Asset Discovery

Overview

Vulnerability Assessment begins with discovery - of network assets. Asset Discovery provides an inventory of assets which you desire to be scanned. It involves addition of the resources present in your enterprise (the servers, workstations, laptops, routers, switches and others) into the Security Manager Plus enterprise setup for vulnerability scanning and assessment. Asset Discovery provides details such as IP Address, DNS Name, Operating System of all the network resources that was discovered.

Discover Assets

Assets can be added or discovered in any one or both of the following ways :

• Agentless mode - You enter hostname/IP address of the asset from the web interface of Security Manager Plus (SMP) and the Security Manager Plus server discovers and manages the asset for you.
• Agent-based mode - You install the Security Manager Plus Agent on a Windows system/host and it automatically registers to the SMP server and shows up in the web interface on the Assets tab.

Discovering Assets in the Agentless mode

Security Manager Plus provides you with a number of ways to discover your enterprise resources :

• DNS Name or IP Address

• Visit the 'Assets' tab
• Click on the 'New Assets' button
• Select the 'Host[s]' radio button.
• In the text box, type the type the DNS/host names or IP addresses of the network assets that you would like to discover.
• Multiple assets (can comprise both Windows and Linux OS) can also be specified here by separating each asset with a comma.
• Click on 'Discover' button to begin discovery.
• You would see a discovery in progress cycle till all the host are discovered. 
• If Security Manager Plus is not able to resolve any DNS Name, due to the host not being in network or has been switched off, then it would suitably warn you, stating "Could not resolve the hosts <host-name>". 

[0R]

• IP Range

• Visit the 'Assets' tab
• Click on the 'New Assets' button
• Select the 'IP Range' radio button.
• Enter the range of IP addresses of assets within a particular subnet  that you would like to discover (can comprise of both Windows and Linux OS).
• Click on 'Discover' button to begin discovery.
• You would see a discovery in progress cycle till all the host are discovered. 

The successfully discovered systems will be listed in the Assets view in the background.

Supplying Credentials

You can supply the credentials (username and password) required to login and detect/deploy missing patches and service pack, for individual hosts from the 'Assets' tab. 

Visit the Assets tab, and click on the icon against the host name in the Assets table. You can either specify user-defined credentials or use credentials defined in the Credential Library. Based on whether the system is Windows or Linux, enter the user name and password accordingly, to login to the system. Provide the information and click on 'Save' button. Once the credentials are configured, the icon against the system name changes to . 

Deleting host-specific credentials can be done only from the Admin tab --> Credential Library link --> Credential details table.

Type of credentials

• Windows - for Windows hosts. Specify system login username and password.
• Linux - for Linux hosts. Specify super user name and password to login.
• Others - for Windows hosts only. Current type supported: MSSQL - if the asset being discovered/scan has an MSSQL server installed and running, you can specify username & password of the 'master' database in the MSSQL server on this system. This credential will be used to login to the system.

Linux Credentials : various scenarios and what needs to be entered in the credential form

• 1. Assume a system has only one user Root with password authentication enabled (who can login remotely using ssh)
       Give root as user name for both 'Normal user' and 'Super user' login details and provide the passwords
• 2. System has only one user Root with PK Authentication setup
      Give root as user name for both 'Normal user' and 'Super user' login details. Provide the Private Key of the root user in the normal user PK text area.
• 3. System has a Root user and another user. Root cannot login remotely. Only after logging in as normal user, you can switch to super user
      Give the Normal user's user name and password in 'Normal user login details'
    Give the Super user's user name and password in 'Super user login details'
• 4. System has a Root user and another user. Root cannot login remotely. PK auth has been setup for normal user
      Give the Normal user's user name and the Private Key in the 'Normal user login details'
      Give the Super user's user name and password in 'Super user login details'

1. For Password authentication to work, PasswordAuthentication must have the value yes (or default commented) in /etc/ssh/sshd_config
2. To login as Root remotely, PermitRootLogin must have the value yes (or default commented).

Deleting Assets

You can delete the discovered assets using the 'Delete' button in the Assets tab. Deleting an asset will result in deletion of its scan result, provided the scanning for the 'to be deleted' asset has been already done.

Asset Scans

The discovered assets can be scanned from the Assets tab using the 'Scan' button after selecting the desired IP Address / DNS Name. You can also perform scans using any of the many provisions like : New Scan, Schedule Scan . Refer 'Scans' for more details.