View
1.183
Download
1
Category
Preview:
Citation preview
Building a Business Case for Credentialed Vulnerability
Scanning
2
OutlineWhy are we here?
What is Deep Reflex Testing (DRT) How do we configure DRT DRT Benefits
3
What is DRT?Authenticated, Credentialed, DRT?
Tripwire IP360 DRT – Deep Reflex Testing Alternate Terms: Credentialed, Authenticated, Local Credential Types:
Windows
SSH Key
SSH
SNMPv1/v2
Web – Form
Web - HTTP
4
DRT SpecificsWhat can you access?
SSH-DRT Full CLI
Windows DRT Registry
File System
Partial WMI
SNMP Cisco IOS
Versions
sysDescr
Web - Form Basic HTML Forms
Forms Require one text and one password input
Web - HTTP HTTP Based
Authentication
» Basic, Digest, & NTLM
5
VERT Insider Tip #1Additional Credential Capabilities
Added by VERT for Testing Not officially supported Configured and stored in plaintext Redis and IPMI supported Configuration
Discover
Networks
Configuration
<network>
Virtual Hosts
6
Configuration OptionsHow do you configure DRT?
Credential Configuration Individual Credential Configurations
7
Credential ConfigurationAdding Credentials
8
Windows Authentication
9
SSH-DRT Key-Based Authentication
10
SSH-DRT Password Authentication
11
SNMP Authentication
12
Web – Form Authentication
13
Web – HTTP Authentication
14
VERT Insider Tip #2Missing Required Field Indicator
15
Network BindingDiscovery -> Credentials Management
16
Scan Profile OptionsWhat control do you have?
Special Note Scan Profile -> Basic Scan Profile -> Advanced
17
Special NoteTo Authenticate or Not
You can run unauthenticated scans. These provide a remote view of the host. You cannot run authenticated scans only. The unauthenticated portion of the scan
always run.
18
Scan Profile – Basic TabEnabling Credentials
19
Scan Profile – Advanced TabCommon Mistake
20
Benefits of DRTWhy enable credentials?
DRT by the Numbers DRT Accuracy DRT Automation
21
DRT By the NumbersFinding Value in the Numbers
CVEs Covered Remotely: 4176 Windows DRT CVEs: 9712 SSH-DRT CVEs: 17,121 SNMP CVEs: 432
Total CVE Coverage (Remote Only): 4176 Total CVE Coverage (with Credentials): 24,288
Coverage Gain: ~20,000 CVEs
22
DRT AccuracyIs DRT Better?
DRT Rules have direct access to the system. File version comparison
Direct Package Manager queries
Remote Rules require service interrogation Non-Invasive Remote detection can be difficult
Often the remote service looks like an older version due to source patching
» This can lead to Remote scanning false positive issues
23
DRT AutomationTime to Delivery
Development time for DRT detection is greatly reduced. Linux Coverage is Delivered Weekly
Coverage is generated for: RHEL, Fedora, CentOS, SUSE, OEL, Debian, and Ubuntu
24 Hour Patch Tuesday SLA Full DRT Windows Coverage within 24 hours of Bulletin Release
Many other local platforms are automated for rapid delivery OS X
Java
Mozilla Firefox / Thunderbird
Google Chrome
Adobe Flash
24
Wrap UpPutting it all Together
Tripwire IP360 makes credential configuration easy. 500% coverage increase when using DRT across your environment.
tripwire.com | @TripwireInc
Thank you!
Recommended