Focus Network

When a focus network is specified via the networks keyword, only one side of a session must match on the list. For example, if you have a DMZ that is part of the focus network list, PVS reports on vulnerabilities of the web server there, but not on web clients visiting from outside the network. However, a web browser within the DMZ visiting the same web server is reported.

In the diagram above, three sessions labeled A, B, and C are shown communicating to, from, and inside a focus network. In session A, PVS analyzes only those vulnerabilities observed on the server inside the focus network and does not report client side vulnerabilities. In session B, PVS ignores vulnerabilities on the destination server, but reports client side vulnerabilities. In session C, both client and server vulnerabilities are reported.

There is another filter that PVS uses while looking for unique sessions. This is a dependency that requires the host to run a major service. These dependencies are defined by a list of PVS plugin IDs that identify SSL, FTP, and several dozen other services.

Finally, the entire process of detecting these sessions can be filtered by specific network ranges and ports. For example, if a University ran a public FTP server that had thousands of downloads each hour, they may want to disable interactive sessions on port 21 on that FTP server. Similarly, disabling encryption detection on ports such as 22 and 443 also eliminates some noise for PVS.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.