Lumension PatchLink Scan

PatchLink Scan Overview:

PatchLink Scan is a complete stand-alone network-based scanning solution that performs a comprehensive external scan all of the devices on your network, including servers, desktop computers, laptops, routers, printers, switches and more. By leveraging the powerful, yet easy to use PatchLink Scan, you are able to identify weaknesses before they are exploited.

Rapid and Complete Asset Discovery and Inventory

The first step in securing your environment is understanding what devices and vulnerabilities are currently identified. You can only secure the devices you know about. PatchLink Scan thoroughly identifies and inventories all of the assets running on your network, including servers, desktops, laptops, routers, switches, printers, wireless access points, and more. This discovery can be performed using multiple inclusions and exclusions of IP ranges, Active Directory OU queries, Host names, Network Neighborhood enumerations, and imported lists. And discovery methods can be used separately or in conjunction, as PatchLink Scan transparently merges all results into a single, cohesive asset list.

Extensive information provided for each discovered device

Thorough, Network-Based Vulnerability Assessment

PatchLink Scan provides accurate and thorough vulnerability assessment using safe, adaptive network-based scanning techniques against a comprehensive vulnerability database. The PatchLink Vulnerability Assessment Solution was designed to deliver a solid balance of scan speed and accuracy via its adaptive scan techniques and false response correlation technology. Through deep inspection of target systems that includes redundant file attribute and registry value correlation, as well as SSH tunneling and authenticated OS fingerprinting refinement, the scanner identifies all software threats, including missing patches, out-of-date antivirus signatures, worms, trojans, and more. The scan also runs detailed configuration checks on ports, users, shares, groups, agents and services. To guarantee thorough analysis, the solution is able to adapt its scanning technique based on its level of access, with the ability to run anonymous scans against target systems upon which it cannot authenticate.

Detailed information provided for each identified vulnerability

Flexible and Adaptive Scanning

Complex enterprise network infrastructure and ownership does not always guarantee that systems will be easily accessible or that administrative privileges are available to assessment teams. PatchLink Scan is capable of adapting its scanning technique based on its access-level to target systems. In addition to credential-based scanning, PatchLink Scan performs anonymous scans on target systems to which it cannot authenticate. With these null-credential interrogations, it performs a multitude of enumeration techniques including in-depth OS fingerprinting, null session enumeration, port scanning, service identification, and protocol verification. Scan configuration with PatchLink Scan is simple and flexible, allowing scans of specific machines, groups, vulnerabilities or other criteria. The template-based scans can be set up to run at predefined intervals, and multiple scans can be merged together to form a more comprehensive security posture.

Vulnerability Prioritization

PatchLink Scan prioritizes identified vulnerabilities based on critical asset and vulnerability score-carding to aid in the remediation process. The solution also provides remediation information and recommendations for implementing corrective action. This resource database of more than 4,000 vulnerabilities is based on the knowledge of a team of expert security engineers who continually research security advisories, knowledge base papers and professional security group articles to ensure that you have the latest vulnerability information.

Remediation Detail	Remediation Description (All vulnerabilities contain this level of detail)
Name	The common industry tracking name for the vulnerability
Description	A short description of the vulnerability and potential exploits
Version	PatchLink Scan release when the vulnerability check was added to our database
Type	The exploit technique (191 Types) e.g. Buffer overrun, Man-in-the-middle
Category	The exploit grouping (71 categories) e.g. Denial of Service, Privilege Escalation
Severity	High, Medium, Low, Warning, Information
References	CVE, Bugtraq, CERT, SANS, FEDCIRC, CIAC, DOD, ACERT, NAVCIRT, MS, Q, AFCERT, HP Package, RedHat Advisory, Mandrake Advisory, Progeny Advisory, Fedora Advisory, SUSE Advisory, Sun Package
Reference Links	Links to Multiple security pages regarding particular vulnerabilites
Solution	Our tested remediation instructions
Application(s)	The impacted executable files or DLLs
Specific Info	Lists the registry and file reference for the vulnerability

Table 1: Detailed Vulnerability Information with Tested and Proven Remediation Instructions

Comprehensive Management & Audit Reporting

To provide insightful and concise views of the security posture of your network, PatchLink Scan includes a wide range of executive summary and detailed administrative reports. The reports can include aggregated or detailed information on scan configurations, vulnerabilities, policy compliance and more, enabling quick analysis of potential threats and severity levels to help you determine the best action plan. The reporting capability provides simple point and click capability to quickly ascertain the enterprise security posture relative to common industry tracking mechanisms such as SANs Top 20.

Comprehensive scan and vulnerability reporting

How it Works

• Vulnerability updates are securely downloaded to your server(s) from the PatchLink security repository
• PatchLink Scan sweeps the network to identify and inventory all network devices and prepare a comprehensive assessment scan
• Administrator evaluates assessments against vulnerability database and prepares executive, administrative and compliance reports

Industry & Government Certifications
 

Industry Compliance Section 508 SANS Top 20 MITRE CVE Common Criteria EAL2

U.S. Government Certifications U.S. Army ACERT Approved Products List U.S. Navy SPAWAR Preferred Products List U.S. DOD DISA Type Certification Approved Product for Homeland Security under the Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act

 

PatchLink Scan Vulnerability Category Types
 

Access Control Account Permission Account Policy Anti-Virus Arbitrary Code Execution Arbitrary Code Injection File Access Audit Policy Authentication Best Practice Banner Boot Buffer Overflows And Overruns Certificate Clear Text Protocol Cross Site Scripting Cryptography Data Integrity Denial Of Service Devices Design Error Directory Traversal Display

Domain Controller Encryption Error Message Exception Handling File Permission Folder Permission Forgery Ftp Guest Access Hijacking Implementation Flaw Information Disclosure Informational Input Validation Log Logon Macro Malware Out Of Date Software Legacy Operating Systems Overwrite Password Patch

Performance Permissions Policy Privilege Elevation Registry Remote Execution Root Privilege Service Service Pack Shutdown Spoofing Symlink Attacks System Integrity Tampering Test Unauthorized Access Unauthorized Read Unauthorized Write Unsafe Code User Rights Web Browser Specific

Features & Benefits:

• Adaptive Scanning - The most accurate vulnerability assessment scan using flexible network-based scanning techniques based on access-levels including credentialed and null based. Also, perform ad hoc scans that can target one or many machines and specific vulnerabilities.
• Auto Updating - Schedule and automate recurring scan tasks to run on a daily, weekly or monthly basis.
• Complete Asset Discovery - Identifies all network devices and performs configuration and informational checks on ports, services, users, shares and groups
• Comprehensive Vulnerability Coverage - Over 4000 vulnerability audits with wide support across Windows, POSIX and infrastructure devices. Vulnerability audits include security configurations, OS and application vulnerabilities, null passwords, patch-level related vulnerabilities, known hacking tools, malware, common worms, and P2P software checks.
• Comprehensive Reporting - Ability to create and export (RTF, PDF, HTML, etc) numerous high-level or detailed reports of all scan data to confirm policy and regulatory compliance
• Consolidated Views - Multiple scans can be merged together to form a more comprehensive security posture.
• Highly Scalable - Highly scalable architecture due to its modular components which can be installed on the same or separate systems and scaled-up as needed. Multiple instances of the scanner scan engine can be deployed across the enterprise, controlled remotely or locally. As the number of systems on the network increase so can the number of engines performing the scans.
• Non-Disruptive Scanning - Designed to safely scan for vulnerabilities using standard networking protocols with minimum impact to your network. Never employs malicious vulnerability attacks; scanning methodology uses safe standard networking protocols and API’s.
• Remediation Recommendations - Extensive vulnerability database with informational resources and remediation recommendations
• Risk-Based Prioritization - All scanned systems are evaluated and prioritized according to asset value and vulnerability criticalities using straight-forward equations. All systems are then listed by risk severity to help focus and prioritize remediation efforts.
• Role-Based Administration - Enables distributed management of scan activity by user roles
• Common Criteria EAL2 Certified - The Common Criteria Evaluation and Certification Scheme (CCS) Certification Body has asserted that PatchLink Scan complies with the all specified security requirements

Requirements:

Minimum System Requirements:
 

Processor Requirements:	Pentium® compatible 1 GHz
Memory Requirements:	512 MB RAM
Disk Capacity Requirements:	20 GB available disk space
Display:	Monitor resolution 1024 x 768
Operating System:	Windows XP Professional SP2 Windows Server 2003 SP1

 

Supported Systems:
 

OS / Version	Discovery	Assessment
3com / Router, Switch	X
BSD Unix / Net, Free, BSDI	X
Cisco / IOS, CatOS, PIX	X	X
Cisco VPN	X
Foundary / Router, Switch	X
HP / HP-UX 10.x and later	X	X
HP / Tru64 4.0F and later	X	X
IBM AIX	X
Juniper / JunOS	X
Linux / Fedora (6,7)	X	X
Linux / Mandriva (7.0, 7.1)	X	X
Linux / Red Hat (Enterprise 2.1, 3, 4, 5)	X	X
Linux / SuSE Open/Enterprise (9, 10.0, 10.1, 10.2, 10.3)	X	X
Mac OS X	X	X
Nortel Switch	X
OpenBSD / 3.8 and later	X	X
Printers / Canon, Epson, Tektronix	X
Printers / HP Networked	X	X
Printers / Lexmark	X
Sun Solaris / 2.5 and later	X	X
Windows (generic)	X
Windows / 2000, XP, 2003	X	X
Windows / Vista, 2008	X	X
Windows / XP Embedded	X	X
Wireless Access Point	X

Documentation:

Download the Lumension PatchLink Scan Datasheet (PDF).