Q: Why is vulnerability scanning important?A: Vulnerability scanning is an important part of a Web site's overall security because traditional security measures such as firewalls and intrusion detection systems are not enough. Retina, the Network Security Scanner, scans, monitors, alerts, and automatically fixes network security vulnerabilities, and allows IT managers to ensure that their systems are not vulnerable to the latest attacks. Q: What is the difference between an IDS (Intrusion Detection System) and a vulnerability scanner?A: If you were comparing securing a network to securing a home, an Intrusion Detection System would be the burglar alarm. An IDS is triggered when someone attempts to enter your network. A vulnerability scanner, on the other hand, is like the home security consultant. Its role is to proactively examine the home, or network, looking for vulnerabilities including various entry points, the integrity of the firewalls and IDS systems and so on. Q: I have a firewall in place. Do I still need to run vulnerability scans on my network?A: Yes. Most hacks nowadays are done through existing firewalls. In addition, 70%-80% of hacks are done internally, or with the help of someone on the inside. A network scan with Retina detects both internal and external penetration vulnerabilities and helps you patch them. Q: Does Retina scan machines running UNIX?A: Yes. It includes scans of most Unix operating systems (Solaris, Linux, *BSD etc...) In other words Retina is capable of scanning UNIX stations but can only be installed on Windows NT 4.0 / Service Pack 3.0 or higher or Windows 2000. Q: What is the "Fix it" feature? And can you schedule Retina to run scans at a specific time?A: "Fix it" is an easy method to correct common problems with Windows NT and 2000 Systems that would normally require a manual Registry Edit. Clicking on Auto-Fix will make the required Registry changes for you, automatically. Retina can run scheduled scans at a pre-determined frequency so you can specify the exact time for the scans. Q: Can Retina run a scan on a machine across the Internet? What types of reports does Retina generate?A: Yes, Retina includes features to compensate for variables such as network latency when running scans across the Internet. Regarding reporting, two options are available for reporting. The Technical Report contains the intricate details to satisfy IT personnel, and we have the Executive Report for high-level management summaries. Q: What are Common Hacking Attack Method (CHAM) Modules?A: CHAM Modules are a feature in Retina that attempt to exploit or overflow RFC compliant commands on various services such as SMTP. CHAM Modules can be used to find unknown vulnerabilities in the following services: HTTP, FTP, SMTP, and POP3. Q: Does Retina rely on a database of vulnerabilities? How can I update the database? And how often is the database updated?A: Yes, Retina relies on a comprehensive database of known vulnerabilities. eEye is constantly monitoring and contributing to ongoing discoveries and dissemination of security vulnerabilities in networks. eEye updates the Retina database on a weekly basis, and sometimes with more frequency if critical vulnerabilities are published in the interim. The product maintenance allows you to use the Auto Update feature in Retina to download the latest vulnerability checks from eEye as long as your maintenance is up to date. Q: I only run a small network. Do I still need Retina?A: With the advent of "script kiddies" (hackers who run massive scans of sites in search of vulnerable networks), hacking attacks are not only more frequent, but also no longer exclusive to big name organizations. Q: Our network is extremely complex and we have to run our own custom audits on top of yours. Can Retina integrate our audits?A: Yes, you will be able to integrate your owns scripts into the open API area of Retina, and thus monitor all vulnerabilities from one screen. Retina also has a custom audit “Wizard” feature that simplifies the process of building custom scripts and getting them integrated with the product. Q: How do I delete custom audits in retina?A: The retina audits information is stored in a Microsoft Access Database so you must have Microsoft Access installed to delete custom audits. To delete any custom audits you have added simply open the file C:\Program Files\Retina\Database\audits.mdb within Microsoft Access. Now scroll down to ID number 20000. Delete the entries from 20000 until the end of the table. You will now have removed all custom audits from Retina. Q: What does Retina Maintenance include?A: Retina Maintenance allows you to use the Auto Update feature in Retina to both update the software and to download the latest vulnerability checks from eEye Digital Security. This will allow you to remain current with Retina's latest features. Q: What types of reports does Retina generate?A: Two options are available for reporting. The Technical Report contains the intricate details to satisfy IT personnel, and we have the Executive Report for high-level management summaries. Q: Can you schedule Retina to run scans at a specific time?A: Yes, Retina can run scheduled scans at a pre-determined frequency for you can specify the exact time for the scans. Q: Does Retina support the auditing of wireless networks?A: Retina treats a wireless network like any other network. As long as Retina is installed on a supported operating system (Windows NT, Windows 2000, Windows XP) and you have network access to a system (whether it be wireless, or ethernet, or dial-up) then Retina will be able to audit the system for vulnerabilities. Q: How do I get Retina's auto update functionality to work through my web proxy?A: Simply setup your Internet Explorer web proxy settings and then the next time you run Retina's Auto Update it will use your Internet Explorer proxy settings in order to contact our website and retrieve updates. Q: Does Retina support any command line options?A: Yes. Retina supports the following command line option: /J[IPRAnge],[PolicyName],[DatabaseName],[ReportName] IPRAnge (Required) – Range of IPs you wish to scan. PolicyName - Name of policy you wish to use. If no policy is given, then the default policy is used. DatabaseName – If no database name is given, a database will be created using the current date and time stamp. ReportName - If no report name is given, a report will be created using the current date and time stamp. The commas are required, even if an optional parameter is omitted. Examples: retina.exe /j192.168.1.[135-140],abc.rtp, c:\retina\abc\abc.rtd,c:\retina\abc\abc.html retina.exe /j192.168.1.129,,,c:\retina\abc\abc.html Q: In Retina I set up a policy that only scans for a small number of open ports. For some reason when I do that Retina displays information about ports being CLOSED and FILTERED whereas when I scan for all ports such CLOSED and FILTERED information is not displayed. What is causing this?A: Retina does not display CLOSED and FILTERED ports if, when scanning a target system, more than 30 FILTERED or CLOSED ports were found. This is done so as to not clutter up the Retina ports list. However, Retina will display the CLOSED or FILTERED ports if less than 30 ports were found. This is done to aide in mapping firewall configurations as firewalls typically have a smaller number of specifically filtered ports. More Information
|
Retina FAQ's