|
|
This chapter describes the Cisco Secure Scanner Network Security Database (NSDB)---a powerful database that allows you to understand and research vulnerabilities that the Scanner encounters on your network.
This chapter includes the following sections:
The NSDB is an online, HTML-based reference guide. The NSDB provides background information on the vulnerabilities detected by sessions and can be accessed from several places in the Scanner.
Figure 10-1 shows the main screen of the NSDB.
The NSDB can be accessed from several places in the Scanner.
This section includes the following topics:
To access the NSDB from the Scanner main window, click Show NSDB on the toolbar or click NSDB Links on the File menu.
To access the NSDB from the Grid Browser, follow these steps:
Step 1 Select a data cell and right-click.
Step 2 Click NSDB on the pop-up menu
or
click Show NSDB on the toolbar.
Step 3 If you are in a drill-down list, select any service or vulnerability, right-click and click NSDB on the pop-up menu
or
click Show NSDB on the toolbar.
To access the NSDB while data pivoting, follow these steps:
Step 1 Drill down to the IP Address folder by double-clicking the cell for which you want more information.
Step 2 Click the plus character "+" to expand the menu to see the services and vulnerabilities associated with that host.
Step 3 From the IP Address folder, select any item under Service or Vulnerabilities.
Step 4 Right-click the item and click NSDB on the Vulnerabilities menu
or
select a vulnerability and click Show NSDB on the toolbar.
Another window opens and shows the vulnerability information on the toolbar.
To access the NSDB from the Session Configuration dialog box, follow these steps:
Step 1 Open the Session Configuration dialog box by clicking Create New Session on the toolbar of the Scanner main window
or
select Scanner Sessions, right-click, and click Create New Session on the pop-up menu.
The Session Configuration dialog box appears on screen.
Step 2 Click the Vulnerabilities tab on the Session Configuration dialog box.
Step 3 Select Enable active probes.
This activates the Vulnerability Confirmation group box.
Step 4 Click any vulnerability under Vulnerability Confirmation, right-click, and click Help.
This opens the NSDB to the entry that you have chosen.
The following sections describe important features of the NSDB.
This section contains the following topics:
The Scanner's NSDB entries contain the following information:
Figure 10-2 shows a typical NSDB entry.
Table 10-1 describes the icons used in the NSDB.
| Icon | Description |
|---|---|
| Severity Level 1---Indicates that this vulnerability is a Level 1 vulnerability (see "Severity Level 1" for more information) |
| Severity Level 2---Indicates that this vulnerability is a Level 2 vulnerability (see "Severity Level 2" for more information) |
| Severity Level 3--- Indicates that this vulnerability is a Level 3 vulnerability (see "Severity Level 3" for more information) |
| Host vulnerability---Indicates that the vulnerability is found at the host level
|
| Network vulnerability---Indicates that the vulnerability is found at the network level
|
| Access---Indicates that the vulnerability allows some type of access to machine or data, such as remote access or a user going from normal user to super user |
| Denial of service---Indicates that the vulnerability allows some type of denial of service, such as causing a machine to crash or tying up a mail server so that it cannot accept mail |
| Reconnaissance---Indicates that the vulnerability allows an attacker to gain some type of information useful to them in future attacks |
| Relay attack to a third target---Indicates that the vulnerability allows a machine to be used as a conduit to attack some other machine, for example, an FTP bounce attack in which traffic is relayed through an FTP server to attack a third machine |
| Other---Covers all other types of vulnerabilities |
Vulnerabilities are categorized under three levels of severity in the NSDB. Severity
Level 1 is the least serious threat while Severity Level 3 is the most serious.
This section includes the following topics:
Most Level 1 vulnerabilities permit reconnaissance activities that allow would-be intruders to collect network topology and configuration information, including active IP addresses, active network services, valid usernames, and so forth. These vulnerabilities do not directly lead to unauthorized access, but they should be corrected to make it difficult for intruders to "rattle the doorknobs" on your network. Some data access vulnerabilities that are relatively minor or for which exploit tools are not easily available are also classified as Level 1.
Most Level 2 vulnerabilities permit some level of unauthorized data access or denial of service. These vulnerabilities can frequently be leveraged to allow intruders to eventually gain complete control of network resources. Level 2 vulnerabilities should be corrected as soon as possible.
Most Level 3 vulnerabilities permit intruders to execute arbitrary commands on network servers. The ability to execute commands on a system generally implies the ability to cause denial of service or to gain unauthorized data access. These vulnerabilities frequently allow intruders to establish a base of operations within your network from which they can capture network traffic and spread their span of control. Level 3 vulnerabilities should be corrected immediately.
As Scanner vulnerability exploits are added to and updated, a new list will appear on the Cisco web site. Check the site for new updates.
Posted: Thu Jun 29 14:04:24 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.
