Note: Passive Vulnerability Scanner (PVS) is now known as Nessus Network Monitor (NNM).
This document describes the new features and improvements that are introduced in PVS 5.0. A PDF file of these release notes is also available here.
- The supported upgrade path is from PVS 4.4.x to PVS 5.0. Installations running previous versions of PVS 4.4.x must upgrade to at least 4.4.x prior to upgrading to PVS 5.0. Refer to the PVS 5.0 User Guide for details on upgrading to PVS 5.0.
- PVS 5.0 is compatible with SecurityCenter 4.7.x and later.
- The HTML5 User Interface is automatically updated to version 1.6.0 via a plugin update.
Support is available for the following platforms:
- Red Hat Linux ES 5 / CentOS 5 64-bit
- Red Hat Linux ES 6 / CentOS 6 64-bit
- Red Hat Linux ES 7 / CentOS 7 64-bit
- Mac OS X 10.8 and 10.9 64-bit
- Microsoft Windows Vista, 7, 8, Server 2008, and Server 2012 64-bit
The Microsoft Visual C++ 2010 Redistributable Package is a prerequisite that needs to be installed on Windows before installing PVS. Refer to the documentation for more information.
File Names & MD5 Checksums
Improved User Interface
PVS 5.0 includes a much improved interface that provides a summarized dashboard seen after login amongst other new features. The dashboard contains multiple high-level summarized views into hosts, vulnerabilities, applications, operating systems, connections, and mobile devices discovered by PVS. Other additions include:
- A chord diagram is available that visualizes the client connections to servers on well-known ports.
- A network bandwidth chart trends the amount of data sent from client hosts to server hosts and vice versa.
- Improved navigation between client and server hosts, and new pivoting capabilities on any host.
- A Sankey diagram that provides a view of connections between client and server hosts by either host or by network service.
Improved VLAN Monitoring
A new Plugin (ID 19) summarizes all observed VLAN tags for a given host. This helps determine if a host has switched VLANs or is present on an incorrect or unexpected VLAN.
Detection and Analysis of Tunneled IPv6 Traffic
In addition to reporting the presence of tunneled IPv6 traffic, PVS now processes the IPv6 traffic within the tunnel. Teredo, 6to4, and 6in4 tunnel detections are now summarized in a single plugin (ID 20) and other detections will be associated to the IP addresses found within the tunneled traffic.
Increased Analysis of IPv6 Traffic
PVS now detects the presence of IPv6 headers and performs a complete analysis of IPv6 packets that contain extension headers.
Discovery of Applications within Encrypted Traffic
PVS increases application visibility by using TLS fingerprinting to discover applications whose traffic is encrypted.
Extended Packet Filtering
PVS provides more targeted packet filtering by extending its BPF filter support.
- Added HTTP Strict Transport Security (HSTS) headers to the PVS Web Server.
- Replaced initial certificates signed with the SHA1 hashing algorithm with certificates signed with SHA-256.
- PVS now displays both successful and unsuccessful last logon attempts immediately after login. Previously, only unsuccessful attempts were shown.
- Fixed an issue where SecurityCenter would continually report PVS status as "Updating Plugins".
- Extended an interval after which PVS needs to be reactivated if it has not received plugin updates from SecurityCenter during that interval. The interval has been extended from 14 days to 30 days.
- Replaced a PASL (ID 7043) with an internal plugin (ID 18) for summarized reporting of protocols used by hosts.
- Upgraded OpenSSL to 1.0.2f.