When deploying the Tenable Appliance in an external or untrusted environment, it is strongly recommended that additional security precautions be taken to protect the device from attack and illicit use. Consider implementing the following recommendations:
- Use a signed SSL Certificate from a trusted and reliable Certificate Authority.
- Configure user rules that restrict scanning to IP addresses they are permitted to scan. Adopt a “default deny” policy for user roles and scanning activity.
- When configuring the device via the web interface, avoid using a web proxy or other device that may assist a third party in obtaining sensitive information.