IBM Proventia Network Enterprise User Manual - What Is Perspective?
Chapter 9: Understanding Scanning Processes in SiteProtector
124
IBM Internet Security Systems
What is Perspective?
Introduction
When you scan a group of assets, you anticipate and interpret results based on the
location of your agent relative to the location of the assets. Scanning a group of assets from
inside a firewall, for example, produces different results than scanning the same group of
assets from outside the firewall.
Perspective
identifies network
location
With Enterprise Scanner, you use perspective to define logical locations on your network.
When you add an agent to SiteProtector, you assign it to a perspective that identifies the
agent’s location on the network. When you configure a scan, you choose the perspective
from which you want to scan the IP addresses or the assets in the group.
Default perspective
Enterprise Scanner contains one predefined perspective—Global. If you plan to scan from
just one location on your network, you may use the default perspective. Or, you may
create a user-defined perspective to use instead of the default.
Technical
requirements
The network location that a perspective represents must meet the following technical
requirements:
●
A perspective is a set of subnets from which you expect the same results from
scanning or monitoring your network regardless of where you connect the agents
within that set of subnets.
●
Within that set of subnets, no network traffic is blocked and no network address
translation occurs.
Use for distributed
scanning
Perspective makes it possible to easily distribute the workload among multiple agents:
●
If you have just one agent in a perspective, that agent performs all the scans that run
from that perspective.
●
If you have two or more agents in a perspective, Enterprise Scanner automatically
balances the distribution of tasks among the agents in that perspective.
Flexibility
Identifying agents by perspective instead of by a specific name or IP address makes it
easier to respond to changes in your scanning environment. If you add an agent to a
perspective, that agent automatically shares the workload with the other agents in that
perspective. Likewise, if you remove an agent from a perspective that contains multiple
agents, the remaining agents continue to run the scans assigned to that perspective. In
either case, no additional configuration is required, and there is no interruption to your
scanning cycles.
Use meaningful
perspective names
The name you use for a perspective should reflect the implications of scanning from that
location. Using the example of setting up agents inside and outside a firewall, descriptive
perspective names would be Atlanta-InsideFirewall and Atlanta-OutsideFirewall.
Placing agents in
the correct
perspective
A perspective name has no inherent meaning to Enterprise Scanner. You must make sure
that the agents you add to each perspective make logical sense there. If you add an agent
to a perspective that is not logical for that agent, Enterprise Scanner is not able to
determine that you have made a mistake.