Qualys(R) Scanner Appliance User Guide
Contents
1. prxy no HTTP 1 Proxy response has no HTTP 1 string prxy noauthsup No proxy AUTH methods supported prxy HTTP lt code gt Invalid proxy HTTP code like 407 404 etc Qualys connection errors QG con timeout Qualys Cloud Platform initial connect timeout QG SSL handshk Qualys Cloud Platform SSL handshake failed QG SSL certval Qualys Cloud Platform SSL certificate validation failed Qualys Scanner Appliance Use Guide Chapter 3 Troubleshooting Communication Failure message Communication Failure message You ll see a COMMUNICATION FAILURE message if there is a network communications breakdown between the Scanner Appliance and the Qualys Cloud Platform Why does it happen The communication failure may be due to one of these reasons the network cable was unplugged from the Scanner Appliance the local network goes down or any of the network devices between the Scanner Appliance and the Qualys Cloud Platform goes down When does the message appear If there are no scans running on the Appliance The next time the Appliance sends a polling request to the Qualys Cloud Platform the polling request fails and then the COMMUNICATION FAILURE message appears If there are scans running on the Appliance The COMMUNICATION FAILURE message appears after the running scans time out Usually the S1 LED turns off after the scans time out If this message appears it is recommended that you use the Qual2. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Copyright C 2002 Bruce Allen lt smartmontools support lists sourceforge net gt This program is free software you can redistribute it and or modify it under the terms of the GNU General Public License as published by the Free Software Foundation either version 2 or at your option any later version You should have received a copy of the GNU General Public License for example COPYING if not write to the Free Software Foundation Inc 675 Mass Ave Cambridge MA 02139 USA This code was originally developed as a Senior Thesis by Michael Cornwell at the Concurrent Systems Laboratory now part of the Storage Systems Research Center Jack Baskin School of Engineering University of California Santa Cruz http ssrc soe ucsc edu Copyright C 1985 2003 by the Massachusetts Institute of Technology All rights reserved Export of this software from the United States of America may require a specific license from the United States Government It is the responsibility of any person or organization contemplating export to obtain such a license before exporting WI
3. 48 Changing the Network Configuration ss 49 Chapter 3 Troubleshooting Troubleshooting guidelines ss 52 How can I test network connectivity ss 53 Tell me about Network Errors ss 54 Communication Failure message 57 Appendix A Product Specifications Appendix B Credits Appendix C Safety Notices Contents 4 Qualys Scanner Appliance User Guide Preface This user guide introduces the Qualys Scanner Appliance The Scanner Appliance offers Qualys users the ability to extend their use of the service to assess the security of internal network systems devices and web applications Note Your use of the Qualys Scanner Appliance is subject to the terms and conditions of the Qualys Service User Agreement About Qualys Qualys Inc NASDAQ QLYS is a pioneer and leading provider of cloud security and compliance solutions with over 7 700 customers in more than 100 countries including a majority of each of the Forbes Global 100 and Fortune 100 The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing compliance and protection for IT systems and web applications Founded in 1999 Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture Accuvant BT Cognizant Techn
4. Appendix B Credits THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Macromedia and Flash are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and or other countries Adobe does not sponsor affiliate or endorse this product and or services Copyright C 2006 2010 Rapid7 LLC All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the docum
5. For an executable the required form of the work that uses the Library must include any data and utility programs needed for reproducing the executable from it However as a special exception the materials to be distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system Such a contradiction means you cannot use both them and the Library together in an executable that you distribute 7 You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities not covered by this License and distribute such a combined library provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted and provided that you do these two things a Accompany the combined library with a copy of the same work based on the Library uncombined with any other library facilities This must be distributed under the terms of the Sections above b Give prominent notice with the combined library of the fact that part of it is a work based on the Library and explaining where t
6. C to 35 C from 0 to 5 000 feet 20 to 90 RH Storage Conditions 10 C to 70 C 10 to 85 R H non condensing Operating Vibration 3 Grms 10 to 500 Hz 5 minutes per axis In Package Shock In accordance with ISTA 2A Regulatory ETL conforms to UL STD 60950 1 CSA STD C22 2 No 60950 1 CE EMC FCC Part 15 Class A conforms to EN 55022 24 EN 61000 CISPR 22 Environmental RoHS Other certifications Per specific requirements Appendix A Product Specifications 60 Qualys Scanner Appliance User Guide APPFNDIX Credits Copyright 2002 2014 by Qualys Inc All rights reserved Qualys Inc 1600 Bridge Parkway Redwood Shores CA 94065 Qualys the Qualys logo and QualysGuard are registered trademarks of Qualys Inc All other trademarks are the property of their respective owners Portions of the software embedded in the Scanner Appliance were developed by third parties and are governed by the terms and conditions detailed below Copyright 1999 2001 The OpenLDAP Foundation Redwood City California USA All Rights Reserved Permission to copy and distribute verbatim copies of this document is granted OpenLDAP is a registered trademark of the OpenLDAP Foundation The OpenLDAP Public License Version 2 7 7 September 2001 Redistribution and use of this software and associated documentation Software with or without modification are permitted provided that the following con
7. Just go to the LCD display on the front panel Press the down arrow until SYSTEM SHUTDOWN appears and then press ENTER When yousee REALLY SHUTDOWN SYSTEM press ENTER You ll notice the Scanner Appliance lights and LEDs are turned off Then you can safely disconnect the power supply Don t want to use the LCD interface No problem you can press the power button on the back panel instead Qualys Scanner Appliance User Guide Chapter 1 Get Started Quick Start We recommend one more thing Check your Scanner Appliance status in Qualys Go to Scans gt Appliances and select your Appliance You ll see details in the preview pane Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 1 20f2 ov El m gt D LAN IP LANIPv6 Polling Scanner Signatures Last Update E 20222875170839 10 100 14 114 180 seconds 6 7 20 1 22245 2 09 28 2012 at 11 04 51 GMT 0700 2 20260419934240 10 100 14 130 65 seconds 67131 222331 10 01 2012 at 14 26 57 GMT 0700 Preview Actions w scanner2 ID 20222875170839 Owner Patrick Slimmer Manager on 10 03 2012 at 11 25 04 GMT 0700 Verfied on 10 03 2012 at 11 30 01 GMT 0700 Connected Summary The appliance is online and its soft Hearbeat Checks Missed 0 Latest Scanner Version Latest Signature Version Available Capacity 6 7 20 1 2 2 245 2 82 1 tells you your Scanner Appliance is ready Now you can start internal scans
8. Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Configure Static IP Address 4 When the LAN DNS1 prompt appears enter the IP address for the primary DNS server and then press ENTER to continue 5 When the LAN DNS2 prompt appears enter the IP address for the secondary DNS server This entry is optional Press ENTER to continue 6 Next are three optional network settings used for informational purposes only These Appliance settings are not used to access the internal network for scanning or the Qualys Cloud Platform for software updates To skip these settings press ENTER three times When the LAN WINS1 prompt appears enter the IP address for the primary WINS server if any Press ENTER to continue When the LAN WINS2 prompt appears enter the IP address for the secondary WINS server if any Press ENTER to continue When the DOMAIN NAME prompt appears enter the domain name for the DNS server for example mydomain com Press ENTER to continue 7 When the REALLY SET LAN STATIC NETWORK prompt appears press ENTER to continue Or press the Up arrow to quit this procedure and return to the SETUP NETWORK menu option 8 Review the confirmation messages The Scanner Appliance attempts to make a connection to the Qualys Cloud Platform using the new configuration Upon success the SCANNER APPLIANCE NAME IP ADDRESS message appears and the static IP address is enabled Confirm the configuration When y
9. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission This software is provided as is without express or implied warranty Portions Copyright c 1990 Regents of the University of Michigan Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission This software is provided as is without express or implied warranty Copyright C 2000 Novell Inc All Rights Reserved THIS WORK IS SUBJECT TO U S AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES USE MODIFICATION AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION 2 0 1 OF THE OPENLDAP PUBLIC LICENSE A COPY OF WHICH IS AVAILABLE AT HTTP WWW OPENLDAP ORG LICENSE HTML OR IN THE FILE LICENSE IN THE TOP LEVEL DIRECTORY OF THE DISTRIBUTION ANY USE OR EXPLOITATION OF THIS WORK OTHER THAN AS AUTHORIZED IN VERSION 2 0 1 OF THE OPENLDAP PUBLIC LICENSE OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL COULD SUBJECT THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY Copyright C 1998 2002 Daniel Veillard All Rights Reserved Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the
10. ascending ascending 1 255 255 255 000 16 255 128 000 000 2 255 255 254 000 17 255 000 000 000 3 255 255 252 000 18 254 000 000 000 4 255 255 248 000 19 252 000 000 000 5 255 255 240 000 20 248 000 000 000 6 255 255 224 000 21 255 000 000 000 7 255 255 192 000 22 224 000 000 000 3 255 255 128 000 23 192 000 000 000 9 255 255 000 000 24 128 000 000 000 10 255 254 000 000 25 255 255 255 252 11 255 252 000 000 26 255 255 255 248 12 255 248 000 000 27 255 255 255 240 13 255 240 000 000 28 255 255 255 224 14 255 224 000 000 29 255 255 255 192 15 255 192 000 000 30 255 255 255 128 Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Configure Static IP Address Interface Enable Static IP on LAN One option may be enabled ENABLE VLAN ON LAN or ENABLE DHCP ON LAN After one option is enabled the other option disappears from the SETUP NETWORK menu SETUP ENABLE STATIC ENABLE DHCP NETWORK IP ON LAN ON LAN D ENABLE VLAN ON LAN ij CFG LAN STATIC Main Menu NETWORK PARAMS Options Oe Legend LAN IP ADDR E ENTER 127 000 000 001 D Down Arrow LAN NETMASK 255 255 255 000 Yo LAN GATEWAY 127 000 000 001 1 LAN DNS1 000 000 000 000 LAN DNS2 000 000 000 000 i LAN WINS1 000 000 000 000 LAN WINS2 000 000 000 000 1 DOMAIN NAME lt name gt REALLY SET LAN STATIC NETWORK Figure 2 6 User Interf
11. mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library To do this you must alter all the notices that refer to this License so that they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than version 2 of the ordinary GNU General Public License has appeared then you can specify that version instead if you wish Do not make any other change in these notices Once this change is made in a given copy it is irreversible for that copy so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy This option is useful when you wish to copy part of the code of the Library into a program that is not a library 4 You may copy and distribute the Library or a portion or derivative of it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange If distribution of object code is made by offering acce
12. 1 Open a browser and go to the platform URL where your account is located Please refer to your registration email containing your platform URL and login credentials A Manager or Unit Manager account is required On the Qualys LOGIN page enter your user name login and password and then click LOGIN You are prompted to review and accept the licensing agreement when you log into your account for the first time Your Qualys Home page appears upon successful login Select VM from the application picker Go to Scans gt Appliances Select New gt Scanner Appliance and enter the activation code for the activation code appears in the ACTIVATION CODE screen in your Appliance s user interface LCD and Remote Console Note The activation code is displayed only when the Appliance has not been activated yet Unit Manager only From the Add To menu select an asset group that you want to add the Scanner Appliance to This will make the Appliance available to users in your business unit Click Activate Then the Scanner Appliance attempts to log in to the Qualys Cloud Platform Note It may take a few minutes for the Scanner Appliance activation to occur If you prefer not to wait complete the activation manually by restarting the Scanner Appliance Just press the Down arrow until the SYSTEM REBOOT screen appears and then press ENTER When REALLY REBOOT SYSTEM appears press ENTER The SCANNER APPLIANCE NAME IP ADDRESS message appears aft
13. INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Qualys Scanner Appliance User Guide 65 Appendix B Credits 66 Portions Copyright c 1995 by International Business Machines Inc International Business Machines Inc hereinafter called IBM grants permission under its copyrights to use copy modify and distribute this Software with or without fee provided that the above copyright notice and all paragraphs of this notice appear in all copies and that the name of IBM not be used in connection with the marketing of any product incorporating the Software or modifications thereof without specific written prior permission To the extent it has a right to do so IBM grants an immunity from suit under its patents if any for the use sale or manufacture of products to the extent that such products are used for performing Domain Name System dynamic updates in TCP IP networks by means of the Software No immunity is granted for any product per se or for any other function of any product THE SOFTWARE IS PROVIDED AS IS AND IBM DISCLAIMS ALL WARRANTIES INCLUDING ALL IMPLIED WARRANTIES OF MERCHA
14. In the rare and unusual case where auto negotiation is disabled Ethernet port configuration on the Scanner Appliance is necessary to ensure that link syncing occurs between the Scanner Appliance and its link partners The Ethernet port links on the Appliance may be set to full duplex 1GbaseT 100baseT or 10baseT or half duplex 100baseT or 10baseT The LAN and WAN port links for split network configuration may be set The port link configuration on the Scanner Appliance must match the same configuration on the link partners For example if you have 100baseT full duplex forced on devices the same configuration must be enabled on the Appliance In the absence of auto negotiation link syncing between link partners may not occur and the link may not come up Consequently the Scanner Appliance data transmission may be slow and there may be high packet loss leading to unreliable scan results Tell me the steps 46 1 Select the SETUP NETWORK menu option 2 Press the Down arrow to advance through the menu options When the ETHERNET PORT SETTINGS menu option appears press ENTER 3 The LAN PORT LINK option is displayed along with the LAN port link setting in effect Press the Right arrow to advance through the available port link settings Tips Use the Left arrow to advance through the settings in reverse order To quit this procedure and return to SETUP NETWORK press the Up arrow two times Setting Description AUTO Aut
15. Next to the status you ll see the busy icon is greyed out until you launch a scan then it looks like this c You might also check out 2 ma tells you that your Scanner Appliance is a Physical Appliance means it s a Virtual Appliance 3 Latest software versions these are installed automatically as part of the activation 4 The available capacity will be 100 until you launch a scan You can come back and check on this at any time Qualys Scanner Appliance User Guide 17 Chapter 1 Get Started Quick Start 18 Qualys Scanner Appliance User Guide CHAPTER Scanner Appliance Tour This section gives you a tour of the Qualys Scanner Appliance its features basic operation and configuration options A Quick Look at the Appliance Navigating the Appliance UI System Reboot and Shutdown Configure VLANs and Static Routes Configure Static IP Address Configure IPv6 Address for Scanning Proxy Configuration Split Network Configuration Reset the Network Configuration Changing the Network Configuration Chapter 2 Scanner Appliance Tour A Quick Look at the Appliance A Quick Look at the Appliance 9 QUALYS Front Panel You ll see Welcome to Qualys in the LCD display when you connect the Appliance to the network for the first time After you ve successfully completed the Quick Start steps for your Scanner Appliance you ll see the Scanner Appliance name and IP address Use the keypad to enter informati
16. OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright c 1998 Todd C Miller lt Todd Miller courtesan com gt All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF L
17. PROXY USER PROXY PASSW Li REALLY ENABLE PROXY Figure 2 7 User Interface for Enable Proxy Want to update proxy setting Once a Proxy configuration is enabled the Proxy settings are stored on the Scanner Appliance You can change or disable these settings at any time To change Proxy parameters follow these steps 1 Gotothe SETUP NETWORK menu option 2 Press the Down arrow until the CHANGE PROXY PARAMS menu option appears Then press ENTER to continue Qualys Scanner Appliance Use Guide 39 Chapter 2 Scanner Appliance Tour Proxy Configuration 40 3 4 Follow the prompts and messages in the Scanner Appliance interface to change the existing Proxy parameters Existing parameters are displayed in each screen Change and confirm each parameter If a parameter has not changed press ENTER to view the next parameter When the REALLY ENABLE PROXY prompt appears press ENTER to continue Or press the Up arrow two times to quit this procedure and return to the SETUP NETWORK menu option Review the confirmation messages The ENABLING PROXY SUPPORT message appears followed by others To disable Proxy parameters follow these steps 1 2 Go to the SETUP NETWORK menu option Press the Down arrow until the DISABLE PROXY menu option appears Then press ENTER to continue When the REALLY DISABLE PROXY prompt appears press ENTER to continue Or press the Up arrow two times to quit this procedure
18. To achieve this non free programs must be allowed to use the library A more frequent case is that a free library does the same job as widely used non free libraries In this case there is little to gain by limiting the free library to free software only so we use the Lesser General Public License In other cases permission to use a particular library in non free programs enables a greater number of people to use a large body of free software For example permission to use the GNU C Library in non free programs enables many more people to use the whole GNU operating system as well as its variant the GNU Linux operating system Although the Lesser General Public License is Less protective of the users freedom it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library The precise terms and conditions for copying distribution and modification follow Pay close attention to the difference between a work based on the library and a work that uses the library The former contains code derived from the library whereas the latter must be combined with the library in order to run GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized pa
19. and return to the SETUP NETWORK menu option Review the confirmation messages Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Proxy Configuration Interface Change Proxy Parameters Scanner Appliance Main Menu Legend E ENTER D Down Arrow CHANGE PROXY PARAMS IP ADDRESS 194 055 109 022 PROXY PORT Main Menu 0443 Options PROXY USER qualys ez PROXY PASSW argt789 REALLY ENABLE PROXY Figure 2 8 User Interface for Change Proxy Parameters Confirm the configuration When you see SCANNER APPLIANCE NAME IP ADDRESS this means you are ready to start scanning This message appears if the Scanner Appliance made a successful connection to the Qualys Cloud Platform using the new configuration The USER LOGIN prompt appears if the Scanner Appliance made a successful connection to the Qualys Cloud Platform however the Appliance has not been activated See Step 3 in the Quick Start and follow the instructions to activate the Scanner Appliance A network error screen appears if the Scanner Appliance failed to make a connection to the Qualys Cloud Platform A network error may occur because the Proxy parameters you entered are incorrect or they do not match the Proxy configuration on your network See Troubleshooting for help with resolving this issue Qualys Scanner Appliance Use Guide 41 Chapter 2 Scanner Appliance Tour Split Network Configuration Spl
20. need to complete the Quick Start or resolve the network error indicated Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Split Network Configuration Interface Enable Static IP on WAN Setup Network Menu C x Legend CFG WAN STATIC ENABLE WAN ENABLE STATIC NETWORK ENTER INTERFACE IP ON WAN PARAMS D Down Arrow D C A ENABLE DHCP WAN IP ADDR IP ON WAN 127 000 000 001 M J MM WAN NETMASK 255 255 255 000 WAN GATEWAY 127 000 000 001 WAN DNS1 000 000 000 000 WAN DNS2 000 000 000 000 p REALLY SET WAN STATIC NETWORK z Figure 2 11 Enable Static IP Address on WAN Interface We ll update menu options once you configure settings Once you configure ENABLE STATIC IP ON WAN the option will change to CHANGE STATIC IP ON WAN Once you configure ENABLE DHCP ON WAN the option will appear as RENEW DHCP ON WAN Qualys Scanner Appliance Use Guide 45 Chapter 2 Scanner Appliance Tour Ethernet Port Configuration Ethernet Port Configuration The Scanner Appliance uses Ethernet auto negotiation on scanning and management ports Most network devices have auto negotiation enabled Locked down port policies with auto negotiation disabled such as forcing speed duplex and link capabilities are outdated This is due to the maturity of the auto negotiation technology as well as the rate of adoption by product vendors and consumers over many years
21. of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Library at all For example if a patent license would not permit royalty free redistribution of the Library by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances Qualys Scanner Appliance User Guide 75 Appendix B Credits It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in re
22. referring to the MIT trademarks in order to convey information although in doing so recognition of their trademark status should be given Copyright OpenVision Technologies Inc 1996 All Rights Reserved WARNING Retrieving the OpenVision Kerberos Administration system source code as described below indicates your acceptance of the following terms If you do not agree to the following terms do not retrieve the OpenVision Kerberos administration system You may freely use and distribute the Source Code and Object Code compiled from it with or without modification but this Source Code is provided to you AS IS EXCLUSIVE OF ANY WARRANTY INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER WARRANTY WHETHER EXPRESS OR IMPLIED IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES OR FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT INCLUDING WITHOUT LIMITATION THOSE RESULTING FROM THE USE OF THE SOURCE CODE OR THE FAILURE OF THE SOURCE CODE TO PERFORM OR FOR ANY OTHER REASON OpenVision retains all copyrights in the donated Source Code OpenVision also retains copyright to derivative works of the Source Code whether created by OpenVision or by a third party The OpenVision copyright notice must be preserved if derivative works are made based on the donated Sour
23. static IP address follow these steps 1 Select SETUP NETWORK press the Down arrow until the ENABLE WAN INTERFACE menu option appears Then press ENTER to continue 2 Gotothe ENABLE STATIC IP ON WAN menu option and press ENTER to continue 3 When the CFG WAN STATIC NETWORK PARAMS prompt appears press ENTER to continue Or press the Up arrow to quit this procedure and return to the SETUP NETWORK menu option Qualys Scanner Appliance Use Guide 43 Chapter 2 Scanner Appliance Tour Split Network Configuration 44 10 When the WAN IP ADDR prompt appears enter the static IP address and then press ENTER to continue When the WAN NETMASK prompt appears use the Up and Down arrows to scroll to the desired netmask value After selecting a netmask value press ENTER to continue When the WAN GATEWAY prompt appears enter the gateway IP address Then press ENTER to continue When the WAN DNS1 prompt appears enter the IP address for the primary DNS Then press ENTER to continue When the WAN DNS2 prompt appears enter the IP address for the secondary DNS This entry is optional Press ENTER to continue When the REALLY SET WAN STATIC NETWORK prompt appears press ENTER to continue Or press the Up arrow to quit this procedure and return to the SETUP NETWORK menu option Review the confirmation message When the SCANNER APPLIANCE NAME IP ADDRESS message appears you are ready to start scanning If another message appears you
24. the Appliance attempted to make a connection to the Qualys Cloud Platform using the saved network settings and it failed Please review the error description that follows for the reason why 14 A user pressed ENTER on the ACTIVATION screen Then the Appliance tried to connect and a DNS lookup of the Qualys Cloud Platform URL failed Please review the error description that follows for the reason why Error descriptions You ll see an error description in the 2nd line of the NETWORK ERR screen LAN WAN errors LAN iface down LAN interface is down WAN iface down WAN interface is down LAN no CARRIER No CARRIER on LAN interface WAN no CARRIER No CARRIER on WAN interface LAN no IPv4 LAN has no IPv4 address WAN no IPv4 WAN has no IPv4 address Qualys Scanner Appliance Use Guide 55 Chapter 3 Troubleshooting Tell me about Network Errors 56 LAN WAN errors LAN no DNS srv LAN has no DNS servers WAN no DNS srv WAN has no DNS servers LAN DNS failed LAN DNS servers can t resolve Qualys Cloud PlatformURL WAN DNS failed WAN DNS servers can t resolve Qualys Cloud PlatformURL no LAN IPv4 GW LAN has no default IPv4 gateway no WAN IPv4 GW WAN has no default IPv4 gateway inv LAN IP cnf Invalid LAN IP configuration inv WAN IP cnf Invalid WAN IP configuration Proxy errors prxy con tmout Proxy initial connect timeout prxy con close Proxy closed connection
25. to the Qualys platform using the new network configuration See Troubleshooting for help with resolving the issue Qualys Scanner Appliance Use Guide 49 Chapter 2 Scanner Appliance Tour Changing the Network Configuration 50 Qualys Scanner Appliance Use Guide CHAPTER Troubleshooting This appendix describes troubleshooting techniques you can use to respond to errors and performance conditions when using the Scanner Appliance Troubleshooting guidelines How can test network connectivity Tell me about Network Errors Communication Failure message Chapter 3 Troubleshooting Troubleshooting guidelines Troubleshooting guidelines If your Scanner Appliance reports a network error there s an issue with the connectivity from Scanner Appliance to the Qualys Cloud Platform We recommend you follow these steps to troubleshoot the issue 1 Lookup the meaning of the network error See Tell me about Network Errors 2 Besuretoenable all necessary configurations on the Appliance This network error message may appear because configurations are incomplete incorrect or are missing 3 Follow the guidelines in How can test network connectivity 4 Review the potential problems and related solutions in Tell me about Network Errors In many cases a network error message indicates that additional configuration of the Scanner Appliance is required For example if your network does not have DHCP you need to assign a static IP c
26. B Proxy Support See Proxy Configuration on page 37 C Split Network Configuration See Enable DHCP on the WAN Interface on page 43 using DHCP and Enable DHCP on the WAN Interface on page 43 D Split Network Configuration See Enable DHCP on the WAN Interface on page 43 using a Static IP Address and Enable Static IP on the WAN Interface on page 43 Use the options chart below to determine the configurations needed DHCP Static IP DHCP Static IP w o Proxy w o Proxy with Proxy with Proxy Standard Config no action A B A amp B Split Netw Config C A amp C B amp C A B amp C DHCP on WAN Split Netw Config D A amp D B amp D A B amp D Static IP on WAN The Scanner Appliance supports VLAN interface configuration 802 1Q For information see Configure VLANs and Static Routes You may see a network error message one or two more times depending on how many configurations are needed For example if the Scanner Appliance is installed on a network with DHCP and a Proxy server and you want split network configuration with DHCP you enable options B and C After you enable option B you ll see another network error prompting you to make another configuration 14 Qualys Scanner Appliance User Guide Chapter 1 Get Started Quick Start Step 3 Activate the Scanner Appliance You will need a Qualys user account with the role of Manager or Unit Manger Check to be sure that you have your account information
27. Cloud Platform and it failed You ll see an error code with a description to help you with troubleshooting A network error appears in 2 lines within the Appliance user interface The first line gives an error code and the second line gives a description a reason for the error Sample NETWORK ERR 01 LAN iface down Error codes 54 You ll see an error code in the 1ST line of the NETWORK ERR screen Error Code Means 01 Using its current network settings the Scanner Appliance attempted to make a connection to the Qualys Cloud Platform and it failed Please review the error description that follows for the reason why 03 A user enabled proxy settings and this was saved with the Appliance s network settings Then the Appliance attempted to make a connection to the Qualys Cloud Platform using the saved network settings and it failed Please review the error description that follows for the reason why 04 A user disabled proxy settings and this was saved with the Appliance s network settings Then the Appliance attempted to make a connection to the Qualys Cloud Platform using the saved network settings and it failed Please review the error description that follows for the reason why 06 Using its boot time network configuration the Scanner Appliance attempted to make a connection to the Qualys Cloud Platform and it failed Please review the error description that follows for the reason why 07 A user co
28. IABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright C 1999 Aladdin Enterprises All rights reserved This software is provided as is without any express or implied warranty In no event will the authors be held liable for any damages arising from the use of this software Permission is granted to anyone to use this software for any purpose including commercial applications and to alter it and redistribute it freely subject to the following restrictions 1 The origin of this software must not be misrepresented you must not claim that you wrote the original software If you use this software in a product an acknowledgment in the product documentation would be appreciated but is not required 2 Altered source versions must be plainly marked as such and must not be misrepresented as being the original software 3 This notice may not be removed or altered from any source distribution Independent implementation of MD5 RFC 1321 This code implements the MD5 Algorithm defined in RFC 1321 It is derived directly from the text of the RFC and not from the reference implementation The original and principal author of md5 c is L Peter Deutsch lt ghost aladdin com gt Other authors are noted in the change history that follows in reverse chronological order 1999 11 04 Ipd Edite
29. INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Copyright C 1999 2008 Dieter Baron and Thomas Klausner This file is part of libzip a library to manipulate ZIP archives The authors can be contacted at lt libzip nih at gt Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE AUTHORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOS
30. MITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Linking with OpenSSL 17 In addition as a special exception we give permission to link the code of its release of libssh with the OpenSSL project s OpenSSL library or with modified versions of it that use the same license as the OpenSSL library and distribute the linked executables You must obey the GNU Lesser General Public License in all respects for all of the code used other than OpenSSL If you modify this file you may extend this exception to your version of the file but you are not obligated to do so If you do not wish to do so delete this exception statement from your version END OF TERMS AND CONDITIONS 76 Qualys Scanner Appliance User Guide APPFNDIX Safety Notices Elevated Operating Ambient The ambient temperature of an operating rack environment will be greater than the room s ambient temperature The unit must be installed in a rack where its operating ambient temperature does not exceed the unit s maximum ambient temperature Reduced Air Flow The unit must be installed in a rack which enables adequate air flow for the proper cooling of the unit Adequate Power The rack must be set up to ensure that an appropriate level and amount of
31. NTABILITY AND FITNESS IN NO EVENT SHALL ZERO KNOWLEDGE SYSTEMS INC BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTUOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Copyright c 2001 Dr Brian Gladman lt brg gladman uk net gt Worcester UK All rights reserved LICENSE TERMS The free distribution and use of this software in both source and binary form is allowed with or without changes provided that 1 distributions of this source code include the above copyright notice this list of conditions and the following disclaimer 2 distributions in binary form include the above copyright notice this list of conditions and the following disclaimer in the documentation and or other associated materials 3 the copyright holder s name is not used to endorse products built using this software without specific written permission DISCLAIMER This software is provided as is with no explcit or implied warranties in respect of any properties including but not limited to correctness and fitness for purpose Copyright C 2002 Bruce Allen lt smartmontools support lists sourceforge net gt This program is free software you can redistribute it and or modify it under the terms of the GNU General Public License as published by the Free Software Foundation either ve
32. NTABILITY AND FITNESS FOR A PARTICULAR PURPOSE IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE EVEN IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES O Copyrigh 1984 1989 William LeFebvre Rice University Copyright c 1989 1994 William LeFebvre Northwestern University Copyright c 1994 1995 William LeFebvre Argonne National Laboratory Copyright c 1996 William LeFebvre Group sys Consulting Copyright c 1995 1996 1997 The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that 1 source code distributions retain the above copyright notice and this paragraph in its entirety 2 distributions including binary code include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the distribution and 3 all advertising materials mentioning features or use of this software display the following acknowledgement This product includes software developed by the University of California Lawrence Berkeley Laboratory and its contributors Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior writte
33. NTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE THE AUTHORS AND CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER 62 Qualys Scanner Appliance User Guide Appendix B Credits Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved This package is an SSL implementation written by Eric Young eay cryptsoft com The implementation was written so as to conform with Netscapes SSL This library is free for commercial and non commercial use as long as the following conditions are aheared to The following conditions apply to all code found in this distribution be it the RC4 RSA lhash DES etc code not just the SSL code The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the copyright notice this list of conditions and the following disclaimer 2 Redistribut
34. PLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Portions Copyright c 1987 Regents of the University of California All rights reserved Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that the software was developed by the University of California Berkeley The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE Copyright c 1990 1991 1992 1993 1994 1995 1996 1997 The Regents of the University of California All rights reserved Qualys Scanner Appliance User Guide Appendix B Credits This code is derived from the Stanford CMU enet packet filter net enet c distributed as part of 4 3BSD
35. QUALYS Scanner Appliance User Guide April 6 2015 CONTINUOUS SECURITY Copyright 2005 2015 by Qualys Inc All Rights Reserved Qualys the Qualys logo and QualysGuard are registered trademarks of Qualys Inc All other trademarks are the property of their respective owners Qualys Inc 1600 Bridge Parkway Redwood Shores CA 94065 1 650 801 6100 CONTENTS Preface Chapter 1 Get Started Before you begin iei eecamiee remedii rie dab eint redi dede 8 Check package accessories rerit n recente diera 8 Network requirements configuration sss 8 Best Practices for internal scanning ss 10 Quick Start d re RO OC I BD Ir bete dud 11 Step 1 Connect the Scanner Appliance to the Network 11 Step 2 Power On the Scanner Appliance esses 13 Step 3 Activate the Scanner Appliance ss 15 We recommend one more thing 17 Chapter 2 Scanner Appliance Tour A Quick Look at th Appliance trente teens 20 Navigating the Appliance UI cerent ecrit ento 22 System Reboot and Shutdown nennen 28 Configure VLANS and Static Routes 30 Configure Static IP Addt ss ss me toner nee ien eerie reped 32 Configure IPv6 Address for Scanning 36 Proxy Configuration o ioinieccanimee etre eie red Kaa Ra EE aia eee tendre e ores 37 Split Network Configuration etie tede enit pie EEEE 42 Ethernet Port Configuration ss 46 Reset the Network Configuration
36. R ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Qualys Scanner Appliance User Guide Appendix B Credits Copyright c 2000 Niels Provos All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA
37. S OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright 1998 2002 University of Illinois Board of Trustees Copyright 1998 2002 Mark D Roth All rights reserved libtar hash c hash table routines Mark D Roth lt roth uiuc edu gt Campus Information Technologies and Educational Services University of Illinois at Urbana Champaign Flasm command line assembler amp disassembler of Flash ActionScript bytecode Copyright c 2001 Opaque Industries c 2002 2007 Igor Kogan c 2005 Wang Zhen All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the Opaque Industries nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission Qualys Scanner Appliance User Guide
38. S OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIESOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright c 2000 Niels Provos All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEM
39. Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE DANIEL VEILLARD BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Except as contained in this notice the name of Daniel Veillard shall not be used in advertising or otherwise to promote the sale use or other dealings in this Software without prior written authorization from him Copyright C 2000 Bjorn Reese and Daniel Veillard Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRA
40. THIN THAT CONSTRAINT permission to use copy modify and distribute this software and its documentation for any purpose and without fee is hereby granted provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation and that the name of M IT not be used in advertising or publicity pertaining to distribution of the software without specific written prior permission Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original MIT software M I T makes no representations about the suitability of this software for any purpose Itis provided as is without express or implied warranty THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE Individual source code files are copyright MIT Cygnus Support OpenVision Oracle Sun Soft FundsXpress and others Project Athena Athena Athena MUSE Discuss Hesiod Kerberos Moira and Zephyr are trademarks of the Massachusetts Institute of Technology MIT No commercial use of these trademarks may be made without prior written permission of MIT Commercial use means use of a name in a product or other for profit manner It does NOT prevent a commercial firm from
41. TWORK menu option 2 Press the Down arrow until the ENABLE PROXY menu option appears Then press ENTER to continue 3 Whenthe CONFIG PROXY PARAMETERS prompt appears press ENTER to continue Or press the Up arrow two times to quit this procedure and return to the SETUP NETWORK menu option Entering parameters Enter Proxy parameters using the Up and Down arrows to scroll through characters 1 Whenthe IP ADDRESS prompt appears enter the Proxy server s IP address The gateway IP address appears in the screen by default Use the Scanner Appliance interface to enter the Proxy server s IP address and then press ENTER to continue Octets The IP address entry is pre filled with three digits for all octets and you must enter a value for each digit For example to specify the IP address 176 34 20 5 you input the IP address as 176 034 020 005 2 When the PROXY PORT prompt appears enter the port number assigned to the Proxy server Port 0443 appears in the screen by default Confirm that the port number shown is correct or enter a different one if necessary When the correct port number appears press ENTER to continue Qualys Scanner Appliance Use Guide 37 Chapter 2 Scanner Appliance Tour Proxy Configuration 38 3 4 5 When the PROXY USER prompt appears enter the user name for Proxy authentication If authentication is not enabled at the Proxy level leave the entry field blank Press ENTER to continue S
42. TY or FITNESS FOR A PARTICULAR PURPOSE 2 The origin of this software must not be misrepresented either by explicit claim or by omission In practice this means that if you use PCRE in software which you distribute to others commercially or otherwise you must put a sentence like this Regular expression support is provided by the PCRE library package which is open source software written by Philip Hazel and copyright by the University of Cambridge England somewhere reasonably visible in your documentation and in any relevant files or online help data or similar A reference to the ftp site for the source that is to ftp ftp csx cam ac uk pub software programming pcre should also be given in the documentation 3 Altered versions must be plainly marked as such and must not be misrepresented as being the original software 4 If PCRE is embedded in any software that is released under the GNU General Purpose Licence GPL or Lesser General Purpose Licence LGPL then the terms of that licence shall supersede any condition above with which it is incompatible Copyright c 1996 by Internet Software Consortium Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE
43. USINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright c 1982 1986 Regents of the University of California All rights reserved Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that the software was developed by the University of California Berkeley The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE Copyright c 1997 2001 University of Cambridge University of Cambridge Computing Service Cambridge England Phone 44 1223 334714 Permission is granted to anyone to use this software for any purpose on any computer system and to redistribute it freely subject to the following restrictions 1 This software is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILI
44. a tool for writing it Whether that is true depends on what the Library does and what the program that uses the Library does 1 You may copy and distribute verbatim copies of the Library s complete source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and distribute a copy of this License along with the Library You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee Qualys Scanner Appliance User Guide 73 Appendix B Credits 74 2 You may modify your copy or copies of the Library or any portion of it thus forming a work based on the Library and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a The modified work must itself be a software library b You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change c You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License d If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility other than as an argu
45. ace for Enable Static IP on LAN We ll update menu options once you configure settings Once you configure ENABLE STATIC IP ON LAN the option will change to CHANGE STATIC IP ON LAN Once you configure ENABLE DHCP ON LAN the option will appear as RENEW DHCP ON LAN Qualys Scanner Appliance Use Guide 35 Chapter 2 Scanner Appliance Tour Configure IPv6 Address for Scanning Configure IPv6 Address for Scanning You have the option to configure the Scanner Appliance with an IPv6 address on the LAN interface this will be used for scanning IPv6 hosts How it works Once configured scanning traffic will be routed through the LAN interface LAN IPv4 for scanning IPv4 hosts and LAN IPv6 for scanning IPv6 hosts All management traffic software updates health checks etc will be routed through the LAN IPv4 interface A few things to consider First go to the Appliance UI and complete the Quick Start You must configure an IPv4 address on the LAN interface using DHCP or a static IP e Be sure your Scanner Appliance has successfully connected to the Qualys Cloud Platform e The IPv6 Scanning feature must be enabled for your subscription Tell me the steps 1 Login to the Qualys UI 2 Go to Scans gt Appliances and edit your Scanner Appliance You ll see the Appliance wizard 3 Under LAN settings select Enable IPv6 for this scanner You can choose Automatically and we ll do IP assignment through router advertisement
46. and code contributed to Berkeley by Steven McCanne and Van Jacobson both of Lawrence Berkeley Laboratory Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes software developed by the University of California Berkeley and its contributors 4 Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR B
47. anel Connect the other end of the USB to RS232 converter cable to your terminal server via network cable Connect the Scanner Appliance see Step 2 Power On the Scanner Appliance Note In the case where the Scanner Appliance is already powered on you must reboot the Scanner Appliance before taking the next step and making any configurations To reboot press the Down arrow on the LCD interface until the SYSTEM REBOOT message appears and then press ENTER Please make sure that the Scanner Appliance has fully rebooted this takes up to 3 minutes Press the ENTER key on the VT100 terminal s keyboard to display the Remote Console interface You will notice the MAC address for the Scanner Appliance appears Qualys Scanner Appliance User Guide Chapter 1 Get Started Quick Start Step 2 Power On the Scanner Appliance To power on the Scanner Appliance follow these steps 1 Connect the AC power cord into the Power Supply Socket Note Qualys strongly recommends the Scanner Appliance be plugged into a Managed Power Supply On the rare occasion where the Scanner Appliance may need to be rebooted utilizing the MPS will allow for remote rebooting in unmanned or high security areas Press the power button on the back panel Be sure that the power button has a green backlight Welcome to Qualys appears in the Scanner Appliance interface followed by other informational messages during the boot process which takes approximatel
48. appear as default parameters in the Scanner Appliance user interface You can make updates to the network configuration at any time using the Scanner Appliance interface For example to change from DHCP on the LAN interface to a static IP address on the LAN interface go to the SETUP NETWORK menu option and then press ENTER Press the Down arrow until the ENABLE STATIC IP ON LAN menu option appears Follow the prompts and enter the static IP configuration Some network configuration settings have confirmation prompts Be sure to confirm new configuration settings at these prompts For example if you are updating from DHCP on the LAN interface to a static IP on the LAN interface enter the appropriate configuration settings following the prompts Atthe REALLY SET LAN STATIC NETWORK prompt press ENTER to confirm the change Want to reset the network configuration to the factory default See Reset the Network Configuration When a scan is in progress at the time of the configuration change the scan task is cancelled and the message CANCELING THE ONGOING SCAN appears in the Scanner Appliance interface This message is a reminder that a scan in progress will not complete although partial scan results may be available To avoid this situation check the scan in progress indicator 51 LED on the front panel prior to making changes to network settings A network error message indicates that the Scanner Appliance was not able to make a connection
49. ce Code Qualys Scanner Appliance User Guide Appendix B Credits OpenVision Technologies Inc has donated this Kerberos Administration system to MIT for inclusion in the standard Kerberos 5 distribution This donation underscores our commitment to continuing Kerberos technology development and our gratitude for the valuable work which has been performed by MIT and the Kerberos community Portions contributed by Matt Crawford lt crawdad fnal gov gt were work performed at Fermi National Accelerator Laboratory which is operated by Universities Research Association Inc under contract DE AC02 76CHO3000 with the U S Department of Energy Copyright 2000 by Zero Knowledge Systems Inc Permission to use copy modify distribute and sell this software and its documentation for any purpose is hereby granted without fee provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation and that the name of Zero Knowledge Systems Inc not be used in advertising or publicity pertaining to distribution of the software without specific written prior permission Zero Knowledge Systems Inc makes no representations about the suitability of this software for any purpose It is provided as is without express or implied warranty ZERO KNOWLEDGE SYSTEMS INC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHA
50. d comments slightly for automatic TOC extraction 1999 10 18 lpd Fixed typo in header comment ansi2knr rather than md5 1999 05 03 Ipd Original version Copyright c 1994 1996 The Regents of the University of California All rights reserved Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of California at Berkeley The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission This software is provided as is without express or implied warranty Qualys Scanner Appliance User Guide 67 Appendix B Credits 68 Copyright c 1988 1989 1990 1991 1992 1995 1996 1997 The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that 1 source code distributions retain the above copyright notice and this paragraph in its entirety 2 distributions including binary code include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the distribution and 3 all advertising materials mentioning features or use of this software display the following acknowledgement This product includes software developed by the University of California Lawrence Berkeley Laboratory and its contributors
51. ditions are met 1 Redistributions of source code must retain copyright statements and notices 2 Redistributions in binary form must reproduce applicable copyright statements and notices this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution and 3 Redistributions must contain a verbatim copy of this document The OpenLDAP Foundation may revise this license from time to time Each revision is distinguished by a version number You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OPENLDAP FOUNDATION ITS CONTRIBUTORS OR THE AUTHOR S OR OWNER S OF THE SOFTWARE BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The names of the auth
52. ds for IP addresses are pre filled with values in this format nnn nnn nnn nnn The IP address format displays values for each character position in all octets When entering an IP address you replace the three n digits for each octet as appropriate If an octet has less than three digits then the octet must include leading zeros For example to specify the IP address 194 55 176 2 you input the IP address as 194 055 176 002 Qualys Scanner Appliance Use Guide 25 Chapter 2 Scanner Appliance Tour Navigating the Appliance UI 26 Domain Name The DOMAIN NAME field in the static IP address configuration allows you to enter the domain name for the DNS server for example mydomain com The domain name entry can have a maximum length of 32 characters These characters are allowed uppercase letters numbers underscore _ and period E UN PL D Press Press Up Arrow Down Arrow Figure 2 4 Special characters in the Domain Name field The screen displays 16 characters of the DOMAIN NAME field entry and it scrolls left For example the first character of the domain name is hidden when the 17th character is entered As each additional character is entered the domain name scrolls left Tips The space character may be used to remove characters when editing the domain name entry There s a shortcut for clearing a domain name entry Just press the Left arrow and Right arrow at the same time Proxy User Name F
53. e and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence including the GNU Public Licence Copyright c 1999 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www OpenSSL org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact licensing OpenSSL org 5 Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledg
54. entation and or other materials provided with the distribution Neither the name of Rapid7 LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The Metasploit Framework is provided under the 3 clause BSD license above The copyright on this package is held by Rapid7 LLC This license does not apply to the following components The OpenSSL library embedded into the Meterpreter payload binaries and the corresponding header files in the source tree The Packet Sniffer SDK MicroOLAP library embedded into the Meterpreter Sniffer extension HD Moore has a single seat developer license The modified T
55. er the Scanner Appliance makes a successful login to the Qualys Cloud Platform Do you see another message instead See Troubleshooting and we ll help you with this Qualys Scanner Appliance User Guide 15 Chapter 1 Get Started Quick Start 16 That s all there is to it You are ready to start scanning with your Qualys Scanner Appliance You ll see the Scanner Appliance name and IP address in the interface LCD or Remote Console this indicates you have completed the Quick Start the Scanner Appliance has been added to your subscription Tip Before you launch scans using the Scanner Appliance we recommend you log into the Qualys user interface and check the Appliance status on the appliances list Scanner Appliance Name and IP Address The Scanner Appliance name and IP address appear as shown below Appliance Name is qualys ez IP Address 194 55 109 12 Format TheScanner Appliance name displayed is is username where username is your Qualys user name The name can be changed using the Qualys user interface The IP address is available for information purposes only The Scanner Appliance is remote controlled by the Oualys Cloud Platform and the Appliance does not allow incoming logins or connections from the network If split network configuration is enabled the IP address for the LAN interface is displayed The Qualys Cloud Platform indicator for your account appears in the lower right corner Proper Shutdown
56. erface and ensure that the Scanner Appliance can connect to the Qualys Cloud Platform Without proper configuration the Scanner Appliance cannot perform scans To reset the network configuration follow these steps 1 Gotothe SETUP NETWORK menu option and press ENTER 2 Press the Down arrow to advance through the menu options When the RESET NETWORK CONFIG menu option appears press ENTER 3 When the REALLY RESET NETWORK CONFIG prompt appears press ENTER to continue Or press the Up arrow to quit this procedure and return to the SETUP NETWORK menu 4 Review the confirmation messages The Scanner Appliance attempts to connect to the Qualys Cloud Platform using the default network configuration DHCP enabled no VLAN configuration no Proxy configuration no split network configuration and Ethernet auto negotiation enabled In a case where the Scanner Appliance network configuration was customized not identical to the default configuration provided by Qualys before the reset further network configuration is necessary in order for the Scanner Appliance to connect to the Qualys Cloud Platform and perform scans Need help See the Quick Start 48 Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Changing the Network Configuration Changing the Network Configuration When the Scanner Appliance has successfully connected to the network the Appliance stores the network configuration settings These settings will
57. igabit switch on your network Remote Console Interface Set Up optional The Remote Console interface supports remote configuration and management of the Scanner Appliance using a VT100 terminal such as Windows HyperTerminal Remote Session on Terminal USB to RS232 Scanner User l Terminal Server Server Converter Cable Appliance Figure 1 1 Set up for Remote Console Interface A USB to RS232 converter cable allows you to connect to their terminal server via network cable Qualys recommends the following USB to RS232 converter cable IOGEAR USB Serial Model GUC232A Full specifications http www iogear com product GUC232A Keystroke File Not Supported The Remote Console interface is not intended for uploading the whole scanner configuration by means of a pre defined keystroke file Uploading such a file will result in lost characters and incorrect configuration Qualys Scanner Appliance User Guide 11 Chapter 1 Get Started Quick Start To set up the Remote Console interface follow these steps 1 Be sure the terminal server is up and running Also check the terminal server settings The following settings are required Note Stop Bits must be set to 2 Port Setting Value Bits per second Baud rate 9600 Data Bits 8 Parity None Stop Bits 2 Flow Control None Terminal Emulation VT100 Connect one end of the USB to RS232 converter cable to a USB port on the Scanner Appliance back p
58. ightVNC binaries and their associated source code The icons used by msfweb that were not created by Metasploit The Bit Struct library located under lib bit struct The Byakugan plugin located under external source byakugan The Metasm library located under lib metasm The PcapRub library located under external pcaprub The Rabal library located under lib rabal The Racket library located under lib racket Qualys Scanner Appliance User Guide 71 Appendix B Credits 72 The Ruby Lorcon library located under external ruby lorcon The SNMP library located under lib snmp The Zip library located under lib zip The latest version of this software is available from http metasploit com Bug tracking and development information can be found at http www metasploit com redmine projects framework Questions and suggestions can be sent to msfdev at metasploit com The framework mailing list is the place to discuss features and ask for help To subscribe visit the following web page https mail metasploit com mailman listinfo framework The archives are available from https mail metasploit com pipermail framework GNU LESSER GENERAL PUBLIC LICENSE Version 2 1 February 1999 Copyright C 1991 1999 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not al
59. ions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes cryptographic software written by Eric Young eay cryptsoft com The word cryptographic can be left out if the rouines from the library being used are not cryptographic related 4 If you include any Windows specific code or a derivative thereof from the apps directory application code you must include an acknowledgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licenc
60. is Default The LAN interface services both scanning traffic and management traffic to the Qualys Cloud Platform unless split network configuration is defined for the Appliance See Split Network Configuration VLAN Support VLAN configuration options 1 If you have connected the LAN interface to a 802 1q trunked port and need your Scanner Appliance to use VLAN tags on the LAN default network enter the VLAN tag number using the Appliance console 2 For any Appliance you can choose option 1 and also configure more VLANs to be used for scanning using the Qualys user interface Qualys Scanner Appliance User Guide Chapter 1 Get Started Before you begin DHCP or Static IP By default the Scanner Appliance is pre configured with DHCP If configured with a static IP address be sure you have the IP address netmask default gateway primary DNS and WINS server if appropriate Proxy Support The Scanner Appliance includes Proxy support with or wihout authentication Basic or NTLM The Proxy server must be assigned a static IP address and must allow transparent SSL tunneling Proxy level termination as implemented in SSL bridging for example is not supported WINS Support If your network is running Windows Internet Naming Service WINS the Scanner Appliance needs to use it for host name resolution during scanning For an Appliance configured with DHCP please be sure your WINS server IPs primary and secondar
61. it Network Configuration 42 The Qualys Scanner Appliance provides two network traffic configurations Standard and Split The Standard configuration is enabled by default You may enable the Split network configuration using menu options on the SETUP NETWORK menu In the Standard network configuration the LAN RJ45 Ethernet connector services both scanning traffic and management traffic to the Qualys Cloud Platform over the Internet Corporate Intranet Intranet Scanner Internet Firewall Figure 2 9 Standard network traffic configuration default In the Split network configuration all Scanner Appliance management traffic which includes scan map job pickup scan map data upload software updates and health checks are routed through the WAN port whereas scan traffic uses the LAN port This configuration enables the use of Scanner Appliances in networks that do not have direct Internet access Corporate Intranet Intranet Scanner B idi Internet Figure 2 10 Split network traffic configuration No internal traffic is routed or bridged to the WAN port and no management traffic is routed or bridged to the LAN port The Scanner Appliance implements logical separation of scanning traffic and management traffic regardless of whether you configure the Standard or Split option Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Split Netw
62. keyboard to enter characters In numeric entry fields you press the Up and Down arrows to select a value between 0 and 9 When a numeric entry field is first displayed a default value appears Qualys Scanner Appliance Use Guide 23 Chapter 2 Scanner Appliance Tour Navigating the Appliance UI In text entry fields where you enter a user name and password you press the Up and Down arrows to select a character numeric alphabetic space underscore or special character In these fields you can hold the Up arrow or the Down arrow to scroll through the available characters When a text entry field is first displayed the text entry field is blank filled with spaces Scrolling through Characters The Qualys user fields SA LOGIN and SA PASSWD and the Proxy user fields PROXY USER and PROXY PASSW allow you to select lower case letters uppercase letters numbers space and underscore Some fields allow special characters Press the Up arrow to scroll through characters in ascending order Starting from the space character the characters appear in this order lowercase letters a to z space numbers 0 to 9 underscore special characters for Proxy user name and password only uppercase letters A to Z Press Up Arrow lt space gt abcdefghijkimnopqrstuvwxyz lt space gt 0123456789 lt special characters gt ABCDEFGHIJKLMNOPQRSTUVWXYZ Figure 2 2 Scrolling characters in ascending order Press the Down arrow to
63. liance Tour Configure VLANs and Static Routes Configure VLANs Static Routes using the Qualys UI Configuring VLANs and static routes is supported using the Qualys UI Just go to the appliances list Scans gt Appliances and edit the Appliance settings The VLANs and static routes you add are saved with your account information on the Qualys Cloud Platform Up to 4094 VLANs and static routes can be added to each Scanner Appliance as long as you are using the latest appliance software distribution Don t see these settings The VLAN trunking feature must be turned on for your account Please contact Support or your Technical Account Representative if you d like us to turn it on for you Qualys Scanner Appliance Use Guide 31 Chapter 2 Scanner Appliance Tour Configure Static IP Address Configure Static IP Address If DHCP is not on your network you must enable the Scanner Appliance with a static IP address using the ENABLE STATIC IP ON LAN menu option One of these configurations is required Entry fields for IP addresses used in the static IP address configuration are pre filled with three digits for all octets and you must enter a value for each digit For example to specify the IP address 176 34 20 5 you input the IP address as 176 034 020 005 See IP Addresses for details Tell me the steps When enabling a static IP address on the LAN interface you must enter network configuration settings for the Scanner Ap
64. liance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License 12 If the distribution and or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 13 The Free Software Foundation may publish revised and or new versions of the Lesser General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Library specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Library does not specify a license version number you may choose any version ever published by the Free Software Foundati
65. lowed This is the first released version of the Lesser GPL It also counts as the successor of the GNU Library Public License version 2 hence the version number 2 1 Preamble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This license the Lesser General Public License applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it too but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case based on the explanations below When we speak of free software we are referring to freedom of use not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software and use pieces of it in new free programs and that you are informed that you can do these things To protect your rights we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights These restrictions translate to certai
66. ment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www OpenSSL org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Qualys Scanner Appliance User Guide 63 Appendix B Credits 64 Copyright c 1999 2000 Damien Miller All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary f
67. ment passed when the facility is invoked then you must make a good faith effort to ensure that in the event an application does not supply such function or table the facility still operates and performs whatever part of its purpose remains meaningful For example a function in a library to compute square roots has a purpose that is entirely well defined independent of the application Therefore Subsection 2d requires that any application supplied function or table used by this function must be optional if the application does not supply it the square root function must still compute square roots These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Library and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Library the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Library In addition
68. n permission THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Copyright c 1995 Tatu Ylonen lt ylo cs hut fi gt Espoo Finland All rights reserved As far as I am concerned the code I have written for this software can be used freely for any purpose Any derived versions of this software must be clearly marked as such and if the derived work is incompatible with the protocol description in the RFC file it must be called by a name other than ssh or Secure Shell Copyright c 1999 Niels Provos All rights reserved Copyright c 1999 2000 Markus Friedl All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FO
69. n responsibilities for you if you distribute copies of the library or if you modify it For example if you distribute copies of the library whether gratis or for a fee you must give the recipients all the rights that we gave you You must make sure that they too receive or can get the source code If you link other code with the library you must provide complete object files to the recipients so that they can relink them with the library after making changes to the library and recompiling it And you must show them these terms so they know their rights Qualys Scanner Appliance User Guide Appendix B Credits We protect your rights with a two step method 1 we copyright the library and 2 we offer you this license which gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the library is modified by someone else and passed on the recipients should know that what they have is not the original version so that the original author s reputation will not be affected by problems that might be introduced by others Finally software patents pose a constant threat to the existence of any free program We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder Therefore we insist that any patent license obtained for a ver
70. ner indicating the navigation options available from the current screen LCD Remote Description Button Console Key e ENTER Confirm a selection After you press ENTER another screen appears RIGHT Move the cursor to the right in an entry field 4 LEFT Move the cursor to the left in an entry field UP Used to A Increase the value in an entry field Move up through menu options Cancel a confirmation message DOWN Used to wv Decrease the value in an entry field Move down through menu options Note these important guidelines for using buttons 1 Press one button at a time 2 Do not hold down an arrow button except as noted in guideline 3 instead press the arrow multiple times and 3 When entering a user name or password you can hold down the Up and Down arrow buttons to scroll through characters quickly Entering Information The Scanner Appliance user interface LCD and Remote Console allow users to enter information in the fields provided using arrow keys The Left and Right arrows move the cursor to the left and right and the Up and Down arrows are used to scroll through characters Some fields allow certain characters to be entered The character restrictions are described below Up and Down Arrows Using the LCD user interface use the Up and Down arrows to enter characters in a field Using the Remote Console interface you have the option to use the Up and Down arrows or to use your
71. nfigured an invalid static LAN IP address or gateway IP address and this was saved with the Appliance s network settings Please review the error description that follows for the reason why Qualys Scanner Appliance Use Guide Error Code Chapter 3 Troubleshooting Tell me about Network Errors Means 08 A user configured an invalid static WAN IP address or gateway IP address and this was saved with the Appliance s network settings Please review the error description that follows for the reason why 09 A user configured DHCP or a static IP address and this was saved with the network settings Then the Appliance tried to connect and a DNS lookup of the Qualys Cloud Platform URL failed Please review the error description that follows for further detail 10 A user configured the LAN interface and this was saved with the network settings Then the Appliance attempted to make a connection to the Qualys Cloud Platform using the saved network settings and it failed Please review the error description that follows for the reason why 12 A user configured the WAN interface and this was saved with the network settings Then the Appliance attempted to make a connection to the Qualys Cloud Platform using the saved network settings and it failed Please review the error description that follows for the reason why 13 A user configured VLANs and this was saved with the Appliance s network settings Then
72. ns are supported including a static IP address on LAN and DCHP on WAN as well as DHCP on LAN and a static IP address on WAN How can test network connectivity Use a Laptop It is recommended that you test network connectivity to the Qualys Cloud Platform using your laptop or other device 1 Take the laptop to the location where the Scanner Appliance will be installed and connect the laptop to the network using the same network cable and port that will be used for the Appliance 2 Configure the laptop with the same network configuration that the Scanner Appliance will use IP address gateway DNS server etc 3 If the connection to the Qualys Cloud Platform must pass through a proxy server configure the laptop s web browser with proxy information 4 Open a browser and try to log into your Qualys account You ll see the Qualys Log In page after a successful connection is made to the Qualys Cloud Platform Test DNS Name Resolution You can test DNS name resolution from any machine connected to the same network as your Scanner Appliance If DNS name resolution is working properly server information is returned including the server name and IP address Note that nslookup is not available on all systems Qualys Scanner Appliance Use Guide 53 Chapter 3 Troubleshooting Tell me about Network Errors Tell me about Network Errors A network error is reported when the Scanner Appliance attempted to connect to the Qualys
73. o find the accompanying uncombined form of the same work 8 You may not copy modify sublicense link with or distribute the Library except as expressly provided under this License Any attempt otherwise to copy modify sublicense link with or distribute the Library is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 9 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Library or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Library or any work based on the Library you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Library or works based on it 10 Each time you redistribute the Library or any work based on the Library the recipient automatically receives a license from the original licensor to copy distribute link with or modify the Library subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties with this License 11 If as a consequence
74. o negotiation 1GbaseT Full 1GbaseT 1 gigabit full duplex data transmission 100baseT Full 100baseT full duplex data transmission 100baseT Half 100baseT half duplex data transmission 1ObaseT Full 10baseT full duplex data transmission 10baseT Half 10baseT half duplex data transmission Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Ethernet Port Configuration 4 When the desired LAN port link setting is displayed press ENTER to store the confirm the configuration setting 5 Whenthe REALLY SET LAN TO value prompt appears press ENTER to store the configuration setting Go to Step 9 unless WAN port configuration is necessary for split network configuration Split Network Configuration When the Scanner Appliance has a split network configuration you have the option to configure the WAN port link setting To do this follow the steps below 6 Press the Down arrow one time The WAN PORT LINK option is displayed along with the WAN port link setting in effect 7 Press the Right arrow to advance through the available port link settings Tips Use the Left arrow to advance through the settings in reverse order To quit this procedure and return to SETUP NETWORK press the Up arrow two times Setting Description AUTO Auto negotiation 1GbaseT Full 1GbaseT 1 gigabit full duplex data transmission 100baseT Full 100baseT full duplex data transmission 100baseT Half 100baseT half duple
75. ology Solutions Dell SecureWorks Fujitsu HCL Comnet InfoSys NTT Tata Communications Verizon and Wipro The company is also a founding member of the Cloud Security Alliance CSA For more information please visit www qualys com Contact Qualys Support Qualys is committed to providing you with the most thorough support Through online documentation telephone help and direct email support Qualys ensures that your questions will be answered in the fastest time possible We support you 7 days a week 24 hours a day Access support information at www qualys com support Preface 6 Qualys Scanner Appliance User Guide CHAPTER Get Started Welcome to the Qualys Scanner Appliance an option with the Qualys Cloud Platform from Qualys Inc With the Qualys Scanner Appliance you can assess internal network devices systems and web applications The Scanner Appliance is a robust scalable solution for scanning networks of all sizes including large distributed networks It s easy to set up a Scanner Appliance within your network Let s get started Before you begin Best Practices for internal scanning Quick Start Interested in Virtual Appliances The Qualys Virtual Scanner Appliance is packaged and qualified for deployment on a variety of virtualization and cloud platforms Please contact your TAM or Qualys Support if you re interested in adding Virtual Appliances to your license Desktop Laptop VMware Workstation Pla
76. on 14 If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 15 BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE LIBRARY TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU SHOULD THE LIBRARY PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 16 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY INCLUDING BUT NOT LI
77. on and respond to prompts e Left and Right arrow buttons move the cursor to left right in an entry field e Up and Down arrow buttons scroll through menu options and scroll through characters in an entry field e ENTER button in the center is used to confirm entries and move to the next screen Tell me about the LEDs e S1 tells you a Qualys scan is in progress on the Scanner Appliance e S2tells you a software update to the Scanner Appliance is in progress e S3is not used Back Panel The Appliance s back panel includes the power socket the Ethernet LAN port the Ethernet WAN port and two USB ports 20 Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour A Quick Look at the Appliance Power socket Use to connect the power connector to the Appliance Power button Use to power on the Appliance A green light indicates the Appliance is turned on LAN WAN ports Use to connect the Appliance to a hub or switch on your network using a straight through CAT6 twisted pair Ethernet cable The LAN port is required The WAN port is only required if you choose the split network configuration option USB ports Connect a USB to RS232 converter cable to a USB port if you want to use the optional Remote Console interface any port may be used Appliance UI The Scanner Appliance has a user interface for configuration and management You can choose to use the LCD display and keypad on the front panel or
78. onfiguration Configuration for Proxy support and or split network configuration may be required See the network configurations below that include detailed set up steps for each Network Configurations with DHCP Present Network configuration Appliance set up steps DHCP present Plug in the Appliance No Proxy Standard network traffic DHCP present Plug in the Appliance Proxy server Enable Proxy page 37 Standard network traffic DHCP present Plug in the Appliance Split network traffic Enable DHCP on WAN page 43 DHCP present Plug in the Appliance Proxy server Enable Proxy page 37 Standard network traffic Enable DHCP on LAN 52 Qualys Scanner Appliance Use Guide Chapter 3 Troubleshooting How can test network connectivity Network Configurations without DHCP Present Network configuration Appliance set up steps DHCP not present Plug in the Appliance No Proxy Enable Static IP on LAN page 32 Standard network traffic DHCP not present Plug in the Appliance Proxy server Enable Static IP on LAN page 32 Standard network traffic Enable Proxy page 37 DHCP not present Plug in the Appliance Split network traffic Enable Static IP on LAN page 32 Enable Static IP on WAN page 43 DHCP not present Plug in the Appliance Proxy server Enable Static IP on LAN page 32 Standard network traffic Enable Proxy page 37 Enable Static IP on WAN page 43 Additional network configuratio
79. or choose Static and assign a static IP address Don t see these settings This means IPv6 Scanning is not turned on for your account Please contact Support or your Technical Account Manager if you d like us to turn it on for you 4 Besure to save the Appliance settings 36 Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Proxy Configuration Proxy Configuration If the Scanner Appliance is behind a Proxy server you need to enable a Proxy configuration using the ENABLE PROXY menu option Authentication Basic or NTLM of the Scanner Appliance connection to your Proxy server can be enabled by configuring the Proxy user and password fields The Scanner Appliance uses Secure Sockets Layer SSL protocol HTTPS to secure its connection to the Qualys web application in a similar way that a web browser does to a secure web server If the Qualys connection must pass through a Proxy server then you must enable the Proxy option on the Scanner Appliance This configuration re directs Qualys outbound connections through the Proxy server Your Proxy server must be configured to tunnel or pass through the SSL session to the Qualys web application This ensures a secured end to end connection SSL bridging or tunnel termination must not be configured in your Proxy server when supporting the Scanner Appliance Tell me the steps To configure the Scanner Appliance with Proxy support follow these steps 1 Goto the SETUP NE
80. or the Proxy user name in the PROXY USER field you may enter a maximum of 32 characters including lower case letters upper case letters numbers space and underscore These special characters can be used underscore _ dash backslash period at sign 89_ AB Press Press Up Arrow Down Arrow Figure 2 5 Special characters in the Proxy user field The screen displays 16 characters of the PROXY USER field entry and it scrolls left For example the first character of the Proxy user name is hidden when the 17th character is entered As each additional character is entered the Proxy user name scrolls left The space character may be used to remove charaters The format of a Proxy user entry is domain user If there is a backslash in the middle of the entry the Appliance interprets the string before the backslash as the domain name No double backslashes NN are needed in front of the domain user format Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Navigating the Appliance UI Proxy Password The PROXY PASSW allows you to enter a maximum of 16 characters including lower case letters upper case letters numbers space and underscore Many special characters are allowed These characters are shown in ascending order in the table below Using the LCD interface to scroll through characters 1 to 30 press the Up arrow To scroll through characters in descending order pre
81. ork Configuration A few things to consider Please review these tips and best practices before you configure split network configuration e Check to be sure that network connection to both the LAN and WAN ports on the Scanner Appliance have been set up properly e The Scanner Appliance must be configured with DHCP or a static IP address on the LAN interface first Using the LAN interface now If your Scanner Appliance is powered on and connected to the LAN port only power down the Scanner Appliance before you connect the second Ethernet cable to the WAN port Do not configure the LAN and WAN interfaces on the same subnet This type of configuration is not supported Enable DHCP on the WAN Interface To configure the WAN interface with DHCP follow these steps 1 Select SETUP NETWORK press the Down arrow until the ENABLE WAN INTERFACE menu option appears Then press ENTER to continue 2 Gotothe ENABLE DHCP ON WAN menu option and press ENTER to continue 3 Whenthe REALLY ENABLE DHCP ON WAN prompt appears press ENTER to continue Or press the Up arrow two times to quit this procedure and return to the SETUP NETWORK menu option 4 Review the confirmation message When the SCANNER APPLIANCE NAME IP ADDRESS appears you are ready to start scanning If another message appears you need to complete the Quick Start or resolve the network error indicated Enable Static IP on the WAN Interface To configure the WAN interface with a
82. ork group to determine where to place Scanner Appliances in an enterprise network environment Some things to consider place Scanner Appliances as close to target machines as possible and make sure to monitor and identify any bandwidth restricted segments or weak points in the network infrastructure Scanning through layer 3 devices such as routers firewalls and load balancers could result in degraded performance so you may consider using our VLAN tagging feature VLAN trunking to circumvent layer 3 devices to avoid potential performance issues Qualys Scanner Appliance User Guide Chapter 1 Get Started Quick Start Quick Start Once you complete the Quick Start you re ready to start scanning It takes just a couple of minutes It s important that you complete the steps in the order shown Step 1 Connect the Scanner Appliance to the Network Qualys strongly recommends the Scanner Appliance be plugged into a Managed Power Supply On the rare occasion where the Scanner Appliance may need to be rebooted utilizing the MPS will allow for remote rebooting in unmanned or high security areas Set Up Network Connection The Scanner Appliance connects like any other computer to a switch on your network To set up the network connection follow these steps e Connect one end of an Ethernet cable to the Ethernet LAN port on the Scanner Appliance back panel e Connect the other end of the Ethernet cable to a 10BASE T or 100BASE TX or 1 G
83. orm must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright c 2000 Markus Friedl All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRES
84. ors and copyright holders must not be used in advertising or otherwise to promote the sale use or other dealing in this Software without specific written prior permission Title to copyright in this Software shall at all times remain with copyright holders Appendix B Credits Copyright 1998 2000 The OpenLDAP Foundation Redwood City California USA All rights reserved Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission This software is provided as is without express or implied warranty Portions Copyright c 1993 Regents of the University of Michigan Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission This software is provided as is without express or implied warranty Portions Copyright c 1994 Regents of the University of Michigan Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor
85. ou see SCANNER APPLIANCE NAME IP ADDRESS this means you are ready to start scanning This message appears if the Scanner Appliance made a successful connection to the Qualys Cloud Platform using the new configuration A network error screen appears if the Scanner Appliance failed to make a connection to the Qualys Cloud Platform A network error may occur because the static IP parameters you entered are incorrect or they do not match the static IP configuration on your network See Troubleshooting for help with resolving the issue Qualys Scanner Appliance Use Guide 33 Chapter 2 Scanner Appliance Tour Configure Static IP Address Tell me about LAN Netmask 34 When entering static network parameters you will notice that the cursor does not appear after the LAN NETMASK prompt and you cannot enter characters in the entry field At first the netmask 255 255 255 000 appears Use the Up and Down arrows to scroll through valid netmasks When the appropriate netmask value appears press ENTER to confirm Possible netmask values are listed below If you press the Down arrow the values appear in this order 255 255 255 000 255 255 254 000 255 255 252 000 If you press the Up arrow the values appear in this order 255 255 255 000 255 255 255 128 255 255 255 192 Scrolling netmask values in the Netmask field Order Netmask value Order Netmask value
86. pliance so that the Appliance can communicate with the Qualys Cloud Platform Also you have the option to enter some network settings for informational purposes To enable a static IP address on the LAN interface for the Scanner Appliance follow these steps 1 Gotothe SETUP NETWORK menu option and press ENTER to continue 2 Press the Down arrow until the ENABLE STATIC IP ON LAN menu option appears Then press ENTER to continue 3 When the CFG LAN STATIC NETWORK PARAMS prompt appears press ENTER to continue Or press the Up arrow to quit this procedure and return to the SETUP NETWORK menu option Entering parameters 32 The Scanner Appliance user interface LCD and Remote Console allows users to enter information in the fields provided using the arrow keys Use the Left and Right arrows to move the cursor to the left and right and use the Up and Down arrows to scroll through characters With the Remote Console interface you have the option to enter characters using the VT100 terminal s keyboard 1 Whenthe LAN IP ADDR prompt appears enter the static IP address and then press ENTER to continue 2 When the LAN NETMASK prompt appears use the Up and Down arrows to scroll to the desired netmask value For information about netmask values see Tell me about LAN Netmask After selecting a netmask value press ENTER to continue 3 When the LAN GATEWAY prompt appears enter the gateway IP address and then press ENTER to continue
87. power is available to the unit The overall connection of the rack equipment to the supply circuit and the effect that overloading the supply circuit might have on overcurrent protection and supply wiring should also be considered Reliable Grounding Reliable grounding of rack equipment must be maintained Particular attention should be given to supply connections other than direct connections to the branch circuit for example use of power strips Mechanical Loading The unit should be installed in a rack in a manner that does not create a hazardous condition due to uneven mechanical overloading Cautionary Notices The socket outlet shall be installed near the equipment and shall be easily accessible Le socle de prise de courant doit tr install 4 proximit du mat riel et doit tre ais ment accessible CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT TYPE DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS ATTENTION IL Y A RISQUE D EXPLOSION SI LA BATTERIE EST REMPLACEE PAR UNE BATTERIE DE TYPE INCORRECT METTRE AU REBUT LES BATTERIES USAGEES CONFORMEMENT AUX INSTRUCTIONS Appendix C Safety Notices 78 Qualys Scanner Appliance User Guide
88. r Appliance makes a successful connection to the Qualys Cloud Platform This message indicates the Scanner Appliance is ready for scanning If another message appears you need to activate the Scanner Appliance or troubleshoot the issue before scanning See Troubleshooting for help with resolving any errors How to shutdown the system 28 You can power off the system using the shutdown button or using the Appliance UI Using the Appliance UI 1 With the Scanner Appliance name and IP address displayed press ENTER 2 Whenthe SETUP NETWORK menu option appears press the Down arrow to navigate through the menu options When the SYSTEM SHUTDOWN menu option appears press ENTER 4 Whenthe REALLY SHUTDOWN SYSTEM prompt appears press ENTER to confirm 5 Important The Scanner Appliance should now power down within 60 seconds When this message appears It s now safe to unplug the box then you can safely unplug the Scanner Appliance Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour System Reboot and Shutdown What happens a restart When you restart the Scanner Appliance several messages appear during the startup process as described below 1 When the system is restarted informational messages appear in the screen during the boot process These messages appear in the order shown below Welcome to Qualys Qualys Scanner is starting up Filesystem check in progress Qualys Scanner is coming
89. rization of the copyright holder Copyright c 1998 2003 Carnegie Mellon University All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Qualys Scanner Appliance User Guide 69 Appendix B Credits 70 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The name Carnegie Mellon University must not be used to endorse or promote products derived from this software without prior written permission For permission or any other legal details please contact Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh PA 15213 3890 412 268 4387 fax 412 268 7395 tech transfer andrew cmu edu 4 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by Computing Services at Carnegie Mellon University http www cmu edu computing CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL
90. rsion 2 or at your option any later version You should have received a copy of the GNU General Public License for example COPYING if not write to the Free Software Foundation Inc 675 Mass Ave Cambridge MA 02139 USA This code was originally developed as a Senior Thesis by Michael Cornwell at the Concurrent Systems Laboratory now part of the Storage Systems Research Center Jack Baskin School of Engineering University of California Santa Cruz http ssrc soe ucsc edu Copyright c 1996 2006 Daniel Stenberg lt daniel haxx se gt All rights reserved Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Except as contained in this notice the name of a copyright holder shall not be used in advertising or otherwise to promote the sale use or other dealings in this Software without prior written autho
91. rty saying it may be distributed under the terms of this Lesser General Public License also called this License Each licensee is addressed as you A library means a collection of software functions and or data prepared so as to be conveniently linked with application programs which use some of those functions and data to form executables The Library below refers to any such software library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative work under copyright law that is to say a work containing the Library or a portion of it either verbatim or with modifications and or translated straightforwardly into another language Hereinafter translation is included without limitation in the term modification Source code for a work means the preferred form of the work for making modifications to it For a library complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the library Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in
92. scroll through characters in descending order Starting from the space character the characters appear in this order uppercase letters Z to A special characters for Proxy user name and password only underscore numbers 9 to 0 space lowercase letters z to a 24 Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Navigating the Appliance UI Press Down Arrow lt space gt ZYXWVUTSRQPONMLKJIHGFEDCBA lt special characters gt _ 9 8 7 6 5 4 3 2 1 0 space zyxwvutsrqponmlikjihgfedcba Figure 2 3 Scrolling characters in descending order Space Character When a text field entry contains fewer characters than the character positions on the interface screen you must select the space character for the unused positions before or after the field entry Only the characters associated with the field entry and space characters may be included in a text field entry Embedded spaces are not permitted in text field entries except in the Proxy password field The space character may be used to remove characters when editing text fields except the Proxy password To remove a character in an entry field using the LCD user interface move the cursor on the character using the Left and Right arrows select the space character using the Up and Down arrows and then press ENTER Any space characters entered appear in the interface screen until the next time you revisit the screen IP Addresses Entry fiel
93. sion of the library must be consistent with the full freedom of use specified in this license Most GNU software including some libraries is covered by the ordinary GNU General Public License This license the GNU Lesser General Public License applies to certain designated libraries and is quite different from the ordinary General Public License We use this license for certain libraries in order to permit linking those libraries into non free programs When a program is linked with a library whether statically or using a shared library the combination of the two is legally speaking a combined work a derivative of the original library The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom The Lesser General Public License permits more lax criteria for linking other code with the library We call this license the Lesser General Public License because it does Less to protect the user s freedom than the ordinary General Public License It also provides other free software developers Less of an advantage over competing non free programs These disadvantages are the reason we use the ordinary General Public License for many libraries However the Lesser license provides advantages in certain special circumstances For example on rare occasions there may be a special need to encourage the widest possible use of a certain library so that it becomes a de facto standard
94. ss the Down arrow Special Characters in the PROXY PASSW field Order Character Name Order Character Name ascending ascending 1 underscore 16 plus 2 hyphen 17 equal 3 backslash 18 parenthesis left 4 slash 19 parenthesis right 5 bar 20 brace left 6 tilda 21 brace right 7 exclamation 22 bracket left 8 question 23 bracket right 9 Q atsign 24 less 10 number sign 25 gt greater 11 dollar 26 semicolon 12 percent 27 d double quote 13 Ax asciicircum 28 grave 14 amp ampersand 29 comma 15 i asterisk 30 period Qualys Scanner Appliance Use Guide 27 Chapter 2 Scanner Appliance Tour System Reboot and Shutdown System Reboot and Shutdown It is important to follow the proper system shutdown instructions described below If you do not follow these instructions file system corruption may occur How to reboot the system 1 2 4 With the Scanner Appliance name and IP address displayed press ENTER When the SETUP NETWORK menu option appears press the Down arrow to navigate through the menu options When the SYSTEM REBOOT menu option appears press ENTER to select the option When the REALLY REBOOT SYSTEM prompt appears press ENTER to confirm Review the confirmation messages starting with REBOOTING SYSTEM message The SCANNER APPLIANCE NAME IP ADDRESS is displayed after the Scanne
95. ss to copy from a designated place then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code even though third parties are not compelled to copy the source along with the object code 5 A program that contains no derivative of any portion of the Library but is designed to work with the Library by being compiled or linked with it is called a work that uses the Library Such a work in isolation is not a derivative work of the Library and therefore falls outside the scope of this License However linking a work that uses the Library with the Library creates an executable that is a derivative of the Library because it contains portions of the Library rather than a work that uses the library The executable is therefore covered by this License Section 6 states terms for distribution of such executables When a work that uses the Library uses material from a header file that is part of the Library the object code for the work may be a derivative work of the Library even though the source code is not Whether this is true is especially significant if the work can be linked without the Library or if the work is itself a library The threshold for this to be true is not precisely defined by law If such an object file uses only numerical parameters data structure layouts and accessors and small macros and small inline functions ten lines or less in length then
96. t be distributed under Sections 1 and 2 above and if the work is an executable linked with the Library with the complete machine readable work that uses the Library as object code and or source code so that the user can modify the Library and then relink to produce a modified executable containing the modified Library It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions b Use a suitable shared library mechanism for linking with the Library A suitable mechanism is one that 1 uses at run time a copy of the library already present on the user s computer system rather than copying library functions into the executable and 2 will operate properly with a modified version of the library if the user installs one as long as the modified version is interface compatible with the version that the work was made with c Accompany the work with a written offer valid for at least three years to give the same user the materials specified in Subsection 6a above for a charge no more than the cost of performing this distribution d If distribution of the work is made by offering access to copy from a designated place offer equivalent access to copy the above specified materials from the same place e Verify that the user has already received a copy of these materials or that you have already sent this user a copy
97. tagging protocol Configure VLAN using the Appliance UI 30 A VLAN that is defined using the Scanner Appliance UI is saved on the Appliance and can t be edited using the Qualys UI Important After making configuration changes be sure to complete the entire network configuration so that your Scanner Appliance makes a successful connection to the Qualys Cloud Platform Configure VLAN To configure the Scanner Appliance with a default VLAN interface on the LAN interface follow these steps 1 Gotothe SETUP NETWORK menu option and press ENTER to continue 2 Press the Down arrow one time When the ENABLE VLAN ON LAN menu option appears press ENTER to continue 3 When the prompt VLAN 0 4094 appears specify the VLAN ID The value 0000 appears in the screen by default Specify the VLAN ID and then press ENTER to continue Change VLAN A default VLAN that you ve added using the Scanner Appliance user interface LCD and Remote Console can be changed at any time To do this select the CHANGE VLAN ON LAN menu option from the SETUP NETWORK menu Then enter another VLAN ID and press ENTER Disable VLAN To disable a default VLAN select the CHANGE VLAN ON LAN menu option from the SETUP NETWORK menu Then enter the VLAN ID 0000 and press ENTER After the configuration is disabled the ENABLE DHCP ON LAN menu option appears on the Scanner Appliance interface Qualys Scanner Appliance Use Guide Chapter 2 Scanner App
98. the optional Remote Console interface Both the LCD display and Remote Console offer the same functionality and share the same menus and navigation ENTER key and arrows for a consistent user experience The Remote Console interface supports remote configuration and management of the Scanner Appliance using a VT100 terminal such as Windows HyperTerminal See Remote Console Interface Set Up optional Qualys Scanner Appliance Use Guide 21 Chapter 2 Scanner Appliance Tour Navigating the Appliance UI Navigating the Appliance UI Main Menu 22 To access the Scanner Appliance main menu press ENTER when the Scanner Appliance name and IP address are displayed The first menu option displayed is SETUP NETWORK SETUP on NETWORK d SR ENABLE PROXY ba 1C 31x DA RESET on NETWORK CONFIG Y L SYSTEM SHUTDOWN SYSTEM REBOOT VERSION INFO lt number gt EXIT THIS MENU Figure 2 1 Scanner Appliance Main Menu To move up through the menu options press the Up arrow To move down through the menu options press the Down arrow To select an option press ENTER To exit the main menu press the down arrow button until the EXIT THIS MENU option appears and then press ENTER Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Navigating the Appliance UI Navigation Indicators Each Scanner Appliance screen displays one or more indicators in the top right cor
99. the use of the object file is unrestricted regardless of whether it is legally a derivative work Executables containing this object code plus portions of the Library will still fall under Section 6 Otherwise if the work is a derivative of the Library you may distribute the object code for the work under the terms of Section 6 Any executables containing that work also fall under Section 6 whether or not they are linked directly with the Library itself 6 As an exception to the Sections above you may also combine or link a work that uses the Library with the Library to produce a work containing portions of the Library and distribute that work under terms of your choice provided that the terms permit modification of the work for the customer s own use and reverse engineering for debugging such modifications Qualys Scanner Appliance User Guide Appendix B Credits You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License You must supply a copy of this License If the work during execution displays copyright notices you must include the copyright notice for the Library among them as well as a reference directing the user to the copy of this License Also you must do one of these things a Accompany the work with the complete corresponding machine readable source code for the Library including whatever changes were used in the work which mus
100. up 2 The Appliance attempts to connect to the Qualys Cloud Platform using its configuration During this phase these messages appear in the order shown below CONTACTING QUALYS Filesystem check in progress CONTACTING QUALYS 3 The SCANNER APPLIANCE NAME IP ADDRESS is displayed after the Scanner Appliance makes a successful connection to the Qualys Cloud Platform This means your the Scanner Appliance is ready to start scanning If another message appears you need to take some action before you can start scanning e ACTIVATION CODE The Scanner Appliance needs to be activated Refer to the Quick Start for instructions e Network error A network error prevented the Scanner Appliance from making a connection to the Qualys Cloud Platform This issue must be resolved before scanning See Troubleshooting for help with resolving the issue Qualys Scanner Appliance Use Guide 29 Chapter 2 Scanner Appliance Tour Configure VLANs and Static Routes Configure VLANs and Static Routes The Scanner Appliance supports VLAN trunking on the LAN interface for scanning traffic VLAN trunking on the WAN interface is not supported One VLAN interface 802 1Q may be configured using the Scanner Appliance user interface LCD and Remote Console Up to 4094 VLANs and static routes can be defined using the Qualys web application How it works The Scanner Appliance adds VLAN tag s to all scanning packets following the 802 1Q
101. upported Characters Lower case letters upper case letters numbers and space These special characters may be entered underscore _ hyphen backslash and period When the PROXY PASSW prompt appears enter the password for Proxy authentication If authentication is not enabled at the Proxy level leave the entry field blank Press ENTER to continue Supported Characters Lower case letters upper case letters numbers and space Many special characters may be entered for the Proxy password When the REALLY ENABLE PROXY prompt appears press ENTER to continue Or press the Up arrow two times to quit this procedure and return to the SETUP NETWORK menu option Review the confirmation messages The ENABLING PROXY SUPPORT message appears followed by other messages while the Scanner Appliance attempts to make a connection to the Qualys Cloud Platform using the new configuration Upon success the SCANNER APPLIANCE NAME IP ADDRESS message appears and the configured proxy is now confirmed working and being used Qualys Scanner Appliance Use Guide Chapter 2 Scanner Appliance Tour Proxy Configuration Interface Enable Proxy The Scanner Appliance user interface to enable Proxy support is shown below Scanner Appliance Main Menu Legend SETUP 2 NETWORK VENTER D zDown Arrow ra ENABLE PROXY CONFIG PROXY PARAMETERS Je Main Menu IP ADDRESS Options 000 000 000 000 PROXY PORT y
102. x data transmission 10baseT Full 10baseT full duplex data transmission 10baseT Half 10baseT half duplex data transmission 8 When the desired WAN port link setting is displayed press ENTER to confirm the configuration setting 9 When the REALLY SET WAN TO value prompt appears press ENTER to store the configuration setting 10 Return to SETUP NETWORK A change to an Ethernet port setting takes effect right away Qualys Scanner Appliance Use Guide 47 Chapter 2 Scanner Appliance Tour Reset the Network Configuration Reset the Network Configuration You have the option to reset the network configuration to the factory default using the RESET NETWORK CONFIG menu option on the Scanner Appliance user interface For example you may wish to reset the network configuration for troubleshooting purposes when setting up the Scanner Appliance This is useful if you need to quickly set up the Scanner Appliance in a different location Important When you reset the network configuration the service resets the network settings to the factory default Any existing network settings that were customized by the user are removed These include settings entered using the Scanner Appliance interface such as static IP address Proxy support the WAN interface configuration Ethernet port configuration and user password store After the reset you must manually re enter any required network configuration settings using the Scanner Appliance int
103. y are added to your DHCP subnet configuration using option netbios name servers WINS1 WINS2 For an Appliance with a static IP address the WINS servers are defined with the static IP settings using the Appliance console Qualys Scanner Appliance User Guide 9 Chapter 1 Get Started Best Practices for internal scanning Best Practices for internal scanning Here are our best practices related to internal scanning Avoid scanning through a firewall from the inside out Problems can arise when scan traffic is routed through the firewall from the inside out i e when the scanner Appliance is sitting in the protected network area and scans a target which is located on the other side of the firewall We recommend placing scanner Appliances in your network topology in a way that scanning and mapping through a firewall from the inside out is avoided if possible From the Qualys Community Scanning through a firewall Check network access to scanners Go to Help gt About in the application The Scanner Appliances section lists URLs at the SOC Security Operations Center for your account location Your Scanner Appliances must be able to contact these URLs on port 443 For Private Cloud Platform the URLs displayed are appropriate to your local on site SOC From the Qualys Community How to check network access to scanners Consult your network group for scanner placement It s highly recommended that you work with your netw
104. y two minutes These messages appear in the order shown Welcome to Qualys Qualys Scanner is starting up Filesystem check in progress Qualys Scanner is coming up Once the Scanner Appliance makes a successful connection to the Qualys Cloud Platform you ll see the activation code message ACTIVATION CODE The activation code for the Scanner Appliance is displayed A unique code is assigned to each Appliance Make a note of the activation code and then go to enter the activation code You might see a network error message instead This will be reported if the Scanner Appliance did not make a successful connection to the Qualys Cloud Platform using its current network settings The network error must be resolved before you go to Step 3 Need help See Troubleshooting Tip If you ve set up the Remote Console it may be necessary to press the ENTER key on the VT100 terminal s keyboard to display the Remote Console interface Qualys Scanner Appliance User Guide 13 Chapter 1 Get Started Quick Start Complete the Network Configuration Enable the network configurations for the Scanner Appliance as appropriate in the order listed One or more configurations may be required Any network error must be resolved before going to Step 3 Refer to Troubleshooting for help with resolving any errors Configuration Options For information A Static IP Address See Configure Static IP Address on page 32
105. yer Fusion Oracle VirtualBox Client Server VMware vCenter vSphere Citrix XenServer Microsoft Hyper V Cloud Amazon EC2 Classic Amazon EC2 VPC Chapter 1 Get Started Before you begin Before you begin Check package accessories Your starter kit package should contain these components If any components are missing or damaged please contact Qualys Support Qualys Scanner Appliance User Guide AC power cord CAT6 cable Rack screws quantity 4 10 32 x 3 4 Phillips black matte with washer USB to RS232 converter cable Network requirements configuration Bandwidth Minimum recommended bandwidth connection of 1 5 megabits per second Mbps to the Qualys Cloud Platform Outbound HTTPS Access The local network must be configured to allow outbound HTTPS port 443 access to the Internet so that the Scanner Appliance can communicate with the Qualys Cloud Platform Appliance Access to Qualys Cloud Platform The Scanner Appliance must be able to reach certain infrastructure located at the Qualys Cloud Platform where your Qualys account is located Tip Log into your account and go to Help gt Account Info to see the Qualys Cloud Platform URLs Appliance Access to Target Host IPs The IP addresses for the hosts to be scanned must be accessible to the Scanner Appliance The Appliance must be able to resolve external DNS for the hostnames to be scanned LAN Interface
106. ys user interface to cancel any running scans and restart them to ensure that results are accurate How do I know the issue is resolved After the root cause is resolved you ll see the COMMUNICATION FAILURE message until the next time the Appliance makes a successful polling request to the Qualys Cloud Platform Then you ll see the Appliance s IP address friendly name and you can start scanning using your Appliance Note The COMMUNICATION FAILURE message may not disappear right away There may be a lag time after the network is restored and before the Appliance is back online depending on when the next polling request is scheduled Additional time is necessary for communications to be processed by a Proxy server if the Appliance has a Proxy configuration Qualys Scanner Appliance Use Guide 57 Chapter 3 Troubleshooting Communication Failure message 58 Qualys Scanner Appliance Use Guide APPFNDIX Product Specifications Configuration CPU Intel Xeon Quad Core 3 5GHz 8M Cache Memory 16GB DDR3 1600 Hard Drive 1TB 2 5 SATA 6Gb s 5400RPM Ethernet Two GbE ports USB Four USB 2 0 ports Power Input 100 240 VAC 50 60Hz 4A Single phase Power Consumption Max 91W 310 BTU hr Typical 80W 273 BTU hr Dimension 1 75 H x 17 W x 14 D inches Weight 12 65 Ibs Environment Acoustic Noise 45 dBA acoustic noise level at 23 C Operating Conditions 0
Download Pdf Manuals
Related Search
Related Contents
スペクトラムアナライザ MSA300シリーズ(Rev.2.0) Acer Aspire 392-5454 Capitolato Speciale d`Appalto HOT DOG MAKER TXS-286 KOHLER K-2229-0 Installation Guide dynamic 4000 2ab DES - AG2R La User manual - Howard Computers- https://telegra.ph/Calculate-Wire-Resistor-from-Voltage-Drop-6b946405-11-16
- https://telegra.ph/DC-Voltage-Drop-Calculator-2a19a533-11-16
- https://telegra.ph/Calculate-Wire-Resistor-from-Voltage-Drop-68cba0ff-11-16
- https://telegra.ph/Footer-Concrete-Volume-Calculator-36b41fff-11-17
- https://telegra.ph/Footer-Concrete-Volume-Calculator-5a09cfc7-11-17
- https://telegra.ph/Concrete-Block-Calculator-5730f6ce-11-17
- https://telegra.ph/Concrete-Volume-Calculator-for-Steps-173cfbe3-11-13
- https://telegra.ph/Calculate-Wire-Resistor-from-Voltage-Drop-486be4d0-11-18
- https://telegra.ph/DC-Voltage-Drop-Calculator-43ae3dc7-11-18
- https://telegra.ph/Calculate-Current-from-Voltage-Drop-e9b89a19-11-18