Optional setup configuration settings can be accessed by clicking any item under the Setup menu. These include the following:
■■ General Options ■■ Module Options ■■ Account Policy ■■ Audit Policy ■■ Legal Policy ■■ Browser Zones
Figure 6.10 Specifying where to retrieve and where to place update files.
CyberCop Scanner permits these option settings for the following purposes:
General Options. Displays the General Options screen (see Figure 6.11), which
lets you configure default paths for scanner files.
■■ Vulnerability DB lets you select a vulnerability database. This database houses information about the module groups and modules used by Cyber- Cop Scanner. It is recommended that you do not change the default vulner- ability database; doing so can seriously affect the operation of CyberCop Scanner.
■■ Username File allows you to choose the default user account .txt file that is used by the Crack or the Server Message Block (SMB) program.
■■ Password File allows you to choose the default password .txt file that is used by the Crack or the SMB program.
■■ Fake DNS Server lets you enter the domain of a fake DNS server. For more information on setting up a fake DNS server, click the DNS button in the General Options screen.
■■ DNS Modules Network lets you enter the IP address of a Fake DNS server. For more information on setting up a fake DNS server, click the DNS button in the General Options screen.
■■ Parallel Scan Engines sets the number of parallel scan engines that are run simultaneously. The number of scan engines that are run correlates to the number of target destinations that are scanned. For example, if you set the number of parallel scan engines to six, six target destinations will be scanned simultaneously. Set the desired number of parallel scan engines by moving the Parallel Scan Engine slider bar. The range of values is from 1 to 10.
Module Options. Displays the Module Options screen (see Figure 6.12), which lets you select module variables. You also select the number of modules that are run simultaneously and the length of time that the modules are run.
■■ Option lets you select a variable for a module and set its value.
■■ Value allows you to change the default value of the selected option.
■■ Simultaneous Modules lets you select the number of modules that are run simultaneously during a scan. The default is 10 modules.
■■ Module Timeout sets the maximum length of time modules run before timing out. The default is 90 seconds.
Account Policy. Displays the Account Policy screen (see Figure 6.13), which lets
you check whether users on a network are violating your account policy. First, you set account policy parameters to match the account policy parameters in Windows NT; then, you perform a scan against systems on a network. The scan checks whether violations exist in the account policy. Also, it is a useful way of detecting which (if any) systems are in violation of the account policy parame- ters that you set for the network.
■■ Maximum Password Age lets you set the maximum password age. If maximum password age is enforced, CyberCop Scanner will return true for maximum password age violations.
■■ Minimum Password Age lets you set the minimum password age. If mini- mum password age is enforced, CyberCop Scanner will return true for minimum password age violations.
■■ Minimum Password Length lets you set the minimum password length. If minimum password length is enforced, CyberCop Scanner will return true for minimum password length violations.
Figure 6.12 Module Options screen controls.
Figure 6.13 Account Policy screen controls.
■■ Password Uniqueness lets you set the number of passwords that the system remembers. To select unenforced, enable the Unenforced option button. To set the number of passwords to be remembered, enable the Remember option button and then enter a number in the textbox.
■■ Lockout After lets you select account lockout parameters. If you enforce account lockout options, users will be locked out after the specified unsuc- cessful logons are attempted.
■■ Reset Count After sets the number of minutes before the lockout parameter is reset.
■■ Lockout Duration sets the time that a user is locked out of the system. If you block a user from logging on to the system until you unlock it, enable the Forever option button. If you want to set the time that the user is blocked from logging on to his or her system, enable the Duration textbox and then enter a time in minutes in the textbox.
■■ Forcibly Disconnect disconnects users from logged-on systems after logon hours expire.
Audit Policy. Displays the Audit Policy screen (see Figure 6.14), which lets you
check whether users on the network are violating your audit policy. First, you set audit policy parameters in the Audit Policy screen to match the audit policy parameters in Windows NT; then, you perform a scan against systems on a net- work. The scan checks whether systems are using the audit policy parameters that you specified. Also, it is a useful way of detecting which (if any) systems are in violation of the audit policy that you set for the network.
■■ Do Not Audit ignores any selections you made in the Audit Policy screen.
■■ Audit These Events sets the selections you made in the Audit Policy screen to be audited.
■■ Logon and Logoff sets logons and logoffs to be audited. Enable the Success checkbox to record successful logons and logoffs. Enable the Failure check- box to record unsuccessful logons and logoffs.
■■ File and Object Access sets file and object access to be audited. Enable the Success checkbox to record successful file and object access. Enable the Failure checkbox to record unsuccessful file and object access.
■■ Use of User Rights monitors use-of-user rights. Enable the Success checkbox to record normal (or allowed) use of systems. Enable the Failure checkbox to record abnormal (or not allowed) use of systems.
■■ User and Group Management monitors use-of-group rights. Enable the Success checkbox to record normal (or allowed) use of systems. Enable the Failure checkbox to record abnormal (or not allowed) use of systems.
■■ Security Policy Changes sets security policy changes to be audited. Enable the Success checkbox to record successful changes to your security policy. Enable the Failure checkbox to record unsuccessful attempts to change your security policy.
■■ Restart, Shutdown, and System monitors the restart and shutdown activity on systems. Enable the Success checkbox to record successful restart and shutdown activity. Enable the Failure checkbox to record unsuccessful restart and shutdown activity.
■■ Process Tracking monitors the processes that are run on systems. Enable the Success checkbox to record the number of times that processes are run suc- cessfully. Enable the Failure checkbox to monitor the number of times that processes are run unsuccessfully.
Figure 6.14 Audit Policy screen controls.
Legal Policy. Displays the Legal Policy screen (see Figure 6.15). The legal policy feature lets you check whether users on a network are violating your legal policy. First, you enter the legal message header and text in the Legal Policy screen to match the legal message header and text you entered in Windows NT; then, you perform a scan against systems on the network. The scan checks whether systems are using the legal message header and text that you specified. Also, it is a useful way of detecting which (if any) systems are in violation of your legal policy.
■■ Policy Legal Caption lets you enter the legal policy message header.
■■ Legal Text lets you enter legal policy message text.
Browser Zones. Displays the Browser Zones screen (see Figure 6.16), which lets
you check whether browser zone policies on a network are being violated. There are four browser zones that can be checked: Local Intranet, Trusted Sites, Inter- net, and Restricted Sites. First, you select browser settings in the Browser Zones screen, just as you entered them in Windows NT; then, you perform a scan against systems on a network. The scan checks to see whether systems are using the browser zone settings that you specified. Also, it is a useful way of detecting which (if any) systems are in violation of your browser zone policy.
■■ Local Intranet Zone lets you select local intranet policies.
■■ Trusted Sites Zone lets you select trusted sites policies.
■■ Internet Zone lets you select Internet policies.
■■ Restricted Sites Zone lets you select restricted sites policies.
■■ Default sets the browser zone policy parameters in the Browser Zones screen to their default values.
Figure 6.16 Browser Zones screen controls.
Target Configuration
Now that you have already created a target configuration file in the initial configuration steps, you’re technically ready to start a scan. Before you start scanning, however, take a look at the scanning modules and make any modifications to the default module groups. Incidentally, to create a new target configuration file, simply select New Config File from the File menu. From there, you’ll be prompted with the initial configuration questions discussed earlier. As an alternative, simply click the Scan Configuration tab on the main screen to manually fill in the target scanning configuration specifications.