Focus:
1. Public settings for policies in the policy editor:
Common settings
The Common Settings folder contains global settings that can be enabled for a policy. Some of these settings may apply to a group of vulnerability checks, decreasing the amount of time needed to enable all the checks that use the setting.
The public setting folder includes global settings that can be activated for policy settings. These may apply a set of weaknesses checking, using this setting to reduce the time spent on all allowed settings.
Configure public settings:
1. Brute Force Lists Enforcement List
Miscellaneous default multi-item default VAX / VMS DEFAULTS Virtual Address Expansion / Tiger Storage System
VAX / VMS DEFAULTS UNIX Linux NIS Linux Network Information Services
Use default login file Using the default login file (Default.login)
2. Brute Force Options Mandatory Options
This Common Setting Attempts Password Checks on Names Derived from finger or netbios checks.
An attempt is checked by a naming source from the finger or NetBIOS. Three ways: a, reverse naming as a password
B, the real name is a password C, the account is a password
3. The E-mail options e-mail option finds the message receiver after the weak point
4. Host Pinger
Two settings: a. The number of times B is scanned each time. Interval (milliseconds) per ping
5. HTTP Ports A, HTTP port default (80 and 8080) B, HTTP security port (443)
6. Internal Network A, IP Addresses Format: XX-YY, ZZ, BB-CC B, Include Key IP Range (s) C, Domains D, Use Whois E, WHOIS Server Whois is about where is the database
7. IP Spoofing IP Deceive A, Spoof Lists (Don't Use Source) B, Spoof Source (IP Address)
C, spoof user (default to root) use username to spoof test
8. NFS depth subdirectory depth
9. NT logon sessions
10. Phase Limit The number of secret scanned segments, the greater the value of the segment, the better
11. RWHOD Message Sends information for background mail programs, if there is weak point, PS (The Process Status Command Display Information
12. SMTP session
This Common Setting Manages All Active Connections To SMTP Servers Running on Any Target Hosts.
This public setting management is connected to the activity of the SMTP service running on any target host.
A, Connection Timeout (in Seconds) Time (Second) B, Reuse Connections Re-Edorkly B, Reuse The Same SMTP Connections When Performing Multiple Security Checks Perform the same SMTP connection again when performing multiple security checks
13. SNMP Community File SNMP Group File
Filename: The name of a file this accessing the community name. Default: community.snmp file name: File name includes additional names used when accessing group names
14. Socks Host
Socks Target Host: The Target Host To The IP Address of a Host On The Other Side of the Socks Server. The Host You Specify Should Be Running At Least One FTP, Telnet, SMTP, HTTP, POP3, or Finger Service.
Note: for this setting to function properly, you must enter an ip address in the box provided. If you do not have an actual socks host, use the ip address 127.0.0.1 Rather tour.
Attack target address: The host IP address of other SOCK servers is the target host, and the host you specify will run at least a service of FTP, Telnet, SMTP, HTTP, POP3, or Finger.
15. TCP SCAN
A, SOURCE Port: set the port to use as the source during a port scan. Note: if you set the source port to 0, your operation system.
Source port: Set a port used until a port is scanned. Note: If your port is set to 0, your operating system will be specified as the source port.
B, Enable Hard Close:. Close all active connections to a port after you have received information about the service running on that port To check the state and the status of an active connection to a port, open a command prompt and type netstat -a .
Allow hard shutdown: Turn off all active link ports after you receive the service that the service has run on the port. To check the status or active connection port status, enter: netstat -a at the command prompt: Netstat -a
With C Hard Close Port Range: The Port or Port Range Internet Scanner Uses To Close Any Active Connections To Ports That You Have Received Service Information About.
Hard closed port restriction: The limit range for active connection ports to ports.
16. Telnet Banners
Grab Banners: Determines IF A Telnet Server GeneRates Banner Data I Telnet Server Uses This Method To Determine Operating System Type. White robbing Title: If the Telnet service is a demand response to grab the title. ISS uses this method to determine the operating system type.
17. UDP Port Scanner
This Common Setting Controls How The UDP Port Scanner Probes Each Target Host.
Set how many UDP port scans each target host
Internet Scanner sends a collection of UDP packets to each UDP port to check if it is active, and then listens for a response. The type of response (or the lack of a particular type of response) indicates if the port is active.
ISS sends a package that collects each UDP port to check if it is an active status, and listening responses. If the port is active, specify by the response type (or missing the response type)
When Internet Scanner performs a UDP port scan, it can generate large amounts of network traffic, which can flood networks with low bandwidth or throughput. To minimize this risk, Internet Scanner lets you tune your scans to meet your individual network needs.
When ISS performs a UDP port scan, it can generate a lot of data, which will occupy the throughput of network bandwidth. This risk is the smallest, ISS makes you adjust your suitable personal network needs.
As the UDP port scanner uses the UDP and ICMP protocols, which are classified as unreliable protocols, results can vary between scans. To improve the accuracy of the scan, Internet Scanner lets you tune the scan to provide a higher degree of accuracy UDP port scan Using UDP and ICMP protocols, the scan is classified as an unreliable protocol.
A. Number of Probes Per Scan Default 10
B. Interval Between Probes (in Seconds) Interval (Second) Default: 5 seconds
18. WALK MIB Management Information Library Channel
FlexChecks
A flexcheck is a user-defined Check That Has Been Created To Scan Specific Network Environments for Vulnerabilities Or Other Conditions.
FlexCheck is user-defined inspections to specify a scanning network cyclone as a weakness or other network condition.
