In this article, we will learn how to use retina, “a
vulnerability scanner” to our best of advantage. There
are various network vulnerability scanners, but Retina is industry’s most
powerful and effective vulnerability scanners. This network vulnerability
scanning tool gives vulnerability assessment experience and generates full
brief network vulnerability report.
Table of content
- Introduction to Retina
- Scanning process
- Working of Retina
- Network scanning with retina
- Conclusion
Introduction
to Retina
Retina network scanner allows you to scan multiple
platforms. It also provides you with automatic fixes and the ability to create
your own audits. It works against all the critical vulnerabilities hence,
allowing you to decure you network properly. As it keeps updating its database
at the beginning of every session, it is pretty reliable. Retina permits you to
scan parallelly by using it’s queuing system to scan up to 256 targets at the
same time. You can also execute majority of scans without administrative
rigths. It also allows you to perform custom audit scans to inhance you
internal security policies. Retina Network Security Scanner is a outstanding
solution designed to discover profile and assess all assets deployed on an
organization's network. With Retina Network Security Scanner, customers can
efficiently identify, prioritize and remediate vulnerabilities such as missing
patches and configuration weaknesses.
Scanning
Process
For scan to begin the specific details to retina
through its GUI. As soon as the scanner will receive the scanning details, it
will begin the auditing process. An audit scan covers the following :
·
Targeting
: builds a scan list from
the address group and discovery options
·
Port
scanning : finds out all
the open, closed and filtered ports
·
Detecting
OS : lets you know about
the OS on the target system
·
Auditing : accesses vulnerabilities of each port
and their respective services.
Working
of Retina
First Retina recovers the list of IPs that need to be
filtered then it builds and composes its target list to the eeye_ groups table.
The work list contains the work to begin and halt data. Retina at that point
starts running the scan. Once targets are filtered, then the completed passages
are evacuated from the line record. In case it’s powered down for any reason,
this guarantees that a filter will total. At the conclusion of the check, the
scanner composes Completed to the eeye_groups table within the filter comes
about database (RTD). Suppose the client prematurely ends the work, then the
scanner composes Prematurely ended to that table.
Network
scanning with Retina
We have downloaded the Retina Vulnerability Scanner
from the Offical Site. After Downloading the correct version with respect to
our machine, we have installed the scanner through the setup. It is a fairly
simple setup to install. After installation, we will run the application which
results us by providing 3 tabs, i.e. “Audit, Remediate and Report”. First
we will work upon the Audit tab, inside which we have selected “Single-use” after that we are scanning
an individual target in Target Type. We will use the IP Address for the target.
In the case of “Multiple-use”, we can use a specific IP range too.
After selecting
the Target, we must select the port that we want to scan, we have multiple
options like, all ports, Common Ports, Discovery Ports, and others. In our
scenario we have selected “All ports”.
After selecting
the ports, it’s time to select the type of audit,
which we want to perform on our target machine. This includes many types with
an option to modify. We can craft a personalized audit with the help of options
provided. We selected “All Audits”. This took more time in performing the scan,
but the personalized scan will take less time.
Now, we got the
Options. Here, we have choice to select some additional functionality that we
can include in our scan. This includes, OS Detection, Reverse DNS, NetBIOS
Name, MAC Address and others. We can also provide the Number of users that we
want to enumerate.
Now, we run the scanner, by clicking on the “Scan” button.
After hitting the Scan button, the scan starts running and we can see the
details of the Scan in Active tab of Scan Job Section. Here we can see that
name of the server “Metasploitable” and the Operating System is “Ubuntu 8.04”.
We also can see other details of the scan.
Now we move on
to the “Remediate Tab”, here in the Configuration Section we can see the
Vulnerabilities that were found and we have the option to sort out the
Vulnerabilities based on the Name, Category and other criteria. Also, in case
of multiple devices, we can generate report sorted by the individual IP address
Next, we will
move towards the “Report Tab”. In this
we can select more option to refine our report. This includes sections like:
Scan Summary, Vulnerabilities by Category, Top Vulnerabilities, Top Open Ports
etc. Apart from this we can also select the type of report that we want. In the
below image I have chosen an “Executive Report”.
As you can see
from below image we have gained with multiple choices to choose from the Report Type that listed us with many
options such as: “Summary Report,
Vulnerability Export Report, Access Report, Dashboard Report, etc.” This is
one of the most vital features that gives Retina an edge in the market of Vulnerability
Scanners.
Here, in our
practical we have chosen ‘Executive’ report type as it is the one which is most
commonly use in the IT industry. You can see in the above image that, report
will cover all the major sections which are scan summary, top vulnerabilities,
and open ports and all the important information that is required.
Once the report
is generated, you can open it in the browser as shown in the image below. It
will record date and time of the scans and report for you too.
Everything in
the report will be catalogued for your convenience and the title will be shown
in the index as shown below. It will start from showing all the top
vulnerabilities in all the way to the bottoms ones.
First in the
report is “scan metrics” which gives
the brief overview of the scan. This overview will inform you about how many
vulnerabilities are exploitable and will also rate the vulnerabilities for you
from low to high. It will also show you the time taken by the scan with the
exact start and end time.
And further, it
will categorise all the vulnerabilities with their basic information just as it’s
shown in the image below:
Then it will
show you the top 20 vulnerabilities with their name, rise and information along
with their count.
Further, it will
show you bottom 20 vulnerabilities with their names and other information.
Then, as
catalogued it will go on to showing you the top twenty open ports with their
names, port number and service. It also includes count which helps to tell the
total no. of ports that are running in same service.
And then it
tells you about the operating system on the target machine. Which is quite
necessary information as it helps you to formulate attack or security policy.
Conclusion
Since the launch of Retina Vulnerability Scanner in
1998, the Beyond Trust Network states that it has sold over 10,000 copies of
the Scanner. The Retina Vulnerability Scanner is one of the scanners that have
an edge over other scanners as it continuously monitors and improves their
scanner with the enterprise security posture. It is the most sophisticated
vulnerability assessment solution on the market that is available as an
standalone application, a host-based option, or as part of the Retina CS
enterprise vulnerability management solution, Retina Network Security Scanner
enables you to efficiently identify IT exposures and prioritize remediation
enterprise-wide
0 comments:
Post a Comment