Addmi 12-basic scan


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Additional notes for questions: UNIX is tried first as it fails faster than Windows. This is not configurable. SNMP is tried third, but as SNMP discovery is not configurable and recovers a reduced fixed set of infrastructure information it is left off this slide.
  • Need to list by IP, cannot list by name.
  • Covered in more details in Discovery Credentials module
  • Covered in more details in Discovery Credentials module
  • Networking equipment, Fragile hosts, storage equipment, DNS round robin IP’s, global traffic mngr are a few examples of devices or end points that customers have wanted to exclude
  • Optionally you may wish to complete the labs that have been prepared to accompany this module. Please download the lab zip file that should be available where you accessed this module. Make sure you have access to a running appliance before attempting the labs. It is best to use the training demo VA provided as it is set up to work with the labs. You may need to review tutorial material in order to work out the solutions.
  • Addmi 12-basic scan

    1. 1. Scanning Basics Telling Atrium Discovery What and When
    2. 2. The Basics of Scanning Outline <ul><li>Basic Discovery Essentials: </li></ul><ul><li>What to scan </li></ul><ul><ul><li>IP ranges </li></ul></ul><ul><ul><li>Credentials </li></ul></ul><ul><ul><li>Exclude ranges </li></ul></ul><ul><li>When to scan </li></ul><ul><ul><li>Setting up discovery runs </li></ul></ul><ul><li>View Results </li></ul><ul><ul><li>Discovery Run details </li></ul></ul><ul><ul><li>Node details </li></ul></ul><ul><ul><li>Provenance details </li></ul></ul>
    3. 3. The Basics of Scanning <ul><li>Scanning is a process of probing your network to see what information can be gathered about the endpoints found </li></ul><ul><li>You need to tell Atrium Discovery </li></ul><ul><ul><li>What to scan (and perhaps what not to scan) </li></ul></ul><ul><ul><ul><li>IP ranges (one, or a range, or a list) </li></ul></ul></ul><ul><ul><li>How to access a host (end-point) </li></ul></ul><ul><ul><ul><li>Credentials available (for logging in) </li></ul></ul></ul><ul><ul><li>Where the Windows Slave is installed </li></ul></ul><ul><ul><ul><li>This is covered is depth later in the course </li></ul></ul></ul>
    4. 4. The Discovery Process <ul><li>Scan of an IP range via the discovery run: </li></ul><ul><ul><li>The discovery engine tries each IP address in the range looking for endpoints </li></ul></ul><ul><ul><li>Checks for matches in the exclusion list. </li></ul></ul><ul><ul><li>Determines the host and OS type (platform) </li></ul></ul><ul><ul><li>If the host has had a previous successful login, the same credentials will be attempted first </li></ul></ul><ul><ul><li>If not, login credentials will be attempted in the UI display order, UNIX first then Windows and finally SNMP </li></ul></ul><ul><ul><li>Run a platform-specific script, and potentially other commands, to learn about the device </li></ul></ul><ul><ul><li>Writes this information into the datastore </li></ul></ul>
    5. 5. Choosing IP Ranges <ul><li>Accessed Via “Add new run” </li></ul><ul><li>List individual machines to scan </li></ul><ul><ul><li>e.g. </li></ul></ul><ul><li>Choose subranges </li></ul><ul><ul><li>e.g. </li></ul></ul><ul><li>Choose subnet Mask </li></ul><ul><ul><li>e.g. 192.168.1/24 </li></ul></ul>
    6. 6. Scheduling Runs <ul><li>Can add an ad-hoc (snapshot) or scheduled discovery runs </li></ul>
    7. 7. Choose the Scanning Level <ul><li>Sweep scan </li></ul><ul><ul><li>Is there anybody there? </li></ul></ul><ul><ul><li>Note: Host nodes will NOT be created at this level </li></ul></ul><ul><li>Host Identification - basic host information </li></ul><ul><li>Host Information - run discovery commands but not patterns </li></ul><ul><li>Full discovery - the works </li></ul>
    8. 8. What Scanning Level to Use <ul><li>For general use: Full Discovery </li></ul><ul><ul><li>to ensure the most amount of information is recovered </li></ul></ul><ul><li>During initial deployment: Sweep Scans </li></ul><ul><ul><li>to get a rough understanding of the environment before configuring credentials </li></ul></ul>
    9. 9. Discovery Protocols <ul><li>Without logging in </li></ul><ul><ul><li>Telnet banner scraping </li></ul></ul><ul><ul><li>Port scanning </li></ul></ul><ul><ul><li>HTTP HEAD </li></ul></ul><ul><li>Logging in </li></ul><ul><ul><li>SSH, rlogin, telnet </li></ul></ul><ul><ul><li>WMI, remcom, rcmd </li></ul></ul><ul><ul><li>SNMP </li></ul></ul>Port scanning, telnet banner, HTTP HEAD ssh, telnet, rlogin, SNMP, rcmd
    10. 10. Scanning Credentials <ul><li>You can add credentials for single devices and ranges </li></ul><ul><ul><li>Can use regex wildcards </li></ul></ul><ul><ul><li>Will be tried in display order </li></ul></ul><ul><li>Login credentials </li></ul><ul><li>SNMP credentials </li></ul><ul><li>Database credentials </li></ul>
    11. 11. Login Credentials <ul><li>Can create credentials for a singe device ip or range </li></ul><ul><ul><li>Can use regex (.* or 10.10.10.(23|25)) </li></ul></ul><ul><ul><li>or a range specification ( 10.10.10.* or 10.10.1-5.* or </li></ul></ul><ul><li>Will try each credentials in the order displayed </li></ul><ul><ul><li>By default, will store the last successful credentials for each host to use in future runs </li></ul></ul>
    12. 12. Setting SNMP Credentials <ul><li>SNMP credentials are called community strings </li></ul><ul><ul><li>Use or request a readonly (RO) string for tideway discovery </li></ul></ul>
    13. 13. Add Exclude Ranges <ul><li>Add IP ranges of hosts that should NOT be included in discovery </li></ul><ul><li>Useful for excluding sensitive or fragile hosts </li></ul>
    14. 14. Discovery Results
    15. 15. View Discovery Results <ul><li>Can look at the types of data recovered </li></ul><ul><ul><li>DDD (Directly Discovered Data) </li></ul></ul><ul><li>View discovery access reports </li></ul><ul><ul><li>Reporting on discovery as a whole </li></ul></ul>
    16. 16. View Discovery Runs <ul><li>View statistics of an individual discovery run </li></ul><ul><li>Can drill down to view the host details page or details from DiscoveryAccess </li></ul><ul><ul><li>Skipped or error results </li></ul></ul><ul><ul><li>Some no access details </li></ul></ul><ul><ul><li>No Response (dark space) </li></ul></ul><ul><ul><li>Errors </li></ul></ul>
    17. 17. Further Information <ul><li>Online Documentation: </li></ul><ul><ul><li> </li></ul></ul>Tideway Foundation Version 7.2 Documentation Title
    18. 18. Basic Scan Exercises