BeyondTrust Network Security Scanner 6.7.0 Release Notes

September 17, 2019

Release Availability:

  • This release is available by download from the BeyondTrust Client Portal (https://www.beyondtrust.com/support/) and using the BeyondTrust Auto-Updater.
  • The MD5 signature is: 2355c36b365c08c7eaca503078ffc3c7
  • The SHA-1 signature is: e8dfbe66cb38f222bb678df244228d84857707a9

New Features and Enhancements:

  • Support for the following Security Technical Implementation Guide (STIG) benchmark:
    • Red Hat Enterprise Linux 7 STIG Benchmark - Ver 2, Rel 2
  • Support for the following Center for Internet Security (CIS) SCAP benchmarks:
    • CIS Benchmark for Oracle Database 9i/10g v2.0.1
    • CIS Benchmark for Oracle Database 11g v1.0.1
    • CIS Benchmark for Oracle Database 11g R2 v2.2.0
    • CIS Benchmark for Oracle Database 12c v2.1.0
  • Ability to scan running Windows-based Docker containers.
  • Improved synthetic IP assignment when scanning Docker images and containers.
  • Enhanced details of port related processes when scanning Docker containers.
  • Obtain the IP addresses of foreign connections when scanning Docker containers.
  • Enumerate processes in Docker container scans.
  • Provide details about forwarded ports when scanning Docker containers.
  • Perform Authenticode verification of binaries run during Docker container scanning.
  • Properties can be viewed for completed and scheduled scans by right-clicking on the jobs grid.
  • Web Assessment report has been updated to OWASP 2017.
  • Improved ability to perform credential scans of IoT devices.
  • Improved Linux/Unix user enumeration.
  • Added SSH based OS detection for VMware vCenter.
  • Enhanced the authentication alerts for Cisco devices.
  • Support for audit 74023 ("Microsoft RDP BlueKeep Vulnerability").
  • Alert if the number of users enumerated on a target exceeds the job limit.
  • Added support for sudo elevation without a password.
  • Allow for sudo passwords greater than 128 bytes in length.
  • Enumeration dependency popup is no longer required or displayed when running a scan job.
  • Adjusted default central policy v2 interval to 30 minutes.
  • Web application scanning support for login pattern matching within frames.
  • Improved web application scanning cookie handling.
  • Support for routing web application scanning traffic through a web proxy.
  • Access report includes targets which failed to scan.
  • Option to include database discovery results in XML Assessment report.
  • Improved primary IP address reporting to the management console.
  • Prefix filename with "Error-" when an XML Assessment report fails to completely generate.
  • Rebranded "BeyondTrust Security Scanner Agent" to "Local Scan Service".
  • Improved performance of CHECK_FILE_VER_RECUR audits by removing redundant directory checks.
  • Improved the presentation of the tested and found values for certain Windows Registry audits.
  • Include TCP/53 in the default discovery port list.
  • PuTTY component upgraded to include security fixes through .71.
  • SQLite component upgraded to v3.29.0.
  • Python component upgraded to v2.7.16.
  • OpenSSL component upgraded to v1.1.1.
  • Microsoft Visual C++ 2017 x86 runtime upgraded to v14.22.27281.
  • Update TCP (NMAP) OS fingerprint database to version 37702.
  • Licensing component upgraded to v3.7.1.

Issues Resolved:

  • Resolved an issue where the address group dialog can exceed the screen size.
  • Resolved an issue with being unable to save web application scan results to a PDF file.
  • Resolved an issue with audit false positives related to Apache on Ubuntu.
  • Resolved an issue with DHCP status on *nix targets always reporting as false.
  • Resolved an issue with the configuration tool failing to set central policy password if the scanner engine service isn't running.
  • Resolved an issue with audit false positives related to Windows Defender.
  • Resolved an issue with audit false positives related to Microsoft Office and Visual Studio components.
  • Resolved an issue with redundant data returned in discovered IP enumeration.
  • Resolved an issue with scan results not purged when recovering from an error.
  • Resolved an issue with user enumeration results being included in scan results even when enumeration option is disabled.
  • Resolved an issue with software enumeration results being included in scan results even when enumeration option is disabled.
  • Resolved an issue with process enumeration results being included in scan results even when enumeration option is disabled.
  • Resolved an issue with Local Scan Service having no limit on number of exception files created.

Known Issues:

  • VMware offline scanning is supported only for virtual machines with Windows installed as the guest operating system.
  • For Vulnerability Management (formerly Retina) 651 and UVM embedded scanners, database scanning works only for Microsoft SQL Server and Oracle databases. MySQL database scanning is not supported.
  • Authentication requirements for custom audits are not properly defined.
  • After the Engine service has stopped, the raw packet driver continues to run.
  • When using the Local Scan Service option, SCAP scan jobs running against Red Hat targets could take several minutes to enter a paused or scan-restricted state.

Notes:

  • Features that use the Microsoft .NET framework - including SCAP support, the audit modification and customization dialogs, PowerShell integration, reporting, and the guided user interface - require Microsoft .NET 4.5.2 or higher.
  • Network Security Scanner 6.4.0 and higher install the Microsoft Universal C runtime.
  • Network Security Scanner 6.4.0 and higher install the Microsoft Visual C++ 2017 x86 runtimes.
  • Network Security Scanner 6.0.1 and higher install the Microsoft Visual C++ 2008 x86 runtimes.
  • To scan offline VMware virtual machines without having to power them on prior to scanning, you must have BeyondInsight installed.
  • VMware offline scanning requires VMware's Virtual Disk Development Kit (VDDK).
  • Scanning of MySQL databases depends upon the prior installation of an ODBC driver; Connector/ODBC 5.1 or higher is recommended.
  • Database scanning will yield the best results with the most powerful users; for MySQL, this will be the 'root' user; for Oracle, it will be the 'sys' user acting 'AS SYSDBA'.
  • Scanning of Amazon Web Services instances requires BeyondInsight.