SAINTmanager Overview

Mark KeppingerMark.Keppinger@OregonState.EDU

Senior Network Security AnalystNetwork Services – Network

EngineeringNovember 17, 2010

SAINT components and definitions

SAINTmanager® - Remote Management Console SAINTnode® - Scanner for SAINTmanager SAINTstick® - Portable SAINTscanner and SAINTnode SAINTscanner® - Vulnerability Scanner SAINTwriter® - Report generator SAINTexploit® - Penetration Testing SAINTexpress® - Update module

3

A Brief History

SAINT® was based on SATAN SATAN - Security Administrator Tool for

Analyzing Networks, released in 1995 no updates

SAINT Corporation continued development of SATAN and release it as SAINT in July 1998

SAINT - Security Administrator’s Integrated Network Tool

4

What is SAINTmanager?

SAINTmanager™ is a remote management console for SAINT

One manager can control many SAINT nodes and users

Manager sends scan jobs to nodes Nodes send scan data back to

manager OSU acquired the SAINTmanager

option Summer ‘09

5

Why SAINTmanager?

Needed an enterprise solution for OSU Tried using N-copies of SAINTscanner DCA’s . . .

- know their environment- know when and how often to perform scans- have the credentials to validate and eliminate false-positive vulnerabilities

6

SAINTmanager Architecture

7

Communication

Manager communicates with nodes over a persistent connection on a TCP port Connection is initiated when a node

starts Communication is encrypted over

SSL Default port is 1515 Manager updates nodes

8

User Interface

SAINTmanager only runs in remote mode Users log in through a Web browser

Port 1410/TCP used at OSU Can also run through Apache

(or another Web server)

9

SAINTnode System Requirements

SAINTnodes requires: A UNIX, Linux, or MAC OS PERL NMAP, SAMBA, OpenSSL, & OpenSSH Optionally . . . Xprobe2, Oracle Instant

Client, Crypt-PasswordMD5

10

SAINTmanager System Requirements

Same as SAINTnode, plus:• OpenSSL – for encrypting communication

between manager and nodes• Perl-DBI and DBD:MySQL – for PERL to

interface with MySQL These tools are typically available

as package selections from your Linux vendor

11

Benefits of SAINTmanager

Centralized management One scan configuration can be

pushed to multiple nodes Status of scans across the

enterprise can be checked from one place

Data from entire enterprise can be analyzed in a single report

12

Benefits of SAINTmanager, continued

User management Users can be created with different

roles on different nodes Roles can be created to allow

specific capabilities to be granted or denied

13

Benefits of SAINTmanager, continued

Ticketing Tickets can be automatically

assigned to users based on a set of rules

Remediation status of each vulnerability is tracked

E-mail notification of new tickets

14

SAINTmanager Licensing

Licensing is based on number of nodes Limit on number of nodes is enforced

by license key Licensing of SAINT remains the same

for nodes Based on target IP addresses or networks Manager will distribute new keys to nodes

15

SAINTmanager Updates

Manager gets updates by SAINTexpress

Manager also caches updates for nodes

Nodes get updates from manager At OSU a cronjob runs every

Saturday at 08:00

16

Users

A user is an individual who is allowed to log in to SAINTmanager using a unique login name

Each user can be assigned any number of roles on any number of nodes

What a user is or isn’t allowed to do is determined by his or her assigned roles

17

Roles

A role is a set of permissions Several default roles are included Permissions include global and

node-specific permissions

18

Permissions

Global permissions are permissions on the manager itself Ability to view, modify, or create

users, roles, or rules Node-specific permissions are

permissions on specified nodes Ability to view or modify hosts or

tickets Ability to run scans or view results

19

Default Roles

Four type of default roles: Super Admin Admin SAINT Administrator SAINT User

OSU added role:RO – Read Only (DCA account)

20

Super Admin Role

The Super Admin role grants full global and node-specific privileges

The default superadmin user has this role on all nodes

Assign this role to a user who is responsible for creating and managing nodes and other users

21

Admin Role

The Admin role grants the ability to: View and modify rules and hosts View, modify, assign, and close tickets

Assign this role to a user who is responsible for supervising the scanning and remediation operations on a node

22

SAINT Administrator Role

The SAINT Administrator role grants the ability to run scans and view results

Assign this role to a user who is responsible for running or scheduling scans on a node

23

SAINT User Role

The SAINT User role grants the ability to view results and modify tickets

Assign this role to a user who is responsible for vulnerability remediation following a vulnerability scan

24

This concludes SAINTmanager Overview

Any Questions?(before proceeding to the demo and SAINTstick usage drawing)

http://SaintMgr.nws.oregonstate.edu:1410Username: DCA Password: ViewOnlySaint-Manager@lists.oregonstate.edu