You are here: Cloud Platforms > AWS > Example Deployment

Example Deployment

This section demonstrates an example of PVSPassive Vulnerability Scanner running on a virtual machine functioning as a NAT gateway instance within an Amazon Web Services Virtual Private Cloud (VPC).

In the examples used in the instructions for setting up a NAT gateway, the VPC PVS-Deployment-VPC was created, which has the network range Additionally, the virtual machine instance PVS-Deployment-NAT was created in the PVS-Deployment-Public subnet to function as the NAT gateway. In this example, three other virtual machine instances were created within the PVS-Deployment-Private subnet. None of the virtual machine instances in PVS-Deployment-Private are assigned an external IP address and all outgoing traffic is routed through PVS-Deployment-NAT.

In this example, there are four virtual machine instances within PVS-Deployment-VPC:

VM Instance Name Internal IP Has External IP?
PVS-Deployment-NAT Yes
example-instance No
example-instance2 No
example-instance3 No

PVS is running on PVS-Deployment-NAT and has the following configuration:

Configuration Parameter Value
Monitored Network Interfaces eth0
Monitored Network IP Addresses and Ranges

With this configuration, PVS will monitor traffic

  • from the internal virtual machine instances to the Internet,
  • between PVS-Deployment-NAT and the internal virtual machine instances,
  • from the Internet to internal virtual machine instances if you have enabled port forwarding on the NAT gateway to make them Internet accessible,
  • and between PVS-Deployment-NAT and the Internet.

    Note: Due to the design of the hypervisor used by Amazon for running all virtual instances, traffic not addressed to a virtual instance can't be sniffed by the virtual instance. As a result, PVS can't monitor traffic between other virtual instances.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.