What is SAINTmanager?
Download
Report
Transcript What is SAINTmanager?
SAINTmanager Overview
Mark Keppinger
[email protected]
Senior Network Security Analyst
Network Services – Network Engineering
November 17, 2010
SAINT components and definitions
SAINTmanager® - Remote Management Console
SAINTnode® - Scanner for SAINTmanager
SAINTstick® - Portable SAINTscanner and SAINTnode
SAINTscanner® - Vulnerability Scanner
SAINTwriter® - Report generator
SAINTexploit® - Penetration Testing
SAINTexpress® - Update module
A Brief History
SAINT® was based on SATAN
SATAN - Security Administrator Tool for
Analyzing Networks, released in 1995 no
updates
SAINT Corporation continued
development of SATAN and release it as
SAINT in July 1998
SAINT - Security Administrator’s
Integrated Network Tool
3
What is SAINTmanager?
SAINTmanager™ is a remote
management console for SAINT
One manager can control many SAINT
nodes and users
Manager sends scan jobs to nodes
Nodes send scan data back to manager
OSU acquired the SAINTmanager option
Summer ‘09
4
Why SAINTmanager?
Needed an enterprise solution for OSU
Tried using N-copies of SAINTscanner
DCA’s . . .
- know their environment
- know when and how often to perform
scans
- have the credentials to validate and
eliminate false-positive vulnerabilities
5
SAINTmanager Architecture
6
Communication
Manager communicates with nodes
over a persistent connection on a TCP
port
Connection is initiated when a node
starts
Communication is encrypted over SSL
Default port is 1515
Manager updates nodes
7
User Interface
SAINTmanager only runs in remote
mode
Users log in through a Web browser
Port 1410/TCP used at OSU
Can also run through Apache
(or another Web server)
8
SAINTnode System Requirements
SAINTnodes requires:
A UNIX, Linux, or MAC OS
PERL
NMAP, SAMBA, OpenSSL, & OpenSSH
Optionally . . . Xprobe2, Oracle Instant
Client, Crypt-PasswordMD5
9
SAINTmanager System Requirements
Same as SAINTnode, plus:
• OpenSSL – for encrypting communication
between manager and nodes
• Perl-DBI and DBD:MySQL – for PERL to
interface with MySQL
These tools are typically available as
package selections from your Linux
vendor
10
Benefits of SAINTmanager
Centralized management
One scan configuration can be pushed to
multiple nodes
Status of scans across the enterprise can
be checked from one place
Data from entire enterprise can be
analyzed in a single report
11
Benefits of SAINTmanager, continued
User management
Users can be created with different roles
on different nodes
Roles can be created to allow specific
capabilities to be granted or denied
12
Benefits of SAINTmanager, continued
Ticketing
Tickets can be automatically assigned to
users based on a set of rules
Remediation status of each vulnerability
is tracked
E-mail notification of new tickets
13
SAINTmanager Licensing
Licensing is based on number of nodes
Limit on number of nodes is enforced by
license key
Licensing of SAINT remains the same for
nodes
Based on target IP addresses or networks
Manager will distribute new keys to nodes
14
SAINTmanager Updates
Manager gets updates by
SAINTexpress
Manager also caches updates for
nodes
Nodes get updates from manager
At OSU a cronjob runs every Saturday
at 08:00
15
Users
A user is an individual who is allowed
to log in to SAINTmanager using a
unique login name
Each user can be assigned any
number of roles on any number of
nodes
What a user is or isn’t allowed to do is
determined by his or her assigned
roles
16
Roles
A role is a set of permissions
Several default roles are included
Permissions include global and nodespecific permissions
17
Permissions
Global permissions are permissions
on the manager itself
Ability to view, modify, or create users,
roles, or rules
Node-specific permissions are
permissions on specified nodes
Ability to view or modify hosts or tickets
Ability to run scans or view results
18
Default Roles
Four type of default roles:
Super Admin
Admin
SAINT Administrator
SAINT User
OSU added role:
RO – Read Only (DCA account)
19
Super Admin Role
The Super Admin role grants full
global and node-specific privileges
The default superadmin user has this
role on all nodes
Assign this role to a user who is
responsible for creating and managing
nodes and other users
20
Admin Role
The Admin role grants the ability to:
View and modify rules and hosts
View, modify, assign, and close tickets
Assign this role to a user who is
responsible for supervising the scanning
and remediation operations on a node
21
SAINT Administrator Role
The SAINT Administrator role grants
the ability to run scans and view
results
Assign this role to a user who is
responsible for running or scheduling
scans on a node
22
SAINT User Role
The SAINT User role grants the ability
to view results and modify tickets
Assign this role to a user who is
responsible for vulnerability
remediation following a vulnerability
scan
23
This concludes SAINTmanager Overview
Any Questions?
(before proceeding to the demo and
SAINTstick usage drawing)
http://SaintMgr.nws.oregonstate.edu:1410
Username: DCA Password: ViewOnly
[email protected]
24