Network Assessments with Prime Multiview
The new Multiview interface for Prime was created to enable working with multiple assets, and with network assessments you can now use IP notation to define multiple assets you want Prime to do a live assessment against. Secutor Prime will then probe each of the potential IP addresses for a scannable asset and perform all applicable assessments, updating the display as it progresses.
Prime will also keep apply any other settings you've configured as each asset is scanned, such as benchmark settings and deviation profiles -- more about those in upcoming posts.
Once you have defined an IP notation it is saved in your recent history for the Network action type, which you can permanently retain by checking the preserve checkbox. Revisiting the same scan can then be done with a couple of mouse clicks.
Scannable assets are those systems that are powered on, connected to the network, and have the necessary service(s) accessible from the computer that is doing the scanning. For Windows systems this means access to one of the NetBIOS services, and for non-Windows systems SSH is preferred. By default Prime will look for these services and only list assets that have at least one of these services available.
You can modify this behavior using Context Settings. Here you can add and remove services or change what port the system should look for a service on. Keep in mind that the more services you enable the longer it will take to do the discovery portion of the assessment.
Normally Prime will only display assets that are capable of being scanned, but if you check Show all local assets for Network actions under Context Settings, then Prime will also display live computers on the local network.
The Context Settings dialog also contains three controls for changing assessment behavior:
Concurrent Assessments: How many assets to perform assessments against at the same time. Doing more than one at a time will reduce the total amount of time to do the entire scan, but this speedup quickly hits the point of diminishing returns. Two (2) is the recommended value for single-core systems, while multi-core systems may still show improved performance while doing three (3) or even four (4) concurrent assessments.
Concurrent Service Probes: How many potential IP addresses should be scanned at the same time for available services so that a scan can be done. Most machines will show improved performance al the way up to the max of 40 concurrent probes. However, due to anti-malware measures in Windows desktop machines you may need to reduce this number to increase accuracy. In particular, this value should never be greater than one (1) when Secutor Prime is run on a Windows XP machine.
Service Probe Accuracy: Lets you trade accuracy for speed. For remote networks, especially over network connections with high latency, you'll need to run this control all the way to the accuracy side, but on local networks you should be able to safely optimize for speed.
These settings can be different for each context.
Finally, there are some configuration changes necessary to be able to perform remote assessments of Windows machines. For exact details, check this forum post.