Detecting Encrypted and Interactive Sessions

Tenable Nessus Network Monitor can be configured to detect both encrypted and interactive sessions. An encrypted session is a TCP or UDP session that contains sufficiently random payloads. An interactive session uses timing and statistical profiling of the packets in a session to determine if the session involves human input at a command line prompt.

In both cases, Tenable Nessus Network Monitor identifies these sessions for the given port and IP protocol. It then lists the detected interactive or encrypted session as vulnerabilities.

Tenable Nessus Network Monitor has a variety of plugins to recognize telnet, Secure Shell (SSH), Secure Socket Layer (SSL), and other protocols. Combined with the detection of the interactive and encryption algorithms, Tenable Nessus Network Monitor may log multiple forms of identification for the detected sessions.

For example, Tenable Nessus Network Monitor may recognize not only an SSH service running on a high port as an encrypted session, but also recognize the version of SSH and determine any vulnerabilities associated with it.