fbpx
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

DIACAP Testing with Retina Network Scanner

Published by SPK Blog Post
on September 30, 2013

Recently I took over DIACAP testing on a few machines. The task of starting DIACAP testing may seem overwhelming when presented with the number of tests and findings you will need to complete. Thankfully, there have been some automated tools released to help aid the process and reduce the number of manual STIG findings that need to be done.

We have previously made a couple of posts about system hardening using Gold Disk and the lack of Gold Disk support in Windows 7. As we are still continuing our DIACAP work and running tests on Windows 7 machines as well as newer embedded operating systems, I wanted to talk a bit more about the previously mentioned E-Eye Digital Security’s Retina. While Retina is a tool with many features, I will be focusing on the Auditing and SCAP scanning functionality of the tool and some basic troubleshooting for embedded Operating Systems.

ipselect

One of the benefits of using Retina to scan your systems is the ease of use when needing to run tests against multiple machines. Retina has the ability to take a set of IP addresses and begin a scan on all of the devices at once, as long as the same credentials are useable across the devices. This makes scanning domain based systems a simple task of setting the IPs and providing a domain administrator’s credentials. This remote network scanning also helps with scanning embedded systems that do not always allow software to be installed on the machines themselves.

audits

Retina is able to perform IVAM testing on the systems for you based on a list of Information Assurance Vulnerability Alerts that are updated constantly. In our case, this meant that Retina could be used to complete scanning of the systems for missing updates and old .dll files that would normally be within an IVAM STIG of hundreds of findings. When needing to work on the DIACAP process for multiple machines this leads to huge time savings as you are not going through each machine by hand. On top of the IVAM, scanning that Retina does it also is able to do a general port scan to determine which system ports are currently open and vulnerable on the systems. While this testing alone is a huge help a bigger part is the SCAP testing it supports.

report

SCAP benchmarks are tools that help automate a portion of the STIGs to aid in testing and speed up the process. In the same way that Retina is able to perform IVAM, testing it is able to run the SCAP benchmarks on remote systems. One thing that was touched on previously was the problems running SCAP benchmarks against embedded systems. This is still true because of the check SCAP benchmarks run to verify that the Operating System matches the one specified in the test.

Thankfully, there is a work around for this that allows benchmark to run against the system. Within the Windows registry is a specific key checked to determine the operating system and proceed with the testing, by changing this to the appropriate value you are able to get the benchmarks to run. You will want to match the embedded OS to its equivalent OS. In the case of Windows Embedded Standard 7, you would be using Windows 7 based tests. The registry key in question is HKLM\SYSTEM\ Software\Microsoft\Windows NT\CurrentVersion Value Name: “Product Name.” By changing this key to state “Windows 7 Professional” you will be able to run the SCAP tests against the system. Sadly, there are false positives that occur with SCAP testing so the results need to be double-checked, but it at least gives a better idea of what you are going to find while going through testing.

One of the other issues with running scans against embedded systems is the lack of system services being installed. The key things needed to be able to run Retina properly are the ability to access the systems C$ admin share, being able to remotely load the systems registry, and proper login credentials. A general set of things to check to get this working would be to make sure that your devices are on the same network, the network adapter on the device has File and Network Sharing enabled as well as Client for Microsoft Networks installed, and that the Server and Remote Registry services are enabled. You will also need to verify that the Windows firewall is not blocking file and printer sharing and you may enable it specifically for a particular IP or subnet to limit access while the testing is in process. Keep in mind to document any changes that were required to get Retina working and to change them back afterwards.

While some of the setup required to run Retina may seem troublesome, especially on embedded systems where you will need to troubleshoot connectivity, the overall result of getting it working is incredibly helpful. With a working Retina Scanner you will be able to quickly rerun scans to verify that changes made to the systems are properly closing off vulnerabilities. After the initial time to find out how to get the scanner working for your systems, that setup may be replicated in the future to conduct quick benchmark testing on your machines to verify that software changes have not opened new vulnerabilities.

Next Steps:

Latest White Papers

6 Secrets To A Successful Atlassian Migration At Scale

6 Secrets To A Successful Atlassian Migration At Scale

With large scale migrations, large user bases, multiple Atlassian tools, plenty of apps, and lots of data, moving to Atlassian Cloud may feel like a steep mountain to climb. But, it doesn't have to be. In fact, we've already helped many customers make the move. Plus,...

Related Resources

The Top Benefits of AFI Backup 2022

The Top Benefits of AFI Backup 2022

SPK is a proud partner of Pax8. And Pax8 is a reseller of AFI Backup. Because of our relationship with Pax8, SPK clients can access AFI Backup at a discounted rate for our clients that utilize Office 365. And, because SPK is highly experienced with AFI Backup we are...

Enabling Remote Work With Microsoft 365

Enabling Remote Work With Microsoft 365

The pandemic definitely changed the way many businesses around the world work. Remote work has become not just the preference, but the norm for many businesses. Through remote work, businesses have realized they can reduce their footprint cost and reinvest those funds...

vCAD Use Cases Part 3: Mechanical And CFD Simulation

vCAD Use Cases Part 3: Mechanical And CFD Simulation

https://youtu.be/atRzb2fE-u0Overview Here is the VLOG transcript for Chris McHale, CEO of SPK, Director of Engineering Ed Chung and Shahab Taherian discussing virtual CAD (vCAD) use cases for mechanical simulation and CFD simulation. Your hosts Chris McHale –...