You are on page 1of 66

Best Practices Guide: Retina

Vulnerability Management Solution


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Table of Contents

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Introduction
Deployment Recommendations

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Data Discovery



















Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Recommended Scan Throttling Settings for Bandwidth Control

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Credential Scanning Settings for Windows Hosts

In order to properly scan Windows machines (Including Vista and 2008 Server), please check and
perform the following:

1. Local security policy setting: "Network access: Sharing and security model for local accounts" is set
to "Guest".

Purpose: For the specified account used when scanning remotely to inherit its local permissions, this
needs to be changed to "Classic" as follows (the same can be changed similarly from the Domain
policy):

2. Windows firewall is enabled by default and prevents remote access to both.

Purpose: Allows proper communication between the Retina scanner and the target host.

3. Remote registry is disabled by default.

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Purpose: For Retina to be able to read the registry keys and values, this service needs to be enabled
as follows:

4. Local security policy setting: "Network access: LAN Manager authentication level" is set to "Send
NTLMv2 response only".

Purpose: The setting should match what is configured on the Retina scanner so that proper
authentication protocols are used. The option can be found as follows:

5. UAC (User Account Control) is enabled by default and can be disabled only from the registry. Please
note, this involves modifying the registry and the usual precaution about backing it up prior to
proceeding any further applies.

Purpose: In order to authenticate without UAC remotely, the below registry key must be set to
allow this. For further information visit: http://support.microsoft.com/kb/942817

Create the following registry key and value:

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


LocalAccountTokenFilterPolicy

Retina in a Virtual Environment

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina, Host Scanning Considerations

Exact versions of Brightstor for Novell are unknown

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


At least Veritas Netbackup 5.1 Maintenance Pack 6 is susceptible
Process bpjava-msvc.exe crashes upon a scan

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Scanning of Off-Line VMware Images

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Endpoint Protection Platform and Anti-Virus White Listing
Considerations

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Protection Agents - Special Server Considerations

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Scanning or Auditing UNIX or Linux Systems

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Restricting Database Scanning to Specific Databases:

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Creating an Address Group Import File
The RTI file contains multiple types of IP address notations that can be included or omitted. The file
format is a standard text file with a entry on each line.

To create an RTI file:

Example, the following is an RTI file with included and omitted IP addresses for Retina Network.

Beginning of file--
192.168.0.1
192.168.0.10-192.168.0.20
(192.168.0.15)
desktop.domain.com
192.168.1.0/24
(192.168.1.100-192.168.1.200)

Example, the following is a TXT file with included and omitted IP addresses for Retina CS

Beginning of file--
192.168.0.1
192.168.0.10-192.168.0.20
192.168.0.15 (1)
desktop.domain.com
192.168.1.0/24
192.168.1.100-192.168.1.200 (1)

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina CS Deployment Architecture

Notes:

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina CS and Insight Distributed Components, Services, and
Modules

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Distributed Deployment of Retina CS

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina CS Certificates

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
 Client Certificates

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


 Server Certificate Authority

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina CS Ports and Protocols by Component

Notes:

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina CS Cloud Security and Integration

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina CS and Windows Software Update Server (WSUS) Integration
Operational Description

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina CS and Windows Software Update Server (WSUS) for Offline
(Air Gapped) Networks

1. On the WSUS server where the contents are being exported from, i.e., the internet-facing WSUS
server, do the following:
a. Run the command line utility, <Drive>:\Program Files\Update Services\Tools\wsusutil.exe,
to export a .cab and .log file.

b. Copy or backup the <Drive>:\WSUS\WSUSContent folder.


c. Launch the MMC and add the Certificates snap-in. Export the third-party certificate.

Note: In Retina CS 3.1 or higher this export can be performed using the Retina CS
Configuration Utility; under Certificate Management.

2. On the air-gapped WSUS machine overwrite or merge the WSUSContent folder from step 1b
and import the cab file using the wsusutil.exe import function, i.e., wsusutil.exe import
<packagename.cab> <logfile.log >.
3. Import the third party certificate into the air-gapped WSUS server.

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


4. If the air-gapped Retina CS is using SSL (port 8531 or 443) to connect to the air-gapped WSUS
server, you can import the certificate into WSUS via the Retina CS UI via the Third Party
Certificate tab in the patch management configuration screen.

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina CS and System Center Configuration Manager (SCCM)
Integration Operational Description

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina CS and Remedy Ticketing Integration Operational
Description

Auto Purging of Scan Job in the Retina Network Security Scanner

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Creating Custom Benchmarks

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Air Gapped Networks

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Name:James Smith Email:James.Simth@Number1Clien
t.com
Title: Security Engineer Company:Number 1 Client
Phone:5165551900 Fax:
Address:5400 Main Street
City:Westbury State/Region:
 NY
Zip/Postal Code:92617 Country:
 United States
Product Reference Code:D0B4-3TGVC-OP8AQ-8E3C-2896-OU812

Previous License Tracking Code:

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Debugging SSH Authenticated Scans

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Role Based Configurations for UVM Appliances

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina CS and PowerBroker for Unix/Linux







Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Protection Agent and PowerBroker EPP Deployment

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Network Security Scanner Command Line Installation

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Insight/SSRS “Include Link” Subscription Reporting

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


*

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.


Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.
About BeyondTrust

Retina Solution, Best Practices Guide © 2013. BeyondTrust Software, Inc.

You might also like