重点:
1. 策略编辑器中策略的公共设置:
Common Settings
The Common Settings folder contains global settings that can be enabled for a policy. Some of these settings may apply to a group of vulnerability checks, decreasing the amount of time needed to enable all the checks that use the setting.
公共设置文件夹包括为策略设置能够被激活的全局设置。这些也许适用一组弱点检查,使用这个设置来减少大量的所有允许的这些设置所花费的时间。
配置公共设置:
1. Brute force lists 强制力列表
Miscellaneous Default多项默认VAX/VMS Defaults虚拟地址扩充/虎拟存储系统
VAX/VMS DefaultsUNIXLinux NISlinux 网络信息服务
Use Default Login File使用默认的登录文件(default.login)
2.Brute Force Options强制力选项
This common setting attempts password checks on names derived from Finger or NetBIOS checks.
从Finger 或 NetBIOS的命名来源来个企图进行口令检查。三种方式:A、反向命名做为口令
B、真名做为口令C、帐号做为口令
3.E-Mail OptionsE-Mail选项发现弱点后邮件接收人
4.Host Pinger
两项设置:A。每次扫描PING的次数B。每PING一次的间隔时间(毫秒)
5.HTTP PortsA、HTTP端口默认(80和8080)B、HTTP安全端口(443)
6.Internal NetworkA、IP Addresses format: xx-yy,zz,bb-cc B、Include Key IP Range(s) C、Domains D、Use Whois E、Whois Serverwhois是一个关于谁在哪里的数据库
7.IP SpoofingIP欺骗 A、Spoof Lists (Don’t use source)B、Spoof Source(IP地址)
C、Spoof User(默认为ROOT)使用用户名进行欺骗测试
8.NFS Depth子目录的深度
9.NT Logon Sessions
10.Phase Limit进行秘密扫描的段的数量,我理解段数值越大越好
11.RWhod Message为后台邮件程序发送信息,如果有弱点,PS (the process status command)显示信息
12.Smtp Session
This common setting manages all active connections to SMTP servers running on any target hosts.
这个公共设置管理所有在任何一台目标主机上运行的SMTP服务的活动的连接
A、 Connection timeout (in seconds)超时时间(秒)B、Reuse connections重新边接
B、 Reuse the same SMTP connections when performing multiple security checks当执行多安全检查时再次执行相同的SMTP连接
13.SNMP Community FileSNMP组文件
Filename: The name of a file that contains additional names to use when accessing the community name. Default: community.snmp文件名:文件名包括当访问组名时所使用的附加名字
14.SOCKS Host
SOCKS Target Host: The target host to the IP address of a host on the other side of the SOCKS server. The host you specify should be running at least one FTP, telnet, SMTP, HTTP, POP3, or finger service.
Note: For this setting to function properly, you must enter an IP address in the box provided. If you do not have an actual SOCKS host, use the IP address 127.0.0.1 rather than leaving the box blank.
攻击目标地址:在其它SOCK服务器的主机IP地址是目标主机,你所指定的主机就至少运行FTP, telnet, SMTP, HTTP, POP3, or finger 一种服务。
15.TCP Scan
A、Source Port: Set the port to use as the source during a port scan. Note: If you set the source port to 0, your operating system will specify the source port.
源端口:设置一个所使用端口直到一个端口被扫描。注意:如果你的端口被设置为0,你的操作系统将被指定为源端口。
B、Enable Hard Close: Close all active connections to a port after you have received information about the service running on that port. To check the state and the status of an active connection to a port, open a command prompt and type netstat -a.
允许硬关闭:在你接收到服务已在端口运行的信处后关闭所有活动的链接端口。要检查状态或活动连接端口状态,在命令提示符下输入:netstat –a
以CHard Close Port Range: The port or port range Internet Scanner uses to close any active connections to ports that you have received service information about.
硬关闭端口限制:用于活动连接端口到端口的限制范围。
16.Telnet Banners
Grab Banners: Determines if a telnet server generates banner data in response to a request. Internet Scanner uses this method to determine operating system type.
白抢夺标题:如果TELNET服务为一个需求响应决定抢夺标题。ISS使用这个方法来决定操作系统类型。
17.UDP Port Scanner
This common setting controls how the UDP port scanner probes each target host.
设置每一个目标主机有多少个UDP端口扫描
Internet Scanner sends a collection of UDP packets to each UDP port to check if it is active, and then listens for a response. The type of response (or the lack of a particular type of response) indicates if the port is active.
ISS发送一个收集每一个UDP端口检查它是否是活动状态的包,并且侦听响应。如果端口是活动的,由响应类型指定(或缺少响应类型)
When Internet Scanner performs a UDP port scan, it can generate large amounts of network traffic, which can flood networks with low bandwidth or throughput. To minimize this risk, Internet Scanner lets you tune your scans to meet your individual network needs.
当ISS执行UDP端口扫描时,它能够产生大量的数据,它将占用网络带宽的吞吐量。这个风险最小,ISS让你调整你适合的个人网络需求。
As the UDP port scanner uses the UDP and ICMP protocols, which are classified as unreliable protocols, results can vary between scans. To improve the accuracy of the scan, Internet Scanner lets you tune the scan to provide a higher degree of accuracyUDP端口扫描使用UDP和ICMP协议,扫描后结果被改变的被归类为不可靠的协议。
A.Number of probes per scan默认10
B.Interval between probes (in seconds)间隔时间(秒)默认:5秒
18.Walk MIB管理信息库通道
FlexChecks
A FlexCheck is a user-defined check that has been created to scan specific network environments for vulnerabilities or other conditions.
FlexCheck是用户定义的检查用来指定建立扫描网络环璄为弱点或其它网络条件。