Configuration audit a passive scan?

General support questions for the Secutor Prime product.
DavidK123
Posts: 1
Joined: Wed Nov 16, 2011 7:49 am

Configuration audit a passive scan?

Postby DavidK123 » Wed Nov 16, 2011 10:15 am

Does anyone have documentation on how invasive a configuration audit in Secutor Prime Pro may or may not be? (i.e. whether it uses active or passive scans to perform the audit?)

Thanks!

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Wed Nov 16, 2011 10:41 am

Secutor Prime strictly follows the SCAP specifications in that retrieves the information needed to determine every rule status via the means dictated by the driving benchmark.

These benchmarks are peer-reviewed by the participants in the SCAP community to be definitive, accurate and safe. Part of the SCAP standards is that the driving benchmarks are not able to specify arbitrary commands, but are only allowed to reference information from system commands that have been determined to be benign.

In practical terms what this boils down to is that very basic read-only system commands and library calls are executed on the target systems. On *nix systems this will be things like "uname -a" or reading the contents of /etc/ssh/sshd_config, while on Windows it will be things like reading a registry value or getting the ACL list of a file.

All this is out the window, of course, if you use Secutor Prime to do remediation.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: No registered users and 0 guests