IBM Internet Scanner

Overview:

The IBM Internet Scanner vulnerability assessment application helps provide the foundation for effective network security for your business.

Highlights:

• Minimized business risk. Internet Scanner finds the weak spots in your network to help you secure your critical assets and prevent compromises that may result in the loss of availability, integrity or confidentiality of critical business information.
• Preemptive protection from attacks. By assessing the security of your networked systems and prioritizing remediation tasks, Internet Scanner enables you to address high-risk vulnerabilities before they can be exploited in an attack. In fact, Internet Security Systems (ISS) was recently recognized by IDC as the worldwide market leader in network vulnerability assessment and management.
• Scalability. Whether used as a standalone solution for smaller organizations or combined with SiteProtector for enterprise-sized installations, Internet Scanner enables you to automate scans and prioritize discovered vulnerabilities to deliver the most effective response for your organization.

Internet Scanner helps minimize your risk by identifying the security holes, or vulnerabilities, in your network so you can protect them before an attack occurs.

Complete Vulnerability Management

Internet Scanner can identify more than 1,300 types of networked devices on your network, including desktops, servers, routers/switches, firewalls, security devices and application routers.

Once all of your networked devices are identified, Internet Scanner analyzes the configurations, patch levels, operating systems and installed applications to find vulnerabilities that could be exploited by hackers trying to gain unauthorized access.

Features:

Internet Scanner has scanned more electronic assets and identified more vulnerabilities at more companies in the past 10 years than any other vulnerability scanning product.

In fact, 19 of the world's 20 largest financial institutions rely on Internet Scanner for vulnerability assessment and management.

Key Features:

• Unlimited Asset Identification
  Internet Scanner helps you keep an accurate inventory of the electronic assets connected to your network. It identifies more than 1,300 types of devices using Transmission Control Protocol (TCP) stack fingerprinting and an integrated NMAP asset database. User-defined extensions can be added to the database to enable custom asset identification.
• Dynamic Check Assignment
  Internet Scanner's intelligent scanning agent increases scanning speed and accuracy by identifying the operating systems (OS) of target hosts, and then automatically running OS-specific checks to find vulnerabilities.
• Common Policy Editor
  Internet Scanner's easy-to-use Common Policy Editor gives you complete control of your scanning policies. 20 predefined policies, including the SANS Top 20 and X-Force Catastrophic Risk Index policies, allow you to quickly configure scans for your organization. The FlexCheck feature allows power users to write custom checks.
• Real-time Display
  Internet Scanner's real-time display options enable you to review scan results and monitor scans in progress to quickly identify vulnerabilities and vulnerable hosts.
• Vulnerability Catalog
  The Internet Scanner vulnerability catalog delivers in-depth information on vulnerabilities, including root causes, detailed descriptions and remediation steps. The catalog is produced by ISS' world-renown X-Force security research and development team.
• Comprehensive Reporting
  Internet Scanner delivers a large selection of reports that enable quick and easy information sharing across all levels of your organization. The more than 70 pre-defined reports include:
  • Executive reports
  • Line management reports
  • Technician reports
  • Trend reports
  • Operating system reports

Centralized Vulnerability Management Features Manage Internet Scanner agents with the SiteProtector management system for centralized vulnerability management.

• Enterprise-class Scalability
  When managed using SiteProtector, hundreds of Internet Scanner agents deliver enterprise-wide vulnerability management for even the largest organizations.
• Remote Scanning
  SiteProtector controls and operates scanning agents located in remote geographies and behind firewalls.
• Enterprise Reporting
  SiteProtector enables true multi-scanner/multi-scan enterprise correlation, aggregation and reporting. Management reports deliver concise information, while detailed operational reports assist technicians with vulnerability remediation. In addition, SiteProtector allows you to group information assets according to your enterprise layout and produce reports using that structure.
• Automatic Security Content Updates
  Using SiteProtector, updated security content can be applied automatically so that your vulnerability management system is continuously improving.
• Command Scheduler
  The feature-rich SiteProtector command scheduler enables you to run scans, generate reports and update vulnerability information automatically.
• Asset Management
  SiteProtector performs automatic, passive discovery of information assets, identifying new assets as they are added to your network. You can also import your company's assets from the active directory structure, import assets from external databases, and group assets easily.
• Real-time Display
  SiteProtector's real-time, flexible display options allow you to monitor vulnerability information at the macro level down to the micro level, with the ability to create custom analysis views that can be saved and shared with other users. The FastAnalysis feature delivers guided analysis, offering answers to the most common-context sensitive questions with a single click.
• User Administration
  SiteProtector allows you to manage user accounts and roles easily, including group-based user access control.

Internet Scanner Software:

Intelligent scanning agent
With dynamic check assignment, IBM Internet Scanner software will identify assets and unearth vulnerabilities with a high degree of accuracy and speed.

Policy management
The policy management feature of Internet Scanner software allows users to customize the policy used for scanning; it comes preloaded with 20 standard scanning policies. Specific features include:

• Twenty default scanning policies
• Custom scanning policy
• Derive new template capabilities
• Edit/change policy
• FlexCheck custom checks with custom executables (user-defined)
• Searchable policy system (search by common vulnerabilities and exposures (CVEs), wildcards or vulnerability names)

Administration, access and control
Internet Scanner software uses authorized administrative access to endpoints for in-depth scanning and identifies privileged administrative accounts to gather more information about network devices. Features include:

• Domain account registration and support
• Administrative access to supported endpoints
• Obfuscation of known account administration
• Database administration
• Enhanced command line interface
• Program file location specification
• Scanner data source name (DSN) modification
• Local logging

Asset identification
Uses stack fingerprinting techniques and imports information from already-existing asset databases within your organization. Identifies more than 1,300 asset types (operating systems and network devices):

• Integrated Networked Messaging Application Protocol (NMAP) fingerprinting
• User-defined fingerprinting
• Scan-time ping asset identification
• Host-file import
• Host-list generator
• Host-file export
• Range enumeration
• Domain name system (DNS) name
• Internet Protocol (IP) address identification
• NetBIOS name
• NetBIOS domain
• Operating system type
• MAC address
• IP-stack fingerprinting
• Open-port banner identification

Real-time display options
Presents information on screen for quick identification of vulnerabilities and vulnerable hosts. On-screen display functions include:

• Host view
• Vulnerability view
• Services view
• Accounts view
• Real-time activity monitoring with check progress
• Active session monitoring
• Scan status window
• Context-sensitive windows

Local scan control
Gives the scan operator more precise control over the scanner with tools that automate manual tasks like merging scan sessions. Features that save the scan operator time include:

• Scan now
• Stop scan
• Pause/resume scan
• MultiScan session support
• Merge scan sessions
• Edit sensor properties
• Denial of service check segregation
• IBM X-Press Update™ product enhancements

Comprehensive vulnerability catalog
Guides the user to the root cause of a vulnerability, detailed descriptions of the vulnerability, remediation steps to remove the vulnerability and reference links to obtain more information about the vulnerability. Provides expert security information, including:

• Local help
• Remediation information
• Reports based upon vulnerability information

Reporting
Allows quick and easy information-sharing across all levels of the organization. A comprehensive set of 74+ predefined reports includes:

• Executive reports
• Line-management reports
• Technician reports
• Trend reports
• Operating-system reports
• Foreign-language support
• Import custom reports

Internet Scanner software identifies several vulnerability categories

Backdoors Browser Brute-force password guessing CGI-bin Daemons Denial-of-service Distributed Component Object Model (DCOM) DNS E-mail Firewalls File Transfer Protocol (FTP) Information-gathering Instant messaging Lightweight Directory Access Protocol (LDAP) Microsoft® Windows® critical issues NetBIOS Network Network file system requirements

Network information system requirements Network sniffers Protocol spoofing Remote procedure call (RPC) Router switch Shares Simple Network Management Protocol (SNMP) Web scan Windows groups Windows networking Windows password checks Windows password policy Windows patches Windows policy issues Windows registry Windows services Windows users X-Windows

Internet Scanner is designed to identify vulnerabilities for more than 1,300 asset types, including the following operating systems

BeOS BSD generic Caldera OpenLinux Caldera UnixWare Cisco IOS Compaq True64 Conectiva Linux® Convex OS Debian Linux DG/UX EnGarde Secure Linux Fedora Core FreeBSD HP Apollo Domain/OS HP-UX IBM AIX® IBM AS/400® Immunix IRIX Linux-based OS Mac OS Mandrake Linux Microsoft Windows (all versions)

NEC EWS-UX/V NEC UP-UX/V NEC UX/4800 NetBSD NeXTSTEP Novell NetWare OpenBSD OpenVMS IBM OS/2® OS-9 QNX RedHat Linux SCO Open Server Slackware Linux Solaris SunOS SuSE Linux Trustix Secure Linux Turbolinux Ultrix UNICOS UnitedLinux VxWork

Vulnerability management
IBM Proventia Management SiteProtector™ central management system controls multiple Internet Scanner agents and provides a comprehensive enterprise vulnerability management system.

Additional capabilities available with the SiteProtector system

Enterprise-class scalability
The SiteProtector system controls and operates hundreds of remote scanning agents and reports on the results quickly and easily. Scalable for the largest enterprises, the SiteProtector system offers the following vulnerability-management features:

• Multiscanner control
• Multitiered architecture
• Distributed vulnerability collection
• Enterprise database support
• Multiple site support
• Enterprise dashboard with vulnerability drill-down capabilities
• Multiwindow view
• Centralized servers

Enterprise reporting
Enables multiscanner/multiscan enterprise correlation, aggregation and reporting. Includes all stand-alone scanner-reporting capabilities, plus:

• Enterprise multiscan reports
• Precanned default reports
• Exports reports to PDF, CSV, HTML
• Group-based reporting
• Schedulable reports
• Web-accessible reports
• Fast analysis reports
• Extensive filtering

Remote scanning capabilities
Controls and operates scanning agents located in remote geographies or behind firewalls. Remote operations include:

• Start scan (scan now)
• Edit policy
• Stop scan
• Pause/resume scan

Automated and schedulable commands
Eliminates the need to run recurring scans manually. Task scheduler eliminates steps and saves you time with:

• Start scan
• Stop scan
• Report creation
• Apply IBM X-Press Update product enhancements

User administration
Empowers multiple users with appropriate access to con- trol their portion of the vulnerability management process. Features include:

• Administration using domain accounts (optional)
• Administration using local accounts
• Multiple user roles
• Group-based user access control

Asset management
Designed for ease and accuracy, identifies groups and manages your information assets through:

• Active directory integration
• Prompt asset grouping
• Manual asset grouping
• Integrated protection view
• Group-name customization
• Group-based reporting
• Multilevel asset grouping
• Group-based user access control
• Ungrouped asset identification

Discovery and assessment

Includes automatic (passive) discovery of information assets based upon traffic analysis from your IBM Internet Security Systems (ISS) security infrastructure; helps identify new assets as they are added to the network and groups them according to user-defined roles or holds in the “ungrouped asset” category.

Updates
Receives regular security content updates to enhance scanning and vulnerability management. Updates include:

• X-Press Update product enhancements and service packs
• Prompt updates
• On demand updates
• Update scheduling
• Updates via Web
• Updates offline when not connected
• Centralized update server
• Update mirrors

Data and vulnerability analysis views
Displays security information in real time; flexible display provides granular view of event details or summary information; once an analysis view is established it can be saved, recalled or shared with others users. Views include:

Group-oriented analysis views Seventeen default analysis views Right-click data navigation (fast analysis) Custom views Vulnerability clearing Vulnerability-incident creation Vulnerability-exception creation Drill-down to event details View vulnerability information Target-analysis mode Sensor/scanner-analysis mode

Data export to printer Data export with vulnerability information Schedulable data export Graphical analysis views Baseline and compare views Return to baseline Group filters Analysis view filters Custom analysis display Consolidated vulnerability views

Proactively identifying network security vulnerabilities with IBM Internet Scanner software.

The first step to securing your network is knowing your network

IBM Internet Scanner software provides a solid foundation for network security. It delivers prompt vulnerability assessments for networked systems, including servers, desktops and infrastructure devices. Internet Scanner software improves security and saves time and money by discovering networked assets, identifying security vulnerabilities or weak spots in operating systems and applications, and prioritizing patching and protection activities.

Internet Scanner software probes operating systems, routers/switches, mail servers, Web servers, firewalls and applications—identifying vulnerabilities so that you can address them before hackers access and take control of systems. Scan results are displayed both onscreen and in reports that allow your IT department to respond quickly to critical vulnerabilities.

The Internet Scanner application can also be integrated with the IBM Proventia Management SiteProtector™ (SiteProtector) system to manage vulnerabilities and other security functions from one console.

Why is vulnerability assessment important?

Because security threats are becoming more numerous and complex—and the costs of information theft are huge.

As business networks become more intricate, their risk of becoming vulnerable to malicious attacks rises. Most companies take “reactive” security measures, such as implementing firewalls and anti-virus programs, which tend to protect against only known threats. If criminals discover and exploit vulnerabilities that your company or your technology vendors are not aware of, serious consequences can result:

• Loss of availability (denial of service)— e.g., your Web or e-mail server becomes inaccessible, or the order-entry system ceases to operate.
• Compromise of integrity—e.g., unauthorized users conduct Web site defacement or e-mail snooping.
• Breaches of confidentiality—e.g., customer records are lost, or confidential information is stolen or made public.

That means downtime, data loss, potential reputation damage and costs to the business. Internet scanning helps to reduce business risk by discovering vulnerabilities throughout your network so you can take measures to protect those entry points before an attack occurs.

How does Internet Scanner software work?

Vulnerability assessment
A sound security-management process starts with asset identification. Internet Scanner software identifies all the devices, services and applications running on your network. The Internet Scanner application has the capability for virtually unlimited asset identification, allowing you to scale with your company’s growth.

Internet Scanner software’s default policies and common policy-editor features save you out-of-the-box configuration time. Internet Scanner software then efficiently and accurately determines the services, applications or code that may be at risk of attack. It also identifies misconfigurations that could lead to a compromise. Finally, the product performs noninvasive tests to analyze the potential effects of a real attack.

Vulnerability reports
Internet Scanner software generates logical, easy-to-understand reports that include detailed technical, operational and management information. Each report provides instructions for corrective action and vendor sites for security patches with helpful information.

Security research
Clients using Internet Scanner software benefit from the latest IBM vulnerability assessment solutions. Our globally respected IBM Internet Security Systems X-Force® security intelligence team discovers, researches and tests software vulnerabilities. The Internet Scanner application receives prompt electronic updates on the newest threats to ensure that you can identify the latest security holes.

Why choose Internet Scanner software from IBM ISS?

IBM Internet Security Systems (ISS) developed its network scanner more than ten years ago. It is a stable, accurate and time-tested product. Because Internet Scanner software can be centrally managed, your company can maintain tighter control over your network and your security environment. And you will be in compliance with stringent audit requirements for network security. Internet Scanner software is designed to function as a stand-alone product. Yet it seamlessly integrates with the SiteProtector system and other IBM ISS products so that you can manage scanner installations worldwide and optimize your protection.

The IBM protection platform

Internet Scanner software is an integral piece of the IBM protection platform, which delivers preemptive protection as part of a centrally managed security solution. The IBM protection platform enables a four-part process that helps enterprises:

1. Assess enterprise wide security risk.
2. Prioritize patching and protection activities to accelerate risk reduction.
3. Continually protect and secure every layer of the network.
4. Demonstrate security risk reduction and compliance.

System Requirements:

Processor

• Recommended: 2.4 GHz Dual XEON Processor
• Minimum: 1.2 GHz Intel Pentium III

Memory

• Recommended: 1 GB
• Minimum: 512 MB

Hard disk

• 315 MB for installation from CD-ROM
• 345 MB for installation from file

Other requirements:

• Free hard disk space: 300 MB
• NTFS partition required
• Sufficient disk space for session log files

Operating System
The following operating systems are officially supported:

• Windows 2000 Professional with SP4
• Windows Server 2003 Standard SP1
• Windows XP Professional with SP1a

Database
Standard installation:

• MSDE is automatically installed if it is not already present.
• Microsoft Data Access Components (MDAC) 2.8 is included with the MSDE install.
• RAM requirements include:
  • 128 MB of RAM (Windows XP)
  • 64 MB of RAM (Windows 2000)
  • 32 MB of RAM for all other operating systems

Sensor-only installation:

• MSDE is not required.

Third-party Software

Included:

• MDAC 2.8
• Sun Java 2 Runtime Environment (J2RE), Standard Edition, Version 1.4.x

Not included - needed for console only:

• Microsoft Internet Explorer 5.5 or later to run HTML Help
• Adobe Acrobat Reader 4.x or later to view PDF files

Proventia Network Enterprise Scanner and Internet Scanner Software Comparison Matrix:

Uncompromising Protection for Every Layer of Your Network

Offers vulnerability protection and helps quantify and reduce overall risk to all network components. Appliance or software solutions identify where risk exists, prioritize and assign protection, and report results.

* Based on real world message flow, containing messages of varying sizes including variants with attachments and/or images

Documentation:

Download the IBM Internet Scanner Software Datasheet (PDF).