4. Some Terminology
§ CSEP (Client Self Electing Platform)
§ Architecture that provides election of a device to host the service
§ AGLS
§ Agentless scanning service
§ Election
§ Process of a series of clients electing on of them to host a service
§ PXE
§ Preboot execution environment
§ XDD
§ Extended device discovery
5. Self Electing Subnet Services
§ Client systems self-organize on the same subnet to provide service(s)
§ Automatic fail-over
§ Avoid duplication of services
§ Client systems trust each other if they report to the same core server
§ Signed messages for security purposes (avoid impersonation)
§ Uses the same client certificates used for CSA access
6. 2017.1 Support Services
§ XDD ARP
§ Passive discovery of wired devices
§ XDD WAP
§ Passive discovery of wireless devices
§ PXE
§ Agentless Inventory Scanning
§ SQL Server Scanning
10. UI Tool for the Self-electing Subnet Services
§ Tool is in the configuration section.
§ Allows controlling services on a subnet and service level.
§ Some services have settings per subnet
13. Agentless Scanning
§ Scan devices without Ivanti agents installed
§ Uses the list of unmanaged devices
§ Discovered through XDD/UDD
§ Uses supplied credentials to attempt to access the machines
§ Supports Windows and Mac.
§ Devices show up in
§ All Devices
§ Agentless Scanner
14. Connecting
§ Windows
§ Attempts to access the administrative share on windows
§ For domain admins it works without modification
§ For non domain devices requires to enable admin share due to UAC
restrictions
§ “Google” how to enable administrative shares for details
§ Mac
§ Uses SSH
15. What’s it doing?
§ Manager attaches to the device (lets call it scan target)
§ Copies several files to the scan target.
§ Creates and starts a service that will execute the inventory
scanner on the scan target.
§ Manager disconnects from scan target goes onto the next device
to be scanned.
16. What’s it doing (cont)?
§ Scanner continues to run on scan target, outputs scan file when
complete.
§ After a period of time the manager will come back and check the
status of the scan target.
§ Manager gathers the output files and submits to the core.
18. Credential Manager
§ Central point to manage credentials in console
§ Not everything there yet, but working on it.
19. Agentless scanner credentials
§ Credentials are ordered
§ Manager will start at the top of the list and attempt in order until one
works
§ Separate types for Mac and Windows
20. SQL scanner credentials
§ Credentials are also ordered.
§ Credentials with Hostname only used on that host.
§ Some of the data we can get just running as system.
§ Some data or configuration requires SQL credentials.
§ Recommend running without credentials first and see if you get
data.
22. SQL scanner
§ Runs as part of the landesk inventory scanner.
§ If SQL is detected on the box will attempt to get details about the
SQL instance.
§ For agentless
§ Uses the same credentials as regular scanner to access the device.
§ Uses sql credentials to access sql server.
26. Agentless Vulnerability Assessment
§ During agentless scan process will invoke Vulscan
§ Must indicate which group to use
§ Reports results similar to agentless inventory
§ Scan only, no repair.
§ Enable per subnet