accountability Act (HIPAA) compliance.

SOX

SAINT scans the targets by using all vulnerability checks that are relevant for Sarbanes-Oxley Act (SOX) compliance.

Mobile Device

The Mobile Device scan level queries Active Directory servers for information about mobile devices that use Exchange ActiveSync, and then uses that information to suggest vulnerabilities on those devices. The devices are listed in the scan results as separate targets even though those targets are not scanned.

For this scan level to succeed, OpenLDAP must be installed on the scanning host, and the scan must run with Windows domain administrator credentials. For more information about Authentication, go to the SAINT Security Suite documentation website - Step 4 – Authentication.

The target list must include at least one Active Directory server, and the SSL certificate for that Active Directory server is installed and configured on the scanning host. For more information about Windows Targets, go to the SAINT Security Suite documentatin website - Authenticating to Windows Targets.

Network Device

Checks for vulnerabilities in routers, switches, and other networking devices.

OVAL Scan

Runs an OVAL/SCAP scan.

For more information about OVAL/SCAP scans, go to the SAINT Security Suite documentation website. From the navigation pane, click User Guide > Using SAINT > SCAP.

None

Do not use any credentials.

HTTP Basic

Use credentials for basic HTTP credentials.

Linux/Unix/Mac (SSH)

Use credentials for connecting to a Linux, UNIX, or Mac server through SSH.

Microsoft SQL Server

Use credentials for connecting to a Microsoft SQL Server database.

Oracle

Uses credentials for connecting to an Oracle database.

Windows Admin

Use credentials of an administrator account on a Windows server.

Windows non-Admin

Use credentials of a non-administrator account on a Windows server.

MySQL

Use credentials for connecting to a MySQL database.

SNMPv3

Use SNMPv3 credentials.

Scan Target Credentials Username

The user name for the scan target credential that you selected.

Scan Target Credentials Password

The password for the scan target credential that you selected.