addmi 12-basic scan
Post on 12-Jun-2015
411 Views
Preview:
TRANSCRIPT
© 2009 BMC Educational Services
Scanning Basics
Telling Atrium Discovery What and When
© 2010 BMC Educational Services
The Basics of Scanning Outline
Basic Discovery Essentials: What to scan
IP ranges Credentials Exclude ranges
When to scan Setting up discovery runs
View Results Discovery Run details Node details Provenance details
© 2010 BMC Educational Services
The Basics of Scanning
Scanning is a process of probing your network to see what information can be gathered about the endpoints found
You need to tell Atrium Discovery What to scan (and perhaps what not to scan)
IP ranges (one, or a range, or a list) How to access a host (end-point)
Credentials available (for logging in) Where the Windows Slave is installed
This is covered is depth later in the course
© 2010 BMC Educational Services
The Discovery Process
Scan of an IP range via the discovery run: The discovery engine tries each IP address in the range looking for
endpoints Checks for matches in the exclusion list. Determines the host and OS type (platform) If the host has had a previous successful login, the same credentials
will be attempted first If not, login credentials will be attempted in the UI display order, UNIX
first then Windows and finally SNMP Run a platform-specific script, and potentially other commands, to
learn about the device Writes this information into the datastore
© 2010 BMC Educational Services
Choosing IP Ranges
Accessed Via “Add new run” List individual machines to scan
e.g. 231.234.11.32
Choose subranges e.g. 10.1.1.1-56
Choose subnet Mask e.g. 192.168.1/24
© 2010 BMC Educational Services
Scheduling Runs
Can add an ad-hoc (snapshot) or scheduled discovery runs
© 2010 BMC Educational Services
Choose the Scanning Level
Sweep scan Is there anybody there? Note: Host nodes will NOT be created at this level
Host Identification - basic host information Host Information - run discovery commands but not patterns Full discovery - the works
© 2010 BMC Educational Services
What Scanning Level to Use
For general use: Full Discovery to ensure the most amount of information is recovered
During initial deployment: Sweep Scans to get a rough understanding of the environment before configuring
credentials
© 2010 BMC Educational Services
Discovery Protocols
Without logging in Telnet banner scraping Port scanning HTTP HEAD
Logging in SSH, rlogin, telnet WMI, remcom, rcmd SNMP
Port scanning, telnet banner, HTTP HEAD
ssh, telnet, rlogin, SNMP, rcmd
© 2010 BMC Educational Services
Scanning Credentials
You can add credentials for single devices and ranges Can use regex wildcards Will be tried in display order
Login credentials SNMP credentials Database credentials
© 2010 BMC Educational Services
Login Credentials
Can create credentials for a singe device ip or range Can use regex (.* or 10.10.10.(23|25)) or a range specification (10.10.10.* or 10.10.1-5.* or 10.10.10.0/24)
Will try each credentials in the order displayed By default, will store the last successful credentials for each host to use in future
runs
© 2010 BMC Educational Services
Setting SNMP Credentials
SNMP credentials are called community strings Use or request a readonly (RO) string for tideway discovery
© 2010 BMC Educational Services
Add Exclude Ranges
Add IP ranges of hosts that should NOT be included in discovery
Useful for excluding sensitive or fragile hosts
© 2009 BMC Educational Services
Discovery Results
© 2010 BMC Educational Services
View Discovery Results
Can look at the types of data recovered DDD (Directly Discovered Data)
View discovery access reports Reporting on discovery as a whole
© 2010 BMC Educational Services
View Discovery Runs
View statistics of an individual discovery run
Can drill down to view the host details page or details from DiscoveryAccess
Skipped or error results Some no access details No Response (dark space) Errors
© 2010 BMC Educational Services
Further Information
Online Documentation: http://www.tideway.com/confluence/display/81/
Using+BMC+Atrium+Discovery
Tideway Foundation
Version 7.2
Documentation
Title
© 2009 BMC Educational Services
Basic Scan Exercises
top related