[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Scans from SP 2.0 Console and Internet scanner

To: <issforum@xxxxxxx>
Subject: RE: [ISSForum] Scans from SP 2.0 Console and Internet scanner
From: "Higgins, David" <David.Higgins@xxxxxxxxxxxxxxx>
Date: Fri, 10 Oct 2003 09:18:00 -0400
Delivery-date: Fri, 10 Oct 2003 19:26:24 +0200
Envelope-to: iss@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-archive: <https://atla-mm1.iss.net/mailman/private/issforum/>
List-help: <mailto:issforum-request@iss.net?subject=help>
List-id: ISS Forum <issforum.iss.net>
List-post: <mailto:issforum@iss.net>
List-subscribe: <https://atla-mm1.iss.net/mailman/listinfo/issforum>, <mailto:issforum-request@iss.net?subject=subscribe>
List-unsubscribe: <https://atla-mm1.iss.net/mailman/listinfo/issforum>, <mailto:issforum-request@iss.net?subject=unsubscribe>
Sender: issforum-admin@xxxxxxx
Thread-index: AcOO3yQ7Y77sooAhRmOd829jSLP15wATwHrA
Thread-topic: [ISSForum] Scans from SP 2.0 Console and Internet scanner

We had similar concerns where an Internet Scanner scan run from SiteProtector would not show up in the report screens in the Internet Scanner console.  Tech Support provided the following.  It's not a perfect fix, but we find it better easier running two scans.  

Something to be aware of if you make this setting change: There is no "selective delete" function in the local Internet Scanner database, so you have to purge the entire report database at once.  

Hope this helps.

DLHiggins 
Security Specialist 
Jefferson Pilot Financial

***********

RealSecure SiteProtector automatically purges information from your
local Internet Scanner database after each scan. This decreases the size
of your Internet Scanner database, improving overall performance by
maintaining the size of the database, and ensuring that the database
does not exceed its 2 GB maximum capacity. The side affect of purging
the local Scanner database is that reports cannot be run against that
data from the Internet Scanner local console.
Note: Internet Scanner maintains its own database even when installed
without a local Internet Scanner Console.

Version(s) Affected:
RealSecure SiteProtector 2.0 (Service Pack 2) with Internet Scanner 7.0
Fix Version:
N/A
Related Articles: 
See Below 
Answer 
Users can also set their SiteProtector system to retain Internet
Scanner database information in the local Scanner Database by adjusting
the "PurgeCompletedScan" parameter in the issdkinterface.policy file.
To adjust the "PurgeCompletedScan" parameter:
1. Go to the SiteProtector Application Server computer.
2. Open the issdkinterface.policy file.
By default, the issdkinterface.policy file is located in the 
following directory: 
/Program Files/iss/RealSecure SiteProtector/Application Server/config
3. Do one of the following:
- To enable the Internet Scanner database purge (this is the 
default setting), set the "PurgeCompletedScan" parameter to 
read as follows:
PurgeCompletedScan = B 1;
- To disable the Internet Scanner database purge, set the 
"PurgeCompletedScan" to read as follows:
PurgeCompletedScan = B 0;
4. Restart the Sensor Controller Service.

-----Original Message-----
From: Robert Craig [mailto:rjc@xxxxxxxxxx]
Sent: Thursday, October 09, 2003 10:23 AM
To: ITSec; MeaCulpa; issforum@xxxxxxx
Subject: RE: [ISSForum] Scans from SP 2.0 Console and Internet scanner


Mea, 
If you want to get the standard reports that most people are used to from an ISS Scan, you'll need to also run a separate scan from the ISS Scanner Console against the server/system.  See ISS Knowledgebase Answer ID 2115 for more details.  Seems ISS deliberately disabled ISS Scanner Console scans from populating the SiteProtector database.  It would be a great feature if there was an option available to also send data to SiteProtector when running independent ISS Scanner Console scans.  
There has also been some forum discussion regarding having the ISS Scanner Console scans using a remote centralized database for storage but I believe this is not currently supported.  I've tried to set it up myself, and have not been able to get the local ISS Scanner Console to recognize the remote database even when setting up a separate DSN that does communicate properly with the database.  Seems the only way to consolidate scanning data is to export/import from the Desktop SQL install required by the ISS Scanner install.
I'm hoping the ISS will more closely integrate the independent scans with SiteProtector, or at least add an option when you run a scan to send the data to SiteProtector.  Either that or improve the vuln. reports within SiteProtector.
Bob 
Robert J. Craig, CISM, CISSP 
Senior Security Engineer 
NETSEC 
13525 Dulles Technology Drive 
Herndon, VA  20171 
(703) 561-0420 
(703) 832-4505 fax 
bob.craig@xxxxxxxxxx 
http://www.netsec.net 
 

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

Prev by Date: RE: [ISSForum] GB Uplinks...
Next by Date: [ISSForum] No Vulnerabilities Discovered
Previous by thread: RE: [ISSForum] Scans from SP 2.0 Console and Internet scanner
Next by thread: [ISSForum] XPU Update Problem
Index(es):
- Date
- Thread