You are here: Install > Initial Configuration

Initial Configuration

SecurityCenter Web Interface

Navigation

To navigate within the SecurityCenter user interface, using the menus and navigation tools within the web interface screen is the preferred method, not the browser’s back and forward arrow buttons.

Launching the Web Interface

To launch the configuration interface, bring up a web browser on a system that has access to the system’s network address space and enter the URL in the following format, using the SecurityCenter’s IPv4 or IPv6 address or hostname:

https://<SERVER ADDRESS OR NAME>/

Note: The SecurityCenter web interface must be accessed using a secure web connection (https). SecurityCenter 5 does not listen on port 80.

Quick Setup Guide

The user is presented with the Quick Setup Guide welcome screen to begin a multi-step setup process for initial configuration. Each step is displayed on the left side of the screen.

For users that are familiar with SecurityCenter and would prefer to configure the system manually, select the "Exit Quick Setup Guide" to be taken to the Configuration page of SecurityCenter.

License

This will present a license upload screen:

In this step, the user is prompted to upload the license file that was received from Tenable. The format of the key file name is similar to:

# rpm -ivh SecurityCenter-5.x.x-es6.x86_64.rpm

Preparing...                ########################################### [100%]

   1:SecurityCenter         ########################################### [100%]

Installing Nessus plugins ... complete

Applying database updates ... complete.

By default, SecurityCenter will listen for HTTPS requests on ALL available interfaces. To complete your installation, please point your web browser to one of the following URL(s):

https://x.x.x.x

Starting SecurityCenter services

[  OK  ] SecurityCenter services: [  OK  ]

#

Click Choose File and use the browse dialog to upload your license key file. After uploading the license and clicking the Activate Button, the page indicates a valid license has been uploaded. In the event that an invalid license is uploaded, the user is prompted again to upload a valid license key file.

Additional Licenses

For SecurityCenter installations, a valid Nessus Activation Code must also be entered to register any Nessus scanners used by SecurityCenter. A valid LCE Activation Code must be entered to download the LCE Event vulnerability plugins to SecurityCenter. A valid PVS Activation Code is required to use and manage attached PVS scanners. The Activation Codes are hyphen delimited alpha-numeric strings that enable SecurityCenter to download plugins and update Nessus scanner plugins. The LCE Activation Code allows SecurityCenter to download event plugins, but does not manage plugin updates for LCE servers. After uploading a valid license key and entering a valid Activation Code(s), click “Next” to continue.

A + sign with a grey background indicates that there has not been a license applied for the product. A green box with a checkmark in it indicates a valid code is entered. A red box with an X indicates an invalid code. Clicking on the symbol will reveal an area to either add or reset the Activation Code. Once a new code has been entered into the text box and registered, it will indicate as valid or invalid.

A plugin download is initiated in the background. This plugin download can take several minutes and must complete before any Nessus scans are initiated. Once the plugin update has occurred, the “Last Updated” date and time are updated on the Plugins screen.

Nessus Scanner

Once the license and Activation Code(s) have been entered, the next stage of installation is to configure the first Nessus scanner. Nessus Cloud and Nessus Manager scanners that are to be used for Nessus Agent scan imports may enable or add the feature after the initial configuration is complete.

This screen asks for the information to connect to the Nessus scanner and the options are detailed in the following table:

Option

Description

Name

Descriptive name for the Nessus scanner.

Description

Scanner description, location, or purpose.

Host

Hostname or IP address of the scanner.

Port

TCP port that the Nessus scanner listens on for communications from SecurityCenter. The default port is 8834.

Enabled

A scanner may be “Enabled” or “Disabled” within SecurityCenter to allow or prevent access to the scanner.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the “Host” field matches the CommonName (CN) presented in the SSL certificate from the Nessus server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the Nessus scanner.

Username

Username generated during the Nessus install for daemon to client communications. This must be an administrator user in order to send plugin updates to the Nessus scanner. If the scanner will be updated by a different method, such as through another SecurityCenter, a standard Nessus user account may be used to perform scans. This field is only available if the Authentication Type is set to “Password”.

Password

The login password must be entered in this field. This field is only available if the Authentication Type is set to “Password”.

Certificate

This field is available if the Authentication Type is “SSL Certificate”. Select the “Browse” button, choose a SSL Certificate file to upload, and upload to the SecurityCenter.

PVS

When a PVS license is installed, the option to configure the initial PVS scanner is enabled.

This screen asks for the information to connect to the PVS scanner and the options are detailed in the following table:

Option

Description

Name

Descriptive name for the PVS scanner.

Description

Scanner description, location, or purpose.

Host

Hostname or IP address of the scanner.

Port

TCP port that the PVS scanner listens on for communications from SecurityCenter. The default is port 8835.

Enabled

A scanner may be marked as “Enabled” or “Disabled” within SecurityCenter to allow or prevent access to the scanner.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the “Host” field matches the CommonName (CN) presented in the SSL certificate from the PVS server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the PVS scanner.

Username

Username generated during the PVS install for daemon to client communications. This must be an administrator user in order to send plugin updates to the PVS scanner. This field is only available if the Authentication Type is set to “Password”.

Password

The login password must be entered in this field. This field is only available if the Authentication Type is set to “Password”.

Certificate

This field is available if the Authentication Type is “SSL Certificate”. Select the “Browse” button, choose a SSL Certificate file to upload, and upload to the SecurityCenter.

LCE

When a Log Correlation Engine license is installed, the option to configure the initial LCE server is enabled.

This screen asks for the information to connect to the PVS scanner and the options are detailed in the following table.

Option

Description

Name

Name used to describe the Log Correlation Engine.

Description

Descriptive text for the Log Correlation Engine.

Host

IP address of the Log Correlation Engine.

Check Authentication

This button checks the status of the authentication between SecurityCenter and the LCE server.

Import Vulnerabilities

When enabled, allows Event vulnerability data to be retrieved from the configured LCE server.

Port

Enter the port that the LCE reporter is listening on the LCE host.

Username

Enter the reporter username used to authenticate to the LCE to retrieve vulnerability information.

Password

Enter the reporter password used to authenticate to the LCE to retrieve vulnerability information.

Repository

Caution: When creating repositories, note that IPv4 and IPv6 addresses must be stored separately. Additional repositories may be created once the initial configuration is complete.

A repository is essentially a database of vulnerability data defined by one or more ranges of IP addresses. When the repository is created, a selection for IPv4 or IPv6 addresses must be made. Only IP addresses of the designated type may be imported to the designated repository. The “Organization” created in steps that follow can take advantage of one or more repositories. During installation, a single local repository is created with the ability to modify its configuration and add others post-install.

Caution: When creating SecurityCenter repositories, LCE event source IP ranges must be included along with the vulnerability IP ranges or the event data will not be accessible from the SecurityCenter UI.

Local repositories are based on the IP addresses specified in the “IP Ranges” field on this page during the initial setup. “Remote” repositories use addressing information pulled over the network from a remote SecurityCenter. Remote repositories are useful in multi-SecurityCenter configurations where security installations are separate but reports are shared. “Offline” repositories also contain addressing information from another SecurityCenter. However, the information is imported to the new installation via a configuration file and not via a direct network connection. This facilitates situations where the remote SecurityCenter is isolated from other networks via an “air gap”.

The screen capture below shows a sample repository configuration page using the “Local” repository option (the only type available during installation):

The following table describes the options available during the repository setup:

Repository Options

Option

Description

General

Name

The repository name.

Description

Descriptive text for the repository.

Data

Type

Determines if the repository being created is for IPv4 or IPv6 addresses.

IP Ranges

Allowed ranges for importing vulnerability data. Addresses may be a single IP address, IP range, CIDR block, or any comma-delimited combination (20 K character limit).

Advanced Settings

Generate Trend Data

Note: If trending is not selected, any query that uses comparisons between repository snapshots (e.g., trending line charts) will not be available.

This option allows for a periodic snapshot of the .nessus data for vulnerability trending purposes. This option is useful in cases where tracking data changes is important. In situations where repository datasets do not change frequently – negating the need for trending – disable this option to minimize disk space usage.

Days Trending

Sets the number of days for the trending data to track.

Enable Full Text Search

Determines if the trending data presented is indexed for a full text search.

 

Organization Setup

The “Organization” is the primary object within SecurityCenter used to group users and assign resources and permissions.

There are two areas to configure initially for the Organization. In the General area, provide the Organization name, description, and contact/location information as is relevant. The second aspect is to configure the Scanning ranges that the Organization will have access to. The IPs may be entered in CIDR or range notation.

LDAP Configuration

LDAP configuration enables users to utilize their external LDAP repository for SecurityCenter logins. Consult with your system administrator for necessary LDAP server settings and once all required fields have been completed, click “Check LDAP Configuration” to confirm. Click “Skip” to skip this step if LDAP is not going to be used or configured at this time.

Option

Description

Server Settings

Hostname

Enter the IP address or DNS name of the LDAP server in this field.

Port

Specify the remote LDAP port here. When Encryption is set to “none”, the LDAP port is typically 389, and when TLS or LDAPS is used, port 636 is the typical setting. Confirm the selection with your LDAP server administrators.

Encryption

This selection indicates if Transport Layer Security (STARTTLS) or LDAP over SSL (LDAPS) is used for communication with the LDAP server.

Username

If the LDAP server requires credentials to search for user data, then the “Username” and “Password” fields are required. By default, if an Active Directory server is used for LDAP queries, it requires an authenticated search. Enter the username within this field in the “email” style format (user@domain.com).

Password (optional)

If the LDAP server requires credentials to search for user data, then the “Username” and “Password” fields are required. By default, many LDAP servers require an authenticated search.

Tip: It is recommended to use passwords that meet stringent length and complexity requirements.

LDAP Schema Settings

Base DN

This is the LDAP search base used as the starting point to search for the user information.

User Object Filter

This string may be modified to create a search based on a location or filter other than the default search base or attribute.

User Schema Settings

Username Attribute

This is the attribute name on the LDAP server that contains the username for the account. This is often specified by the string “sAMAccountName” in Active Directory servers that may be used by LDAP. Contact your local LDAP administrator for the correct username attribute to use.

Email Attribute

This is the attribute name on the LDAP server that contains the email address for the account. This is often specified by the string “mail” in Active Directory servers that may be used by LDAP. Contact your local LDAP administrator for the correct email attribute to use.

Phone Attribute

This is the attribute name on the LDAP server that contains the telephone number for the account. This is often specified by the string “telephoneNumber” in Active Directory servers that may be used by LDAP. Contact your local LDAP administrator for the correct telephone attribute to use.

Name Attribute

This field is the attribute name on the LDAP server that contains the name associated with the account. This is often specified by the string “CN” in Active Directory servers that may be used by LDAP. Contact your local LDAP administrator for the correct name attribute to use.

User

Note: “Organizational users” refers to users without the admin role who perform day-to-day functions such as scanning and reporting.

The Security Manager user is the primary user created for the Organization and is the highest-level security manager within SecurityCenter. The Security Manager is also the initial Organizational user to log in and is responsible for creating other Organizational users. The Administrator field sets the initial Administrator’s (user name admin) password.

This user can be configured to log in using Tenable’s built-in authentication (TNS) or LDAP authentication with a remote authentication server.

Option

Description

Security Manager

First Name/Last Name

These fields define the first and last name of the Security Manager user.

Username

This field is to enter the username to be associated with the Security Manager.

Password/Confirm Password

These fields are for entering and confirming the password used for the Security Manager. The password entered should conform to the best practices of the organization where the SecurityCenter installation is being used when possible.

User Must Change Password

When enabled, once the user has successfully logged in for the first time they will be prompted to enter a new password.

Administrator

Password/Confirm Password

This field sets the first Administrator’s password (admin) and both fields must match. The password entered should conform to the best practices of the organization where the SecurityCenter installation is being used when possible.

After creating the Security Manager user and setting the Administrator password, click “Next” and setup is complete. You are now taken to the admin dashboard screen where you can review login configuration data.

Review

The review page is the last step of the Quick Setup process. This screen displays the settings entered throughout the process for review. If an area needs to be changed, click on that section’s title from the left-hand column. Once the settings are acceptable, click the Confirm button in the top right of the screen.

Copyright © 2016. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc. SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.