TOC & Recently Viewed

Recently Viewed Topics

Scans

There are four basic methods of scanning: active vulnerability scanning, active credentialed vulnerability scanning, agent scanning, and continuous passive discovery scanning via NNM. Using all four types provides a comprehensive view of the organization’s security posture and reduces false positives.

Scan Type Description
active scanning

In active vulnerability scanning, the Nessus scanner sends packets to a remote target to provide a snapshot of network services and applications. These are compared to a plugin database to determine if any vulnerabilities are present. SecurityCenter can also use a Nessus scanner located outside the local network to simulate what an external entity might see.

For more information, see Active Scans.

active credentialed scanning

Nessus credentialed scans can be leveraged to perform highly accurate and rapid patch, configuration, and vulnerability audits on Unix, Windows, Cisco, and database systems by actually logging in to the target system with provided credentials. Credentialed scans can also enable the ability to enumerate all UDP and TCP ports in just a few seconds. SecurityCenter can securely manage these credentials across thousands of different systems and also share the results of these audits only with users who have a need to know.

Note: For more information on Nessus credentialed scanning, please refer to the Nessus Documentation.

For more information, see Active Scans.

agent scanning

Agent scan results are imported from Tenable.io™ or Nessus Manager scanners. Utilizing Nessus agents for scanning reduces network usage and allows for devices such as laptops to maintain scan schedules even when disconnected from the network. SecurityCenter can import these results for review in conjunction with other acquired information about the host and network.

For more information, see Agent Scans.

continuous passive discovery scanning

SecurityCenter can manage one or more Tenable Nessus Network Monitor (NNM) scanners. NNM provides continuous discovery of new hosts, new applications, and new vulnerabilities. It runs 24x7 and discovers highly accurate client and server vulnerability information. SecurityCenter fuses this information with the active or credentialed scan results from Nessus.

for more information, see Nessus Network Monitor (PVS).

Scan Objects

Complete SecurityCenter scan configurations rely on the following scan objects.

Scan Object Description
assets SecurityCenter assets are lists of devices (e.g., laptops, servers, tablets, phones, etc.) within a SecurityCenter organization. Assets can be shared with one or more users based on local security policy requirements.

You can add an asset to group devices that share common attributes. Then, you can use the asset during scan configuration to target the devices in the asset.

For more information, see Assets.

audit files

During a configuration audit, auditors verify that servers and devices are configured according to an established standard and maintained with an appropriate procedure. SecurityCenter can perform configuration audits on key assets through the use of Nessus’ local checks that can log directly onto a Unix or Windows server without an agent.

SecurityCenter supports a variety of audit standards. Some of these come from best practice centers like the PCI Security Standards Council and the Center for Internet Security (CIS). Some of these are based on Tenable’s interpretation of audit requirements to comply with specific industry standards such as PCI DSS or legislation such as Sarbanes-Oxley.

In addition to base audits, it is easy to create customized audits for the particular requirements of any organization. These customized audits can be loaded into the SecurityCenter and made available to anyone performing configuration audits within an organization.

NIST SCAP files can be uploaded and used in the same manner as an audit file. Navigate to NIST’s SCAP website (http://scap.nist.gov) and under the SCAP Content section, download the desired SCAP security checklist zip file. The file may then be uploaded to SecurityCenter and selected for use in Nessus scan jobs.

Once the audit policies are configured in SecurityCenter, they can be repeatedly used. SecurityCenter can also perform audits intended for specific assets. Through the use of audit policies and asset lists, a SecurityCenter user can quickly determine the compliance posture for any specified asset.

For more information, see Audit Files.

credentials

Credentials are reusable objects that facilitate a login to a scan target. Various types of credentials with different authentication methods can be configured for use within scan policies. Credentials may be shared between users for scanning purposes. Available credential types include:

  • Windows
  • SSH
  • SNMP community string
  • Database

SecurityCenter supports an unlimited number of SSH, Windows, and database credentials, and four SNMP credential sets per scan configuration.

For more information, see Credentials.

scan policies

Scan policies consist of configuration options related to performing an active vulnerability scan. These options include, but are not limited to:

  • Parameters that control technical aspects of the scan such as timeouts, number of hosts, type of port scanner, and more.
  • Granular plugin family or individual plugin based scan specifications.
  • Compliance policy checks (Windows, Linux, Database, etc.), report verbosity, service detection scan settings, audit files, patch management systems, and more.

For more information, see Scan Policies.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.