DOCSLIB.ORG

Evaluation of Two Vulnerability Scanners Accuracy and Consis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Linköping University | Department of Computer and Information Science Master’s thesis, 30 ECTS | Datateknik 202017 | LIU-IDA/LITH-EX-A--2017/072--SE Evaluation of two vulnerability scanners accuracy and consis- tency in a cyber range Utvärdering av två sårbarhetsscanners med avseende på träff- säkerhet och konsekvens i en cyber range Erik Hyllienmark Supervisor : Chih-Yuan Lin Examiner : Kristian Sandahl Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrätt Detta dokument hålls tillgängligt på Internet - eller dess framtida ersättare - under 25 år från publicer- ingsdatum under förutsättning att inga extraordinära omständigheter uppstår. Tillgång till dokumentet innebär tillstånd för var och en att läsa, ladda ner, skriva ut enstaka ko- pior för enskilt bruk och att använda det oförändrat för ickekommersiell forskning och för undervis- ning. Överföring av upphovsrätten vid en senare tidpunkt kan inte upphäva detta tillstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För att garantera äktheten, säker- heten och tillgängligheten finns lösningar av teknisk och administrativ art. Upphovsmannens ideella rätt innefattar rätt att bli nämnd som upphovsman i den omfattning som god sed kräver vid användning av dokumentet på ovan beskrivna sätt samt skydd mot att dokumentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för upphovsman- nens litterära eller konstnärliga anseende eller egenart. För ytterligare information om Linköping University Electronic Press se förlagets hemsida http://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet - or its possible replacement - for a period of 25 years starting from the date of publication barring exceptional circumstances. The online availability of the document implies permanent permission for anyone to read, to down- load, or to print out single copies for his/hers own use and to use it unchanged for non-commercial research and educational purpose. Subsequent transfers of copyright cannot revoke this permission. All other uses of the document are conditional upon the consent of the copyright owner. The publisher has taken technical and administrative measures to assure authenticity, security and accessibility. According to intellectual property law the author has the right to be mentioned when his/her work is accessed as described above and to be protected against infringement. For additional information about the Linköping University Electronic Press and its procedures for publication and for assurance of document integrity, please refer to its www home page: http://www.ep.liu.se/. © Erik Hyllienmark Abstract One challenge when conducting exercises in a cyber range is to know what applications and vulnerabilities are present on deployed computers. In this paper, the reliability of application- and vulnerability reporting by two vulnerability scanners, OpenVas and Nexpose, have been eval- uated based on their accuracy and consistency. Followed by an experiment, the configurations on two virtual computers were varied in order to identify where each scanner gathers informa- tion. Accuracy was evaluated with the f1-score, which combines the precision and recall metric into a single number. Precision and recall values were calculated by comparing installed ap- plications and vulnerabilities on virtual computers with the scanning reports. Consistency was evaluated by quantifying how similar the reporting of applications and vulnerabilities between multiple vulnerability scans were into a number between 0 and 1. The vulnerabilities reported by both scanners were also combined with their union and intersection to increase the accu- racy. The evaluation reveal that neither Nexpose or OpenVas accurately and consistently report installed applications and vulnerabilities. Nexpose reported vulnerabilities better than OpenVas with an accuracy of 0.78. Nexpose also reported applications more accurately with an accuracy of 0.96. None of the scanners reported both applications and vulnerabilities consistently over three vulnerability scans. By taking the union of the reported vulnerabilities by both scanners, the accuracy increased by 8 percent compared with the accuracy of Nexpose alone. However, our conclusion is that the scanners’ reporting does not perform well enough to be used for a reliable inventory of applications and vulnerabilities in a cyber range. Acknowledgments I would like to thank my supervisor, Teodor Sommestad, at the Swedish Research Defence Agency. Teodor has continuously given me clear feedback and brought new ideas into this thesis work. I am grateful to my examiner Kristian Sanddahl and supervisor Chih-Yuan Lin for supporting me throughout this process. iv Contents Abstract iii Acknowledgments iv Contents v List of Figures vii List of Tables viii 1 Introduction 1 1.1 Cyber range event . 1 1.2 Motivation . 2 1.3 Research questions . 3 1.4 Delimitations . 3 2 Background 4 2.1 Vulnerability scanning . 4 2.2 Reporting standards . 4 2.3 Cyber Range And Training Environment . 5 2.4 Tools requirements . 5 3 Related work 6 3.1 Vulnerability scanners . 6 3.2 Environment validation . 7 3.3 Ourwork ............................................. 7 4 Tools 8 4.1 OpenVas.............................................. 8 4.2 Nexpose Community . 9 4.3 Other scanners . 9 5 Method 10 5.1 Experimental setup . 10 5.2 Definitions and techniques . 12 5.3 Classification methodology . 13 5.4 Metrics .............................................. 16 6 Results 17 6.1 Accuracy ............................................. 17 6.2 Consistency . 17 6.3 Interfering with scanners information gathering . 18 7 Discussion 21 v 7.1 Results . 21 7.2 Method . 23 8 Conclusion 26 9 Appendix 27 9.1 Network . 27 9.2 Evaluation . 28 9.3 Inconsistencies evaluation . 33 9.4 Experiment............................................ 34 Bibliography 38 vi List of Figures 1.1 Cyber range event . 2 1.2 Cyber range event phases . 2 4.1 OpenVas architecture . 8 4.2 Nexpose architecture . 9 5.1 Organization . 10 5.2 Applications, Dynamic Link Memory, Kernel mode and User mode . 11 5.3 Collect ground truth, applications . 14 5.4 Collect ground truth, vulnerabilities . 14 5.5 Confirmgroundtruth........................................ 15 5.6 Verify scan result samples . 15 6.1 Vulnerabilities comparison . 18 6.2 OpenVas "Control Panel uninstall" . 19 6.3 Nexpose "Control Panel uninstall" . 19 6.4 OpenVas "uninstall registry" . 19 6.5 Nexpose "uninstall registry" . 19 6.6 OpenVas "program files moved" . 19 6.7 Nexpose "program files moved" . 19 6.8 OpenVas "/usr/bin" . 19 6.9 Nexpose "/usr/bin" . 19 6.10 OpenVas "App Paths" . 19 6.11 OpenVas "/usr/sbin" . 19 6.12 Nexpose "services disabled" . 20 6.13 Combination 1, OpenVas . 20 6.14 Combination 1, Nexpose . 20 6.15 Combination 2, OpenVas . 20 vii List of Tables 2.1 Event incidents . 5 4.1 Discarded scanners . 9 5.1 Vulnerability verdict techniques . 12 6.1 Accuracy (abbreviations: false positives (FP), false negatives (FN) and true positives (TP)) 17 6.2 Number of reported applications and vulnerabilities . 18 6.3 Consistency evaluation . 18 9.1 CRATE organization . 27 9.2 Inconsistencies scans 1-2, OpenVas . 33 9.3 Inconsistencies scans 1-3, OpenVas . 33 9.4 Inconsistencies scans 1-2, Nexpose . 34 9.5 Inconsistencies scans 1-3, Nexpose . 34 viii 1 Introduction A cyber range consists of hardware, software, support tools and other capabilities which creates a good environment to arrange events in cyber space [8]. Real world scenarios can be created by forming networks with different configurations. Virtualization is often used to increase the scala- bility of events in cyber ranges [3], which makes it possible to deploy multiple virtual computers on a single server. Cyber ranges are valuable assets to practice, conduct research and do testing to improve defense against cyber-attacks [8]. Cyber ranges are often used in the military, but also in academia and the private sector [10]. It is desirable for system administrators to do reliable inventory of cyber ranges during events. A reliably inventory of a cyber range includes identifying what operating systems are deployed on the computers, how the computers are configured and if the computers contain vulnerabilities. The in- ventory is helpful before an exercise to validate if the cyber range has been correctly set up. During an exercise it is desirable to know if configurations on computers have changed. Computer inven- tory management is a difficult task and the need for automation increase as the ranges becomes bigger [3]. Vulnerability scanners can be used to automatically gather configurations and vulnera- bilities on virtual computers. However, vulnerability scanners often produce erroneous results [2]. The vulnerability scanning tools OpenVas and Nexpose has been evaluated and studied in this paper. The evaluation is based on the metrics accuracy and consistency. The evaluation is followed by an experiment, which was made to better understand how each scanner gather information. 1.1 Cyber range event Two teams usually play against each other in a cyber range event. The "blue" team is a group of defenders and is supposed to detect and protect against cyber-attacks. The "red" team consists of attackers and they perform real world attacks with the objective to gain access to other computers and perform malicious activities. During an event, a "Range Support" team typically operates the support tools. The "white" team is responsible
Recommended publications
  • Unified, Easy-To-Manage Endpoint Security

    Unified, Easy-To-Manage Endpoint Security

    Unified, Easy-to-Manage Endpoint Security Microsoft® Forefront™ Protect Business Continuity with Improved Management Client Security protects of Endpoint Security laptops, desktops, and file The release of the next generation of on Windows firewall activities. The agent servers with integrated Forefront client security protects business incorporates proven technologies already protection against laptops, desktops, and file servers against in use on millions of computers worldwide malware. It simplifies viruses, spyware, rootkits, and other and is backed by efficient and effective control of endpoint malware. The solution includes: threat response from the Microsoft security and provides n A single agent that provides antivirus Malware Protection Center. better visibility into the and antispyware protection, vulnerability Forefront Client Security is designed to overall protection of the assessment and remediation, and host simplify administration and save valuable environment. Defenses firewall management. time through its single management are easily managed from n A central management server that console and policy configuration, the Microsoft Forefront enables administrators to configure, central update infrastructure, and Management Console update, and report on agent activity automated endpoint discovery. It also code-named “Stirling.” across the enterprise. integrates with existing investments in Microsoft technologies. The two components work together to www.microsoft.com/ provide unmatched visibility and control To reduce risk,
  • Servicenow Vulnerability Response

    Servicenow Vulnerability Response

    ServiceNow Vulnerability Response Connect security and IT The vulnerability challenge Coordinate response across teams for smoother task Critical vulnerabilities often hide under the radar of security challenges today. When exploited, lack of effective vulnerability response carries major impact to handoffs between groups and business reputation and data security. A study conducted by ServiceNow and quicker resolution. Get the Ponemon Institute found that over a third of organizations who suffered a accountability across the breach already knew they were vulnerable. In many cases, there was an existing organization and know work is patch for the vulnerability which was not applied due to reliance on manual getting done with remediation processes, siloed information, and lack of visibility.1 targets. Additionally, breaches are becoming more severe. Methods to exploit Drive faster, more efficient vulnerabilities are growing more sophisticated, with cybercriminals increasingly leveraging machine learning and artificial intelligence to thwart traditional security response vulnerability response mechanisms. Having a solution which interlocks all components —security, risk, and IT— is crucial to organizations staying ahead of Reduce the amount of time these tactics and taking a holistic approach to vulnerability response. spent on basic tasks with orchestration tools. Automatically prioritize and The ServiceNow solution respond to vulnerabilities with workflows and automation. ServiceNow® Vulnerability Response helps organizations respond faster and more efficiently to vulnerabilities, connect security and IT teams, and provide real-time Know your security posture visibility. It connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading vendors to give your teams a View your current vulnerability single platform for response that can be shared between security and IT.
  • Designing Vulnerability Testing Tools for Web Services: Approach, Components, and Tools

    Designing Vulnerability Testing Tools for Web Services: Approach, Components, and Tools

    Int. J. Inf. Secur. DOI 10.1007/s10207-016-0334-0 REGULAR CONTRIBUTION Designing vulnerability testing tools for web services: approach, components, and tools Nuno Antunes1 · Marco Vieira1 © Springer-Verlag Berlin Heidelberg 2016 Abstract This paper proposes a generic approach for infrastructure, which typically includes an application server, designing vulnerability testing tools for web services, which the operating system, and a set of external systems (e.g. other includes the definition of the testing procedure and the tool services, databases, and payment gateways). Web services components. Based on the proposed approach, we present are one of the cornerstones of service-oriented architecture the design of three innovative testing tools that implement (SOA), making them the lingua franca for systems integra- three complementary techniques (improved penetration test- tion. ing, attack signatures and interface monitoring, and runtime The security of web applications is, in general, quite anomaly detection) for detecting injection vulnerabilities, poor [2,3]. Web services are no exception, and research thus offering an extensive support for different scenarios. A and practice show that web services are often deployed case study has been designed to demonstrate the tools for the with software bugs (i.e. vulnerabilities) that can be mali- particular case of SQL Injection vulnerabilities. The experi- ciously exploited [4]. Injection vulnerabilities, consisting of mental evaluation demonstrates that the tools can effectively improper code that allows the attacker to inject and execute be used in different scenarios and that they outperform commands, enabling, for instance, access to critical data, are well-known commercial tools by achieving higher detection particularly frequent [2].
  • Creating Awareness for the Use of Opensource Systems in the Public Sector in Afghanistan

    Creating Awareness for the Use of Opensource Systems in the Public Sector in Afghanistan

    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Hussini, Sayed Jahed (Ed.); Finke, Wolfgang F. (Ed.) Research Report Creating Awareness for the Use of OpenSource Systems in the Public Sector in Afghanistan. Workshop Proceedings, Sept. 15-17, 2012, Kabul/ Afghanistan Wirtschaftswissenschaftliche Schriften, No. 02/2013 Provided in Cooperation with: Ernst-Abbe-Hochschule Jena – University of Applied Sciences, Department of Business Administration Suggested Citation: Hussini, Sayed Jahed (Ed.); Finke, Wolfgang F. (Ed.) (2013) : Creating Awareness for the Use of OpenSource Systems in the Public Sector in Afghanistan. Workshop Proceedings, Sept. 15-17, 2012, Kabul/Afghanistan, Wirtschaftswissenschaftliche Schriften, No. 02/2013, ISBN 3-939046-32-9, Ernst-Abbe-Fachhochschule, Fachbereich Betriebswirtschaft, Jena, http://nbn-resolving.de/urn:nbn:de:gbv:27-20130408-110626-4 This Version is available at: http://hdl.handle.net/10419/71197 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte.
  • Impact 360 Content Producer Installation and Upgrade Guide 5

    Impact 360 Content Producer Installation and Upgrade Guide 5

    Content Producer Installation and Upgrade Guide Version 11.1 Document Revision 1.00 Confidential and Proprietary Information of Verint Systems Inc. 11/540,185; US 11/540,320; US 11/540,900; US 11/540,902; © 1992–2012 Verint Systems Inc. All Rights Reserved Worldwide. US 11/567,808; US 11/567,852; US 11/583,381; US Confidential and Proprietary Information of Verint Systems Inc. 11/608,340; US 11/608,350; US 11/608,358; US 11/616,490; US 11/621,134; US 11/691,530; US 11/692,983; US All materials (regardless of form and including, without 11/693,828; US 11/693,923; US 11/693,933; US 11/712,933; US 11/723,010; US 11/742,733; US 11/752,458; US limitation, software applications, documentation, and any other 11/776,659; US 11/824,980; US 11/831,250; US 11/831,257; information relating to Verint Systems, its products or services) are the exclusive property of Verint Systems Inc. Only expressly US 11/831,260; US 11/831,634; US 11/844,759; US 11/872,575; US 11/924,201; US 11/937,553; US 11/959,650; authorized individuals under obligations of confidentiality are US 11/968,428; US 12/015,375; US 12/015,621; US permitted to review materials in this document. By reviewing these materials, you agree to not disclose these materials to any 12/053,788; US 12/055,102; US 12/057,442; US 12/057,476; US 12/107,976; US 12/118,789; US 12/118,792; US third party unless expressly authorized by Verint Systems, and 12/164,480; US 12/245,781; US 12/326,205; US 12/351,370; to protect the materials as confidential and trade secret information.
  • Vulnerability Scanners and Penetration Testing

    Vulnerability Scanners and Penetration Testing

    Vulnerability Scanners and Penetration Testing Introduction OBJECTIVE: CompTIA Security+ Domain: Domain 3: Threats and Vulnerabilities CompTIA Security+ Objective Mapping: Objective 3.8: Explain the proper use of penetration testing versus vulnerability scanning. OVERVIEW: In this lab, you will scan a host to discover security holes. Discovering vulnerabilities is critical so they can be patched before attackers compromise your system. Key Term Description OpenVAS an open source vulnerability scanner gaining a higher level of access (possible administrative access) from account with less Privilege escalation permissions and rights Zenmap a GUI front end for nmap, will allow you to scan for open ports and services Metasploit a framework that contains exploits for various information systems nmap a port scanner which will indicate whether ports are open or closed on a remote system Nmap and OpenVAS 1. Click on the External Kali 2 Linux icon on the topology. Type root for the username, and click the Next button. TOPOLOGY MACHINES If the Kali Linux is displaying the time, and not the logon box, press the Enter Key. EXTERNAL KALI 2 USERNAME 2. For the password, type toor (root spelled backwards), and click the Sign In button. EXTERNAL KALI 2 PASSWORD 3. Click the terminal icon (second from the top) to launch the Linux terminal. OPENING THE KALI 2 TERMINAL 4. Type the following command to scan the firewall for open ports, then press Enter. root@kali2:~# nmap 203.0.113.100 NMAP 5. Type the following command, then press Enter to open Zenmap. After Zenmap opens, type 203.0.113.100 in the Target box and then click the Scan button to launch an intense scan.
  • Tenable and Ahnlab Leveraging Network Intelligence to Stop Malware Cold

    Tenable and Ahnlab Leveraging Network Intelligence to Stop Malware Cold

    Tenable and AhnLab Leveraging Network Intelligence to Stop Malware Cold Key Challenges The breaching of organizations large and small occurs all too frequently, damaging the confidentiality, availability and integrity of the critical data assets that organizations rely on. Also at risk is hard-earned reputation. Most organizations focus on the perimeter of their networks, and neglect the intranet – ignoring threats that circumvent the based defenses and inject themselves directly into the core of the infrastructure. Additionally, most organizations are unprepared to deal with advanced malware threats that go undetected by traditional anti-malware technologies. Finally, the complex nature of today’s software results in vulnerabilities that appear at an alarming rate, increasing the threat surface that attackers can leverage. A solution is required that: • Addresses the network universally rather than just at the edge • Can deal with advanced malware threats using non-traditional analysis methods • Can detect and help to manage vulnerabilities that exist within the entire infrastructure on Solution Components all device types Tenable Network Security has teamed up with AhnLab to deliver just such a solution. • Tenable SecurityCenter Continuous View • Tenable Nessus Vulnerability Scanner Solution Overview The solution combines Tenable’s SecurityCenter Continuous View (SCCV) solution with AhnLab • Tenable Passive Vulnerability Scanner Malware Defense System (MDS) to provide a system that actively blocks malware bearing • Tenable Log Correlation Engine content, malicious traffic, and outbound C&C traffic. This is done within the AhnLab MDS at the network edge, using a hybrid behavior and signature based approach. • AhnLab Malware Defense System Within the intranet, Tenable’s Passive Vulnerability Scanner (PVS) monitors network segments to Key Benefits detect vulnerabilities, C&C traffic, policy violations, and signs of malicious activities.
  • User Manual TREK-722/723

    User Manual TREK-722/723

    User Manual TREK-722/723 RISC All-In-One Mobile Data Terminal Copyright The documentation and the software included with this product are copyrighted 2012 by Advantech Co., Ltd. All rights are reserved. Advantech Co., Ltd. reserves the right to make improvements in the products described in this manual at any time without notice. No part of this manual may be reproduced, copied, translated or transmitted in any form or by any means without the prior written permission of Advantech Co., Ltd. Information provided in this manual is intended to be accurate and reliable. How- ever, Advantech Co., Ltd. assumes no responsibility for its use, nor for any infringe- ments of the rights of third parties, which may result from its use. Acknowledgements TI and AM37x are trademarks of Texas Instruments.. Microsoft Windows is registered trademarks of Microsoft Corp. All other product names or trademarks are properties of their respective owners. Product Warranty (2 years) Advantech warrants to you, the original purchaser, that each of its products will be free from defects in materials and workmanship for two years from the date of pur- chase. This warranty does not apply to any products which have been repaired or altered by persons other than repair personnel authorized by Advantech, or which have been subject to misuse, abuse, accident or improper installation. Advantech assumes no liability under the terms of this warranty as a consequence of such events. Because of Advantech’s high quality-control standards and rigorous testing, most of our customers never need to use our repair service. If an Advantech product is defec- tive, it will be repaired or replaced at no charge during the warranty period.
  • IBM Qradar Vulnerability Manager Version 7.3.2

    IBM Qradar Vulnerability Manager Version 7.3.2

    IBM QRadar Vulnerability Manager Version 7.3.2 User Guide IBM Note Before you use this information and the product that it supports, read the information in “Notices” on page 127. Product information This document applies to IBM® QRadar® Security Intelligence Platform V7.3.2 and subsequent releases unless superseded by an updated version of this document. © Copyright International Business Machines Corporation 2012, 2019. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Introduction........................................................................................................ vii Chapter 1. What's new for users in QRadar Vulnerability Manager V7.3.2................1 Chapter 2. Installations and deployments.............................................................. 3 Vulnerability processor and scanner appliance activation keys.................................................................4 Vulnerability backup and recovery.............................................................................................................. 4 Ports used for communication between QRadar and QRadar Vulnerability Manager managed hosts.....5 Options for moving the vulnerability processor in your QRadar Vulnerability Manager deployment....... 5 Deploying a dedicated QRadar Vulnerability Manager processor appliance........................................6 Moving your vulnerability processor to a managed host or console.....................................................7
  • Internet Explorer 9 Features

    Internet Explorer 9 Features

    m National Institute of Information Technologies NIIT White Paper On “What is New in Internet Explorer 9” Submitted by: Md. Yusuf Hasan Student ID: S093022200027 Year: 1st Quarter: 2nd Program: M.M.S Date - 08 June 2010 Dhaka - Bangladesh Internet Explorer History Abstract: In the early 90s—the dawn of history as far as the World Wide Web is concerned—relatively few users were communicating across this Internet Explorer 9 (abbreviated as IE9) is the upcoming global network. They used an assortment of shareware and other version of the Internet Explorer web browser from software for Microsoft Windows operating system. In 1995, Microsoft Microsoft. It is currently in development, but developer hosted an Internet Strategy Day and announced its commitment to adding Internet capabilities to all its products. In fulfillment of that previews have been released. announcement, Microsoft Internet Explorer arrived as both a graphical Web browser and the name for a set of technologies. IE9 will have complete or nearly complete support for all 1995: Internet Explorer 1.0: In July 1995, Microsoft released the CSS 3 selectors, border-radius CSS 3 property, faster Windows 95 operating system, which included built-in support for JavaScript and embedded ICC v2 or v4 color profiles dial-up networking and TCP/IP (Transmission Control support via Windows Color System. IE9 will feature Protocol/Internet Protocol), key technologies for connecting to the hardware accelerated graphics rendering using Direct2D, Internet. In response to the growing public interest in the Internet, Microsoft created an add-on to the operating system called Internet hardware accelerated text rendering using Direct Write, Explorer 1.0.
  • HTTP Client API for Jscript

    HTTP Client API for Jscript

    HTTP Client API for JScript Version 9.7 April 2015 This document applies to HTTP Client API for JScript Version 9.7. Specifications contained herein are subject to change and these changes will be reported in subsequent release notes or new editions. Copyright © 1999-2015 Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors. The name Software AG and all Software AG product names are either trademarks or registered trademarks of Software AG and/or Software AG USA, Inc. and/or its subsidiaries and/or its affiliates and/or their licensors. Other company and product names mentioned herein may be trademarks of their respective owners. Detailed information on trademarks and patents owned by Software AG and/or its subsidiaries is located at http://softwareag.com/licenses. Use of this software is subject to adherence to Software AG's licensing conditions and terms. These terms are part of the product documentation, located at http://softwareag.com/licenses/ and/or in the root installation directory of the licensed product(s). This software may include portions of third-party products. For third-party copyright notices, license terms, additional rights or re- strictions, please refer to "License Texts, Copyright Notices and Disclaimers of Third-Party Products". For certain specific third-party license restrictions, please refer to section E of the Legal Notices available under "License Terms and Conditions for Use of Software AG Products / Copyright and Trademark Notices of Software AG Products". These documents are part of the product documentation, located at http://softwareag.com/licenses and/or in the root installation directory of the licensed product(s).
  • Security Policy Page 1 of 20

    Security Policy Page 1 of 20

    Security Policy Page 1 of 20 Security Policy This security policy contains data to configure services and network security based on the server’s role, as well as data to configure registry and auditing settings. Server: VENGWIN207 Services Service Name Startup Mode Description Issues, manages, and removes X.509 certificates for such applications such as Active Directory Certificate S/MIME and SSL. If the service is stopped, Disabled Services certificates will not be issued. If this service is disabled, any services that explicitly depend on it will fail to start. AD DS Domain Controller service. If this service is stopped, users will be unable to log Active Directory Domain Services Disabled on to the network. If this service is disabled, any services that explicitly depend on it will fail to start. AD FS Web Agent Authentication The AD FS Web Agent Authentication Service Disabled Service validates incoming tokens and cookies. Adobe Acrobat Updater keeps your Adobe Adobe Acrobat Update Service Automatic software up to date. Sends logging messages to the logging database when logging is enabled for the Active Directory Rights Management Services role. If this service is disabled or stopped AdRmsLoggingService Disabled when logging is enabled, logging messages will be stored in local message queues and sent to the logging database when the service is started. Processes application compatibility cache Application Experience Disabled requests for applications as they are launched Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this Application Host Helper Service Disabled service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.