netVigilance Logo left1 netVigilance Logo left2 netVigilance Logo text1 netVigilance Logo text2 netVigilance Logo Right
SecureScout NX FAQ



In this list you will find answers to the most frequently asked questions about SecureScout NX™.
The list will be updated according to need.

  1. What is SecureScout NX?
    SecureScout NX is a network vulnerability assessment tool that determines whether networks and firewalls are vulnerable to attacks, and recommends corrective action for identified vulnerabilities.


  2. What is unique about SecureScout NX?
    Most vulnerability assessment solutions are single point devices designed to scan individual or multiple remote IP hosts. SecureScout NX provides a distributed console-remote engine architecture which allows multi-level, multi-segment scanning of all subnets behind firewalls and a complete evaluation of the firewall filtering rules between the scanning agent and the console. This multi-level, multi-segment scanning enables assessments of any size networks and is more efficient than other solutions in the marketplace.


  3. Why would a customer need to run a vulnerability assessment tool inside the network?
    IT systems are getting more complex over time. More applications and features result in more bugs and risks due to configuration mistakes. Out-of-the-box configurations are based on sound choices that ease installation. However, these default choices are often less secure. Security assessment of all IP connected devices in a network reduces these business risks.


  4. What is included with SecureScout NX?
    SecureScout NX is made up of several modules:

    • The Vulnerability Database contains Test Cases that are continually updated.

    • The Console provides a centralized location for conducting and managing security assessment and firewall tests of one or more networks.

    • The Report Generator produces an integrated HTML or PDF report on test results and fixes for any number of tested network segments.

    • The SecureScout NX Engine injects packets on the network to test for vulnerabilities or security weaknesses.

    • The SecureScout NX Firewall Scan tests firewalls for policy compliance in order to prevent illegal traffic.

    • The SecureScout NX Remote Agent enables distribution of the test load in an enterprise-wide network.


  5. What is the SecureScout NX Engine?
    The Engine is the core technology of SecureScout NX. It plays what we call 'test cases'; The SecureScout NX version of a hacker attack script. The Engine is able to inject packets onto the network, receive answers from remote systems, check if they are still running, determine whether security policies are appropriate, and detect vulnerabilities. The efficient SecureScout NX Engine uses modern programming techniques such as multi-threading to make the best use of the computing power, and a dedicated network driver to inject packets at a very high rate on the network. Test cases are implemented in DLLs. Other solutions have interpreted scripts that usually prove slower and more CPU intensive.


  6. What is the Vulnerability Database?
    The Vulnerability Database is the collection of all installed test cases. A test case includes:

    • a text description of the vulnerability, and its consequences.

    • suggestions to solve the issue,

    • access to additional information such as reference URLs on the World Wide Web, and

    • a coded script played by the SecureScout NX Engine, to determine if a target system is vulnerable.


    Test cases are stored in a local ODBC-compliant database. An embedded MS-SQL engine is supplied with SecureScout NX, and its installation is completely integrated in the SecureScout NX installation.

  7. What is the Console?
    The Console is the powerful, yet easy-to-use graphical user interface of SecureScout NX. From the unified centralized Console, a user can manage all SecureScout NX activities, including network, firewall, and remote segment security testing via distributed engines. Sessions can be created that recall all configuration choices. This process allows the user to run jobs with identical parameters and compare changes. Session results are stored in the local database for easy retrieval.


  8. What is the Report Generator?
    All job results can be saved in a set of HTML or PDF reports, easily read through any Web browser.

    The reports include:

    • the Executive Overview, which gives an overview of the prioritized vulnerabilities

    • the Administrator View, which provides all the technical details of test session results

    • the hosts view, that gives information about the hosts.


  9. What is the Firewall Scan?
    The SecureScout NX has mode that test firewalls. In a typical configuration, the remote agent is located inside the firewall, while the Console is outside the firewall (e.g., on the Internet side of the firewall). The Console and the Remote Agent communicate with a secure encrypted communication channel that passes transparent through the firewall.

    The key points of the firewall session are:

    • reverse engineer filtering rules,

    • policy compliance to verify that no illegal traffic can go through the firewall, and

    • check the protection offered by the firewall in application protocols

    The SecureScout NX architecture does not make particular assumptions about the firewall technology and supports any kind of configuration, including homemade and shrink-wrapped products.

  10. What is the Remote SecureScout NX Engine?
    The Remote SecureScout NX Engine allows users to setup additional testing engines on remote segments, instead of running all test cases from the Console. These engines act like the conventional SecureScout NX Engines, only the Console has been suppressed. In other words, an administrator can control a Remote SecureScout NX Engine from his/her own SecureScout NX Console, even if the engine is located far away on a remote segment.

    Benefits of this solution are:

    • All SecureScout NX activities are centralized in a single location, reducing the burden on scarce security resources.

    • A single SecureScout NX report or job can include systems from several segments: this eases follow-up.

    • The scan of a remote segment has a lower network overhead as test cases are played locally. Real-time feedback from the remote engine to the console is buffered to optimize network transmission.

    • The remote engine packet injection is not altered by the WAN performance, or any packet filtering that could take place between the console and the remote segment.

    • Sessions with remote engines can be scheduled via regular OS features,

    • Updates of remote engines are supported via the SecureScout NX Web site.


  11. How should an organization evaluate and compare security assessment offerings?
    According to some vendors, the quality of a security assessment solution is based on its number of test cases, i.e., the number of vulnerabilities it can detect. This is only partially true.

    An organization should also ask the following about the implemented test cases:

    • How many are obsolete, testing for outdated versions of systems and servers?

    • How many are disguised redundant tests and not network tests?

    • How many are NT4 or Windows specific (an organization may have heterogeneous networks to scan)?

    Other important questions to ask are:

    • Is the test case implementation accurate?

    • How complete is the test analysis?

    • How frequently are the test cases updated?

    With SecureScout NX, the focus is on adding test cases that are relevant to current configurations. The accuracy of SecureScout NX is ensured by testing a large number of configurations and adding new test cases for relevant vulnerabilities as they are discovered.

  12. What is a SecureScout NX "Network Session"?
    In a typical use of SecureScout NX, the Network Session:

    • Scans a network segment for existing hosts.

    • Scans for services (TCP, UDP and RPC) and provides an exact picture of services running on the target system.

    • Plays test cases, running all (or just a subset selected by the user) of the test cases supplied with SecureScout NX.

    • Stores results in the SecureScout NX Database.

    • Generates reports as required by the user.


  13. What is a SecureScout NX "Firewall Session"?
    The Firewall Session:

    • Discovers active systems on its segments and reports to the Console.

    • Determines the filtering rules on the firewall, i.e., which packets can go through the firewall? - Does it filter by internal destination (machine / port)? Does it block illegally built packets? Does it prevent inbound and outbound IP spoofing?

    • Checks whether internal systems have been seriously affected by test cases, (e.g., system crash). In order to initiate a Firewall session, a SecureScout NX remote agent is installed inside the firewall (e.g., private network, DMZ.) and the SecureScout NX Console is outside the firewall (e.g., Internet side).

    • The Remote Agent and the Console communicate with each other via a channel that is established across the firewall. In the Firewall Session, the Console injects test cases against targets inside the firewall.


  14. Is encryption built into SecureScout NX?
    Yes. The Probe or Remote Engine to Console dialog is encrypted using SSL v3. Traffic sniffing cannot be exploited by an attacker.


  15. How is SecureScout NX protected?
    A unique license key protects SecureScout NX. The license is issued using:

    • The MAC address of the system used to host the SecureScout NX console

    • the customer company name as well as the individual using the scanner, and

    • the IP address range(s) the customer will be scanning

    This means that:

    • a user cannot scan segments outside of the initial segments supplied, and

    • a user cannot scan an outside network (e.g., via Internet, try and test a competitor's network.)


  16. What are the invaluable features of SecureScout NX that are not available with other network security assessment solutions?
    The unique and valuable features of SecureScout NX include the following:

    • Faster Assessment: All activities are centrally managed in one single location enabling faster assessment of medium to large enterprise-wide networks.

    • Consolidated Reporting: A single SecureScout NX report can include results from one or more network segments.

    • Low Network Overhead: Test cases are played locally and real-time reports are buffered to optimize network transmission.

    • Efficient Testing: WAN performance or packet filtering mechanism never affects a Remote Test Engine's activities.

    • Easy Scheduling: Sessions with remote engines can be scheduled via regular OS features.

    • In-depth Firewall Configuration Testing: includes reverse engineering filtering rules with active probing on all types of firewalls.

    • Automated On-line Updates: Test cases and dynamic report generation are updated regularly.


The traditional approach for network vulnerability assessment has reached its limits. Point-in-time and segment-by-segment scanners are extremely time consuming for security professionals, as they generate only snapshots and unrelated per segment reports. The SecureScout NX distributed 3rd generation architecture combines consoles, remote test engines and proactive probes, and introduces a real technological breakthrough designed to meet the security assessment needs of any size organization.

 

 
   Copyright©2004-2009,  netVigilance, Inc.   All rights reserved  •  Privacy Policy