《SCAP及相关漏洞扫描器和OVAL SC介绍》由会员分享,可在线阅读,更多相关《SCAP及相关漏洞扫描器和OVAL SC介绍(18页珍藏版)》请在装配图网上搜索。
1、SCAP & Vulnerability Scan王珩 2012-10OVALs Vulnerability Definition One of OVALs major tasks An example OVAL definition (ms08-067) need authenticationSCAP Validation ProgramAn information technology (IT) security product vendor can obtain validations from NIST for the following SCAP Capabilities: Fede
2、ral Desktop Core Configuration (FDCC) Scanner Authenticated Configuration Scanner Authenticated Vulnerability Scanner Unauthenticated Vulnerability Scanner Intrusion Detection and Prevention Patch Remediation Mis-configuration Remediation Asset Management Asset Database Vulnerability Database Mis-co
3、nfiguration Database Malware ToolFrom “NIST SCAP Validation Program Test Requirements Version 1.0 (DRAFT)”Requirements Requirements for SCAP Validated Vulnerability Scanner (Authenticated / Unauthenticated) CVE.R.1 CVE.R.6 CPE.R.1 CPE.R.4 CVSS.R.1, CVSS.R.2 CVE.R.1: The products documentation (print
4、ed or electronic) must state that it uses CVE and explain relevant details to the users of the product. SCAP Validated Vulnerability Scanners Authenticated Vulnerability Scanners:SCAP Validated Vulnerability Scanners Unauthenticated Vulnerability Scanners:RetinaCore IMPACT ProfessionalFrontline Vuln
5、erability ManagerVulnerability ManagerIP360QualysGuard FDCC Scanner NeXpose Vulnerability Scanner SCAP & SRAS SRAS:Symantec Risk Automation SuiteCVE in SRAS Importing CVE1. Current CVE definition files can be downloaded from NIST at http:/nvd.nist.gov/download.cfm#CVE_FEED. Once downloaded copy the
6、downloaded checklist(s) to the folder “C:/Program Files/Symantec Technologies/SFPolicyEvaluator” on the SRAS Portal. 2. Type “policyevaluator -h” to view the import options and syntax.CVE in SRASXCCDF in SRAS Importing XCCDF (SCAP Datastrem) Download the desired SCAP checklist from the NIST NVD webs
7、ite: http:/nvd.nist.gov/scapchecklists.cfm or http:/fdcc.nist.gov/download_fdcc.html for FDCC. Run following commands: Policyevaluator -importcpe policyevaluator -importoval policyevaluator -importoval policyevaluator -importoval policyevaluator -importxccdf XCCDF in SRASOVAL SC OVAL System Characte
8、ristics XML encoding of the details of a system file versions running processes patches installed etc. provides a snapshot of the system save for auditing purposes use for analysisAn OVAL SC File Generator System Info Collected Objects System Data Digital SignatureGenerator Section Information about
9、 how the OVAL Document was created product name product version schema version timestamp Not about the content, but about the document! OVAL Definition Interpreter 5.3 5.3 2006-10-12T18:13:45 Collected Objects Section Provides a mapping from the objects specified by an OVAL Definition to the set of
10、items collected on a host. . C:Program Files . A Sample SC File Windows XP SP3 FDCC SC FileSC File Generators OpenVAS Use oval-sc scan config file OVALdi Ovaldi m o Oscap Oscap oval collect xxx.xml Scripting Languages? Make probe in scripting languageSC File Evaluators OVALdi ovaldi -m -o d:labSCAPovaloval-definitions-2010.xml -i d:labSCAPovaloval-sc-debian-lenny-sample.xml -a d:labSCAPoval OpenSCAP
SCAP及相关漏洞扫描器和OVAL SC介绍
