Creating a scan template

General support questions for the Secutor Prime product.
fkasperski
Posts: 3
Joined: Tue Aug 28, 2012 1:07 pm

Creating a scan template

Postby fkasperski » Tue Aug 28, 2012 1:27 pm

I am new to using Secutor Prime.

Currently I have several servers to harden.

A couple individuals that are more familiar with SP have told me that the easiest way to build a customized scan template was to:
1. manually configure my server security settings (GP settings and registry settings)
2. Let SP scan the configuration.
3. Save the assessment as a sort of customized scan template.
4. Use the saved, customized scan template on other servers to save time, instead of manually configuring each of them.

I am just not seeing exactly what I must do to "capture" the current settings of a server that has been configured as I need it. Then how to turn that "snapshot" into a customized template of sorts.

Any help is certainly appreciated.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Tue Aug 28, 2012 4:23 pm

It sounds like what you are looking for is to create a Deviation Profile. This can only be created when Secutor Prime is in the "Advanced" interface style (Tools --> Interface Style --> Advanced).

Once you have a sample machine locked down as close as your local policies allow, you can create a Deviation Profile that will record all the variations from the driving benchmark. Thereafter, any time you do an assessment using the same benchmark with that Deviation Profile active, the system will not mark and deviated rules as failing as long as the setting is within your bounds of that rule as found on the original system the Deviation Profile was created on.

To create a Deviation Profile, do an assessment of your golden target. To make it easier to create this golden target you can use Secutor Prime to remediate and undo failing rules until you have the system at its final working state.

Then go to the menu Deviations and select Deviation Manager. You'll need to fill out all of the text fields before the "Profile Now" button becomes active. The Profile Name can be any text you want, but it's best to use the Browse button to select the location for the data file that will store your DP. The file will be an XML file and so needs to have a .xml extension.

Once the "Profile Now" button becomes active simply click it. For every item that fails compliance you will be prompted as to whether to record that rule should be considered a deviation as well as some additional information.

Once the deviation profile has been created it will be active. Rules that fail compliance but are still within the bounds of the deviation you created will be marked as passing in the tree (green check) but with a yellow background.

For more information look at the "Deviation Manager" topic under the Policy Deviations & FDCC Reporting chapter in the User's Guide (Help --> User's Guide from the main menu).

fkasperski
Posts: 3
Joined: Tue Aug 28, 2012 1:07 pm

building a customized scan

Postby fkasperski » Wed Aug 29, 2012 6:45 am

Thanks for the "step by step" instructions.

I believe that your "How to" instructions are exactly what I was looking for.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Thu Aug 30, 2012 12:50 pm

Groovy. Let us know if that works out for you.

fkasperski
Posts: 3
Joined: Tue Aug 28, 2012 1:07 pm

Driving benchmark

Postby fkasperski » Thu Aug 30, 2012 5:43 pm

I am using Server 2008 R2.

Does Secutor Prime have anything close to the following
"driving benchmark"?

What I wanted to achieve are settings like those in the CIS benchmark called SSLF (specialized security - limited functionality).

What Secutor Prime benchmark would be close to that?

Thanks.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Fri Aug 31, 2012 9:19 am

The Server 2008 benchmarks each have multiple profiles. Each profile represents a different compliance role, so within the benchmark you can pick the one that best matches your need.

The profile titled "MAC-1_Classified" (Mission Critical Classified) is probably closest to SSLF, but we are not the authors of that benchmark so I can't tell you how close it is. That particular benchmark was authored by DISA FSO to automate the guidance in the DoD STIG.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: No registered users and 0 guests