What is SAINTmanager?

Download Report

Transcript What is SAINTmanager?

SAINTmanager Overview
Mark Keppinger
[email protected]
Senior Network Security Analyst
Network Services – Network Engineering
November 17, 2010
SAINT components and definitions
 SAINTmanager® - Remote Management Console
 SAINTnode® - Scanner for SAINTmanager
 SAINTstick® - Portable SAINTscanner and SAINTnode
 SAINTscanner® - Vulnerability Scanner
 SAINTwriter® - Report generator
 SAINTexploit® - Penetration Testing
 SAINTexpress® - Update module
A Brief History
SAINT® was based on SATAN

SATAN - Security Administrator Tool for
Analyzing Networks, released in 1995 no
updates

SAINT Corporation continued
development of SATAN and release it as
SAINT in July 1998

SAINT - Security Administrator’s
Integrated Network Tool
3
What is SAINTmanager?
 SAINTmanager™ is a remote
management console for SAINT
 One manager can control many SAINT
nodes and users
 Manager sends scan jobs to nodes
 Nodes send scan data back to manager
 OSU acquired the SAINTmanager option
Summer ‘09
4
Why SAINTmanager?
 Needed an enterprise solution for OSU
 Tried using N-copies of SAINTscanner
 DCA’s . . .
- know their environment
- know when and how often to perform
scans
- have the credentials to validate and
eliminate false-positive vulnerabilities
5
SAINTmanager Architecture
6
Communication
 Manager communicates with nodes
over a persistent connection on a TCP
port

Connection is initiated when a node
starts

Communication is encrypted over SSL

Default port is 1515

Manager updates nodes
7
User Interface
 SAINTmanager only runs in remote
mode

Users log in through a Web browser
 Port 1410/TCP used at OSU
 Can also run through Apache
(or another Web server)
8
SAINTnode System Requirements
 SAINTnodes requires:

A UNIX, Linux, or MAC OS

PERL

NMAP, SAMBA, OpenSSL, & OpenSSH

Optionally . . . Xprobe2, Oracle Instant
Client, Crypt-PasswordMD5
9
SAINTmanager System Requirements
 Same as SAINTnode, plus:
• OpenSSL – for encrypting communication
between manager and nodes
• Perl-DBI and DBD:MySQL – for PERL to
interface with MySQL
 These tools are typically available as
package selections from your Linux
vendor
10
Benefits of SAINTmanager
Centralized management

One scan configuration can be pushed to
multiple nodes

Status of scans across the enterprise can
be checked from one place

Data from entire enterprise can be
analyzed in a single report
11
Benefits of SAINTmanager, continued
User management

Users can be created with different roles
on different nodes

Roles can be created to allow specific
capabilities to be granted or denied
12
Benefits of SAINTmanager, continued
 Ticketing

Tickets can be automatically assigned to
users based on a set of rules

Remediation status of each vulnerability
is tracked

E-mail notification of new tickets
13
SAINTmanager Licensing
 Licensing is based on number of nodes
 Limit on number of nodes is enforced by
license key
 Licensing of SAINT remains the same for
nodes

Based on target IP addresses or networks

Manager will distribute new keys to nodes
14
SAINTmanager Updates
 Manager gets updates by
SAINTexpress
 Manager also caches updates for
nodes
 Nodes get updates from manager
 At OSU a cronjob runs every Saturday
at 08:00
15
Users
 A user is an individual who is allowed
to log in to SAINTmanager using a
unique login name
 Each user can be assigned any
number of roles on any number of
nodes
 What a user is or isn’t allowed to do is
determined by his or her assigned
roles
16
Roles
 A role is a set of permissions
 Several default roles are included
 Permissions include global and nodespecific permissions
17
Permissions
 Global permissions are permissions
on the manager itself

Ability to view, modify, or create users,
roles, or rules
 Node-specific permissions are
permissions on specified nodes

Ability to view or modify hosts or tickets

Ability to run scans or view results
18
Default Roles
Four type of default roles:

Super Admin

Admin

SAINT Administrator

SAINT User
OSU added role:
RO – Read Only (DCA account)
19
Super Admin Role
 The Super Admin role grants full
global and node-specific privileges
 The default superadmin user has this
role on all nodes
 Assign this role to a user who is
responsible for creating and managing
nodes and other users
20
Admin Role
 The Admin role grants the ability to:

View and modify rules and hosts

View, modify, assign, and close tickets
 Assign this role to a user who is
responsible for supervising the scanning
and remediation operations on a node
21
SAINT Administrator Role
 The SAINT Administrator role grants
the ability to run scans and view
results
 Assign this role to a user who is
responsible for running or scheduling
scans on a node
22
SAINT User Role
 The SAINT User role grants the ability
to view results and modify tickets
 Assign this role to a user who is
responsible for vulnerability
remediation following a vulnerability
scan
23
This concludes SAINTmanager Overview
Any Questions?
(before proceeding to the demo and
SAINTstick usage drawing)
http://SaintMgr.nws.oregonstate.edu:1410
Username: DCA Password: ViewOnly
[email protected]
24