2. www.rac.cz
RiskAnalysisConsultants
V060420
RAC QualysGuard InfoDay 2013 2
Kategorizace aktiv
K čemu je potřeba
Základní jednotka v Qulaysu – IP adresa
Není přehledná, vhodná do malých rozsahu 16-32 IP
Větší množiny IP – „Asset group“
Co umožnují „Asset groups“
Umožnují spustit testy více IP najednou
Každá IP může být ve více „Assets group“
Spouštění scanů, reportování dle jednotlivých „Asset groups“
Přidělování přístupových práv
5. • Asset Groups for Reports have different requirements. Each
department needs information about their responsibilities(Server
Admin vs. Desktop Admin)
•
−
−
6. www.rac.cz
RiskAnalysisConsultants
V060420
RAC QualysGuard InfoDay 2013 6
Výhody
Jednoduchý systém
Přehledná přístupová práva
Scan : report : přístupová práva - poměr 1:1:1
Nevýhody
Nemožnost složitější kategorizace, řeší se pomocí složitějších
názvů, příklad:
Praha_DMZ_Windows_servery
Brno_DMZ_Unix_servery
LAN_prvni_patro
apod..
Není možné třídit, žádné automatické změny
Položky (Location, Division) téměř nikdo nepoužívá
Současný stav - shrnutí
19. www.rac.cz
RiskAnalysisConsultants
V060420
RAC QualysGuard InfoDay 2013 19
Tagy poskytují následující výhody
Dynamické použití výsledků scanů k třídění aktiv
Možnost libovolné logiky, možnost vyhledávání
Vhodné pro rozsáhlé sítě
Hierarchická struktura tagů, např. dle lokality nebo logických
skupin (databáze, operační systémy)
Nevýhod
Obtížnější správa
V určitých případech menší přehlednost
Postupný vývoj s každou verzí, není zatím zcela plná
funkčnost, zatím není např. implementováno v tiketech
Shrnutí Asset Management
Notas do Editor
In the past the security organization would look at a subnet and look at discovered devices and vet those devices for interesting items to scan.
Tags You Start With The service creates some initial asset tags based on the existing objects (configurations) in your account, and these are not assigned to assets automatically to start. When you go to the Asset Management application you’ll see the tags that have been created for you. Asset Groups. The service creates an Asset Groups tag and a sub-tag for each of the asset groups defined in your subscription. For example, if you have asset groups called Unix and Windows, you'll have a tag called Asset Groups, which will sub-tags called Unix and Windows. Business Units. The service creates a Business Units tag and a sub-tag for each of the business units defined in your subscription. For the Unassigned business unit, the service creates a sub-tag called Global. For a custom business unit, the service creates a sub-tag with the business unit’s name. For example, if your business units are called EU and US, you'll have a tag called Business Units, which will have sub-tags called Global, EU and US. Malware Domain Assets. If Malware Detection Service (MDS) is enabled for your subscription, the service creates a Malware Domain Assets tag. Web Application Assets. If Web Application Scanning (WAS) is enabled for your subscription, the service creates a Web Application Assets tag.
Creating and Assigning Tags The tags you start with be edited and you can create more using the Asset Search Portal and the Asset Management application. How To’s Create asset tags using Asset Search. An asset search can be saved as an asset tag and the search criteria is saved as a dynamic tagging rule. Go to VM > Assets > Asset Search. Specify the host attributes you want to search for and then click Create Tag. The service creates a new tag with a dynamic tagging rule based on your search criteria. Within the Asset Management application, the new tag appears in your tag tree as a sub-tag below the "Asset Search Tags" parent tag. Create asset tags using Asset Management. You can create asset tags and manually assign them to assets, but the most powerful use of tags is accomplished by creating tags with dynamic tagging rules. For each asset tag the service automatically assigns assets based on a tagging rule that you define. We’ll show you how easy it is to do this. Select Asset Management from the application picker, click the Tags tab and then click the “Create tag” button.
You have multiple rule engines to choose from. For example, you may define a rule for tagging hosts that have a specific operating system or a particular software application and version installed. For this example we've selected Operating System Regular Expression. In the field provided, enter a regular expression (PCRE format) to identify the operating system to be tagged. You have the option of testing whether the rule applies to selected assets.
Applications, Ports and Services Inventory Computer attackers look in target organizations for vulnerable versions of software that can be remotely exploited. The New Data Security Model enables QualysGuard to show you what applications and services are installed in your environment through an easy to search inventory. The services updates this inventory automatically as new scan results become available in your account. This inventory gives you up to the minute visibility on software and network ingress points so you can properly defend and secure your assets. To search and view installed applications, go to VM > Assets > Applications. To search and view installed services, go to VM > Assets > Ports/Services.