SAINTmanager Overview
Mark [email protected]
Senior Network Security AnalystNetwork Services – Network
EngineeringNovember 17, 2010
SAINT components and definitions
SAINTmanager® - Remote Management Console SAINTnode® - Scanner for SAINTmanager SAINTstick® - Portable SAINTscanner and SAINTnode SAINTscanner® - Vulnerability Scanner SAINTwriter® - Report generator SAINTexploit® - Penetration Testing SAINTexpress® - Update module
3
A Brief History
SAINT® was based on SATAN SATAN - Security Administrator Tool for
Analyzing Networks, released in 1995 no updates
SAINT Corporation continued development of SATAN and release it as SAINT in July 1998
SAINT - Security Administrator’s Integrated Network Tool
4
What is SAINTmanager?
SAINTmanager™ is a remote management console for SAINT
One manager can control many SAINT nodes and users
Manager sends scan jobs to nodes Nodes send scan data back to
manager OSU acquired the SAINTmanager
option Summer ‘09
5
Why SAINTmanager?
Needed an enterprise solution for OSU Tried using N-copies of SAINTscanner DCA’s . . .
- know their environment- know when and how often to perform scans- have the credentials to validate and eliminate false-positive vulnerabilities
6
SAINTmanager Architecture
7
Communication
Manager communicates with nodes over a persistent connection on a TCP port Connection is initiated when a node
starts Communication is encrypted over
SSL Default port is 1515 Manager updates nodes
8
User Interface
SAINTmanager only runs in remote mode Users log in through a Web browser
Port 1410/TCP used at OSU Can also run through Apache
(or another Web server)
9
SAINTnode System Requirements
SAINTnodes requires: A UNIX, Linux, or MAC OS PERL NMAP, SAMBA, OpenSSL, & OpenSSH Optionally . . . Xprobe2, Oracle Instant
Client, Crypt-PasswordMD5
10
SAINTmanager System Requirements
Same as SAINTnode, plus:• OpenSSL – for encrypting communication
between manager and nodes• Perl-DBI and DBD:MySQL – for PERL to
interface with MySQL These tools are typically available
as package selections from your Linux vendor
11
Benefits of SAINTmanager
Centralized management One scan configuration can be
pushed to multiple nodes Status of scans across the
enterprise can be checked from one place
Data from entire enterprise can be analyzed in a single report
12
Benefits of SAINTmanager, continued
User management Users can be created with different
roles on different nodes Roles can be created to allow
specific capabilities to be granted or denied
13
Benefits of SAINTmanager, continued
Ticketing Tickets can be automatically
assigned to users based on a set of rules
Remediation status of each vulnerability is tracked
E-mail notification of new tickets
14
SAINTmanager Licensing
Licensing is based on number of nodes Limit on number of nodes is enforced
by license key Licensing of SAINT remains the same
for nodes Based on target IP addresses or networks Manager will distribute new keys to nodes
15
SAINTmanager Updates
Manager gets updates by SAINTexpress
Manager also caches updates for nodes
Nodes get updates from manager At OSU a cronjob runs every
Saturday at 08:00
16
Users
A user is an individual who is allowed to log in to SAINTmanager using a unique login name
Each user can be assigned any number of roles on any number of nodes
What a user is or isn’t allowed to do is determined by his or her assigned roles
17
Roles
A role is a set of permissions Several default roles are included Permissions include global and
node-specific permissions
18
Permissions
Global permissions are permissions on the manager itself Ability to view, modify, or create
users, roles, or rules Node-specific permissions are
permissions on specified nodes Ability to view or modify hosts or
tickets Ability to run scans or view results
19
Default Roles
Four type of default roles: Super Admin Admin SAINT Administrator SAINT User
OSU added role:RO – Read Only (DCA account)
20
Super Admin Role
The Super Admin role grants full global and node-specific privileges
The default superadmin user has this role on all nodes
Assign this role to a user who is responsible for creating and managing nodes and other users
21
Admin Role
The Admin role grants the ability to: View and modify rules and hosts View, modify, assign, and close tickets
Assign this role to a user who is responsible for supervising the scanning and remediation operations on a node
22
SAINT Administrator Role
The SAINT Administrator role grants the ability to run scans and view results
Assign this role to a user who is responsible for running or scheduling scans on a node
23
SAINT User Role
The SAINT User role grants the ability to view results and modify tickets
Assign this role to a user who is responsible for vulnerability remediation following a vulnerability scan
24
This concludes SAINTmanager Overview
Any Questions?(before proceeding to the demo and SAINTstick usage drawing)
http://SaintMgr.nws.oregonstate.edu:1410Username: DCA Password: [email protected]