ROOTSECURE SENSOR SCANNING SCHEDULES DECEMBER 13, 2017 SECURITY ANALYST ROOTSECURE 1244 Victria Street Nrth, Unit H, Kitchener, ON, N2B 3C9 416-286-6610 www.rtsecure.cm
[Page intentinally left blank] Instructins 1. Mdify the dcument prperties t include the Custmer Name and Authr 2. Mdify the header t include the Dcument Title and Subtitle if applicable 3. Mdify DOCID in the fter indicating creatin date and versin i.e. 150108-001 and replace TYPE with an abbreviated dc type i.e. FITSOW 4. Use Heading1 frmat fr all main titles, use Heading 3 fr all sub/sectin titles, 5. Once initial dcument is cmpleted send t the peratins team fr review 6. Once review is cmplete, dcument can be distributed as necessary ANY/ALL CHANGES TO CONTENT MUST BE REVIEWED by the peratins team prir t sending t custmer. 7. Remve all tip bxes, including this ne frm final draft 2
SCHEDULED SCANNING Smetimes, instead f scanning a netwrk cntinuusly fr vulnerabilities, it's desirable fr certain hsts r subnets t be scanned nly peridically at certain schedule. When this is the case, yu can cnfigure the sensr via the RtSecure dashbard t nly scan hsts during a certain scanning windw. Nte: In upcming releases, the cnfiguratin page is being updated with ease f use changes. When thse changes are released, this dcument will be updated accrdingly. Netwrks t Scan This field n the dashbard is the super set f all hsts which the sensr will scan. If it is blank, the sensr will default t the behavir f scanning just the netwrk that the scanner has an IP n. This field is a cmma separated list f netwrks in CIDR ntatin (https://en.wikipedia.rg/wiki/classless_inter-dmain_ruting#cidr_ntatin). Fr example, 192.168.0.1/24 is all the hsts frm 192.168.0.1 thrugh 192.168.0.254. A single hst can be represented by a /32 subnet. Fr example, 192.168.0.121/32 is just the single hst. Nte: Currently, if yu attempt t schedule hst r netwrk in a scheduled scan that is nt in the netwrks t scan, n scanning will take place n that hst. Yu must ensure that a hst is bth in the netwrks t scan and in a scheduled scan if yu want that hst t be scanned n a certain schedule. 3
FYI: T simplify this cnfiguratin, in an upcming release, the netwrks t scan field will be remved and replaced by an ptin t schedule a cntinuus scan. This will mean yu n lnger need t ensure that a hst is cntained bth in the netwrks t scan field as well as in a schedule. Blacklist IP/Netwrks This field n the dashbard is a cmma separated list f IP r netwrks. Unlike the Netwrks t Scan field, CIDR ntatin is nt required fr individual hsts. Any hst r netwrk in this list will nt be scanned by either the hst identificatin scans r the vulnerability scans, effectively making it appear permanently ffline t the dashbard. Scanning Schedules T create a scanning schedule, yu need t input the fllwing: Target Type Cmma separated list f hsts r netwrks in CIDR Ntatin. Hsts that are within this target will nly be candidates fr being scanned frm when the scanning windw starts +8 hurs. One f Daily, Weekly r Mnthly. If Weekly, then the day(s) f the week must be selected. If Mnthly, the day f the mnth must be selected. 4
Time Time f day, in 24-hur clck frmat, fr the scan windw t start. Nte: Currently time zne is fixed as US\Eastern, yu are unable t select a different time zne. This means that if the scanner is sensr is deplyed in a time zne significantly far frm the US\Eastern Time zne yu need t cnsciusly adjust the scan time. Fr example, if the scanner were deplyed in the UTC+2 time zne, and yu wanted the scan t ccur at 22:00 lcal time, yu wuld set the scan fr 15:00 US\Eastern (UTC-5) instead. The fllwing are key ntes abut scanning behavir: The time windw is evaluated n the sensr, s if the sensr's time is nt crrect fr any reasn, the scanning will nt ccur as expected. If yu are seeing unexpected scanning behavir, please cntact us at supprt@rtsecure.cm (mailt:supprt@rtsecure.cm) fr assistance investigating. A schedule nly pens a scanning windw fr thse hsts, the scanner will still cntinue t chse the least recently scanned hst t scan next. I.E. Setting a schedule des nt explicitly kick ff a scan at the specified time, it nly allws the existing least recently scanned lgic t scan the hst in the schedule windw. If a hst within a schedule is nt nline during the schedule windw, it will nt be scanned The same hst may be scanned multiple times within the windw. 5