TOC & Recently Viewed

Recently Viewed Topics

Focus Network

When a focus network is specified via the networks keyword, only one side of a session must match on the list. For example, if you have a DMZ that is part of the focus network list, NNM reports on vulnerabilities of the web server there, but not on web clients visiting from outside the network. However, a web browser within the DMZ visiting the same web server is reported.

In the diagram above, three sessions labeled A, B, and C are shown communicating to, from, and inside a focus network. In session A, NNM analyzes only those vulnerabilities observed on the server inside the focus network and does not report client side vulnerabilities. In session B, NNM ignores vulnerabilities on the destination server, but reports client side vulnerabilities. In session C, both client and server vulnerabilities are reported.

There is another filter that NNM uses while looking for unique sessions. This is a dependency that requires the host to run a major service. These dependencies are defined by a list of NNM plugin IDs that identify SSL, FTP, and several dozen other services.

Finally, the entire process of detecting these sessions can be filtered by specific network ranges and ports. For example, if a University ran a public FTP server that had thousands of downloads each hour, they may want to disable interactive sessions on port 21 on that FTP server. Similarly, disabling encryption detection on ports such as 22 and 443 also eliminates some noise for NNM.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.