Đang tải... (xem toàn văn)
As requesting from many partners and customers, they want to have something teaches them to evaluate, or you can say “play”, the NeXpose. This POC guide will lead you to test the NeXpose in a stepbystep approach. The structure bases on a complete evaluation cycle from installation, asset discovery, vulnerability assessment, reporting and remediation. Apart from the product configuration, this guide also tells where you can get more productmarketing information and support.
NeXpose v5 POC Guide Step by Step Version 1.2 17 Jan 2013 By Michael Lai michael_lai@rapid7.com Senior Security Sales Engineer, APAC CISSP, CISA, BS7799, MBA, MSc, BEng(hons) 2 Table of Contents 1. Introduction 3 2. Installation 4 3. Initial Setup 10 4. Site and Scan 16 5. Viewing Assets 28 6. Viewing Vulnerability 50 7. Using Tickets 36 8. Reporting 39 9. Scan Template 50 10. User Management 59 11. Administration 62 12. Metasploit Integration 67 13. FAQ 76 14. Evaluation Checklist 80 3 1. Introduction As requesting from many partners and customers, they want to have something teaches them to evaluate, or you can say “play”, the NeXpose. This POC guide will lead you to test the NeXpose in a step-by-step approach. The structure bases on a complete evaluation cycle from installation, asset discovery, vulnerability assessment, reporting and remediation. Apart from the product configuration, this guide also tells where you can get more product/marketing information and support. For each task, for example locating an asset and assigning a ticket to an administrator, there may be a few ways to do so. This guide will go through one way for demonstration only. So you need to remember that learning, touching and feeling NeXpose to understand the logic is more important than following the guide to click and input something. This guide does not cover solution design, sizing, dynamic site, compliance (e.g. PCI) or the backend technology of NeXpose. These topics may be covered in later version or in the formal classroom training. Nevertheless, the information of them can be found on the Rapid7 web site. Comparing to v1.0 released in Jan 2012, the v1.1 includes below update. - Add IPv6 network scan - Add Dynamic Site VMServer scan - Add Metasploit Integration - Update the content (e.g. screen shot) for the version 5.4. Comparing to v1.1 released in Oct 2012, the v1.2 includes below update. - New reporting GUI - Update the URL for new Rapid7 web site 4 2. Installation In this section, the steps to get the Nexpose installed correctly will be gone through. It includes getting document, software, license and etc. In this step-by-step guide, Nexpose will be installed on Ubuntu 10.04 LTS 64-bit. If you have not an environment for testing NeXpose, this guide will tell you how to setup the test lab. 2.1 Download the documents. Visit https://community.rapid7.com/community/nexpose and download the Nexpose Administrator’s Guide, Nexpose User’s Guide and Nexpose Installation Guide. If you cannot see these documents on the page, then search them. 2.2 Check the requirement. Open the Installation Guide and find “Installation Requirement”. The requirement is shown below. Other deployment options include appliance, managed service and private cloud (http://www.rapid7.com/products/nexpose/tech-specs.jsp). 5 2.3 Go to http://www.rapid7.com/products/nexpose/compare-downloads.jsp and download the software for your OS. It is the same installer for all versions such as Community and Enterpriser. The version/feature is only controlled by the license. 2.4 Run installation. Only Ubuntu is covered here. For other OS, please refer to the Installation Guide. Open a command prompt and switch to super user with command “sudo –i” 2.5 If you need to test IPv6, ensure that you have assigned an IPv6 address to the OS and it works (e.g. “ping6 IP_v6_addr”) before the installation. 6 2.6 Install the required package with command “apt-get install screen”. It is no harm to run this command if the package has already installed. 2.7 Go to the directory where the installation software is stored. Ensure that the file has execution permission. If not, use command “chmod +x NexposeSetup-Linux64.bin” to add the execution permission. 2.8 Run the installer in GUI mode with command “./NexposeSetup-Linux64.bin”. Run the installer in console mode with command “./NexposeSetup-Linux64.bin -c”. “./NexposeSetup-Linux64.bin –h” will show the help. Below will go through console mode to avoid the graphic configuration. 7 2.9 Press “y” (small letter) to start the installation. The system information checked will be shown and ensure that all items are [Pass] or [Warn]. If running on Windows, please have 8GB memory assigned. If running on Linux, it is fine to have 4GB memory for evaluation. 2.10 The next few steps are license agreement, inputting name and company, follow the screen. 2.11 Next step is installing the Nexpose Security Console with local Scan Engine or only the Scan Engine. In this case, select “1” for both. 2.12 Next step is the installation directory, use default “/opt/rapid7/Nexpose”. If anti-virus is installed, this directory should be on the whitelist to bypass virus scanning. 2.13 If the hard disk free space is less than 80GB, a warning will be shown. Press “c” to continue. 8 2.14 Next step is to input the login ID and password. Follow the screen and remember the credential. If you forget the ID or the password, there is no way to recover and you must re- install Nexpose. 2.15 There are two additional tasks, “Create a desktop icon” and “Initialize and start Nexpose after installation”. Just press “Y” to both. 2.16 Installation begins and it will take time to run initialization. Usually it is about 10-30 minutes to complete the installation on Linux. But it may take up to 3-4 hours to complete on Windows. 2.17 Notice that the login URL is https://[ip_address/hostname]:3780 and “/opt/rapid7/Nexpose/nsc/nsc.sh” is used to start Nexpose manually. Then press “Enter” to finish the installation. 9 2.18 To manage NeXpose daemon, go to “/etc/init.d”. “./Nexposeconsole.rc status” to check Nexpose console is running. “./Nexposeconsole.rc stop” to stop and “./Nexposeconsole.rc start” to start the Nexpose console. “./Nexposeconsole.rc restart” to restart Nexpose console. NeXpose console includes the web console, backend database and scan engine. 2.19 Build the test lab, below is the recommended system on the network. - Nexpose Console + Scan Engine (just installed in this section) - Metasploitable2: Linux host with many vulnerability including web - Windows 2003/2008 server: with domain enabled for testing policy - Windows 7 or Windows XP: for workstation scan Below is the assigned IP used in this guide and you can have your own IP set. Nexpose 192.168.152.15/24 1000::3/64 Metasploitable2 192.168.152.13/24 Windows2008 192.168.152.9/24 1000::4/64 Windows7 192.168.152.21/24 1000::2/64 2.20 To download Metasploitable2: Visit https://community.rapid7.com/docs/DOC-1875, find and click the blue “available for download” to go to the download site to download the 873MB zip file “metasploitable-linux-2.0.0.zip”. Unzip it and run it on VM Workstation or VM Player. The login ID and password is “msfadmin” and “msfadmin” respectively. 10 3. Initial Setup In this section, Nexpose will be configured to be ready for scan. License activation, update and other initialization work are covered here. 3.1 To login web console, connect to https://Nexpose_IP:3780, Firefox is recommended. Login with the credential input during installation in 2.14. The “News” (e.g. product update) is shown after login. 3.2 For license check, click “Administration” at the top menu bar. Locate “Security Console” at the left then click the blue “Manage”. Click to the “Licensing” page at the left. [...]... set of methods by which Nexpose identifies as many details about the asset as possible By inspecting properties such as the specific bit settings in reserved areas of a buffer, the timing of a response, or a unique acknowledgement interchange, Nexpose can identify indicators about the asset's hardware and operating system The last column is the Certainty level to show how confident Nexpose is for OS... the software that Nexpose found running in your network, the number of instances of program, and the type of program Click the link for a program to view the assets that are running it Nexpose only lists software for which it has credentials to scan An exception to this would be when Nexpose discovers a vulnerability that permits root/admin access 35 6 Using Tickets You can use the Nexpose ticketing... 3.12 For Linux, to view the real time system log of Nexpose, input “screen –x” on the command prompt The log will show the system log such as update operation and license status Input “Ctrl + a + d” to quit and you will see message like “[detached from 1503.Nexposeconsole]” Don’t use “Ctrl + C”, “Ctrl + X” or “Ctrl + Z” which would terminate the Nexpose console 14 3.13 To review the host security setting... Comparing with a static site, the “Assets” are discovered by the vConnection and you cannot add/delete any IP/host here If there is change at the VM Server, it will be reflected in next scan 27 5 Viewing Assets The Nexpose Security Console interface provides several tools for viewing and managing asset data gathered during scans 5.1 To view assets by sites Click “Assets” on the top menu bar Click the blue... review the host security setting If the host has anti-virus installed, ensure that the Nexpose directory is on the whitelist If host firewall is enabled, disable it If host IPS/IDS is enabled, disable it 15 4 Site and Scan Site is used to group together a logical collection of devices Each site can then be scanned together by the same scan engine In v5.x, there are two site options Static site is a collection... Before installation, confirm that hosted based firewall is disabled and NeXpose installation folder is on the whitelist of the Anti-Virus 3.5.2 After installation, reboot the host before activation 3.5.3 If you are behind a proxy, you can configure it here: Administration/Security Console/Proxy Settings 3.5.4 The IP address of the Nexpose server must be whitelisted through firewalls and URL filters like... activation server You need to ensure that the connection to port 80 is ALIVE 3.5.6 NeXpose needs to reach our update server to pull down any necessary jar and zip files for activation and updating Since some web gateway/firewall content control may block the jar file from some unknown sites, you may need to change policy to allow NeXpose to get the jar file 3.5.7 Confirm the browser in use is supported (check... the “Standard Policy Listing” table You can also find the installed software on the “Installed Software Listing” table Without credential, Nexpose can only scan the host from external point of view such as the vulnerability of the network services With credential, Nexpose can look into the system setup such as registry key and installed software 31 5.12 Assets can be grouped Click “Assets” at the top... user if you want to assign this group to be managed by specific person Click “Save” to store the new added dynamic group and it is shown on the “Asset Group Listing” 5.14 A static asset group contains assets that meet a set of criteria that you define The list of assets in a static group does not change unless you alter it manually 33 5.15 To view assets by the operating systems running on them, go to... To view assets by the services they are using, go to the “Assets” tab on the top menu bar and click the blue “View” of the “Services” at the left The console displays the “Services” page, which lists all the services running in your network and the number of the number of instances of each service Click the link for a service to view the assets that are running it 34 5.17 To view assets by the software . check Nexpose console is running. “./Nexposeconsole.rc stop” to stop and “./Nexposeconsole.rc start” to start the Nexpose console. “./Nexposeconsole.rc restart” to restart Nexpose console. NeXpose. In this section, the steps to get the Nexpose installed correctly will be gone through. It includes getting document, software, license and etc. In this step- by -step guide, Nexpose will be installed. NeXpose v5 POC Guide Step by Step Version 1.2 17 Jan 2013 By Michael Lai michael_lai@rapid7.com Senior Security