When the Vulnerability Manager Plus server is installed in a closed network without Internet connection, such as the Demilitarized Zone (DMZ), basic Patch Manager Plus capabilities such as patch synchronization, automatic updates etc, cannot be performed. The following steps will help you manually download all the missing patches and update them to the required computers.
The following steps will help you to perform vulnerability management in such cases:
|
You have successfully configured the tool and it is ready to be used. Configuring Proxy and setting up the tool are one time operations, whereas Updating the Vulnerability Database and downloading the required patches need to be done every time you want to scan for vulnerabilities and deploy the latest missing patches.
Execute the command patchsync.bat -c updatedb to download the patch details.
This will download the latest vulnerability information from the Central Vulnerability Database to the local computer. This download will take some time and after completion, the necessary information will be updated in the updatedb directory.
Copy the updatedb directory to the Vulnerability Manager Plus Server to <Installation Directory>/conf/CRSData directory.
From the web Console, under Threats tab, click on the Update Now button under Update Vulnerability DB. This will copy the necessary information from the updatedb directory to the local database present in the server. Now, the local database will have the information to perform vulnerability assessment and management.
Now, scan the computers in the network to identify the missing patches.
|
The next step is to download the missing patches from the computer with internet connection and copy it back to this computer.
To download the patches, you would first require the details of the missing patches. To get this, go to the Missing Patches view and click Export Missing Patches button. This will export the details of the missing patches that has not been downloaded and the dependent patches which should be downloaded as downloadUrlJson.txt
Copy this file to the directory in the computer where you had extracted the downloadmanager.7z
Open a command prompt and execute the command: patchsync.bat -c dwnpatch -f downloadUrlJson.txt
This will download all the missing patches to the store directory. Once all the files are downloaded, copy the contents of the store directory and copy it to the Vulnerability Manager Plus Server to <Installation_Dir>/webapps/DesktopCentral/Store directory (this is the default location; if this has been changed copy it to the appropriate location)
You should then update this information to the Vulnerability Manager Plus Server database so that all these patches are shown in the Downloaded Patches view. To do this, open the Downloaded Patches view and click Update Downloaded Patches button
All the manually downloaded patches will appear in the view from where you can deploy them to the required computers.
Now, you can successfully manage vulnerabilities in a closed network.