Nessus Agents. October 2015



Similar documents
Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

SecurityCenter 5.1 with Nessus Agent Support. October 22, 2015

Nessus and Mobile Device Scanning. November 7, 2014 (Revision 12)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Patch Management Integration

Installation Overview

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

1. Installation Overview

Tenable Network Security Support Portal. January 12, 2015 (Revision 14)

How To Run The Nessus 6 Vulnerability Scanner On A Pc Or Mac Or Linux (For A Non-Procedure) On A Microsoft Mac Or Pc Or Linux On A Mac Or Mac (For An Unprocedured Pc Or

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Medical Device Security Health Group Digital Output

Nessus Cloud User Registration

How to Use? SKALICLOUD DEMO

Nessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide. July 16, 2014 (Revision 2)

Tenable for CyberArk

Chapter 4 Application, Data and Host Security

CLOUD API DOCUMENTATION v2.0. Get list of cloud servers in account

Egress Switch Client Deployment Guide V4.x

eeye Digital Security Product Training

System Management. What are my options for deploying System Management on remote computers?

NetSupport Manager v11

Log Correlation Engine 4.6 Quick Start Guide. January 25, 2016 (Revision 2)

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Persona Backup and OS Migration for insync Private Cloud 5.5. June 16, 15

Managed Antivirus Quick Start Guide

QuickStart Guide for Managing Computers. Version 9.2

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

Top 20 Critical Security Controls

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

This policy applies to all instances of LANDesk client software installed on Creighton-owned hardware that are connected to JAYNet.

Complete Patch Management

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Section 12 MUST BE COMPLETED BY: 4/22

CloudPassage Halo Technical Overview

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

1. Product Information

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.

Online Backup Client User Manual Linux

Nessus and Antivirus. January 31, 2014 (Revision 4)

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

IBM Tivoli Endpoint Manager for Lifecycle Management

Avoiding the Top 5 Vulnerability Management Mistakes

FAQ. How does the new Big Bend Backup (powered by Keepit) work?

Nipper Studio Beginner s Guide

KASEYA CLOUD SOLUTION CATALOG 2016 Q1. UPDATED & EFFECTIVE AS OF: February 1, Kaseya Catalog Kaseya Copyright All rights reserved.

RecoveryVault Express Client User Manual

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Patch Management SoftwareTechnical Specs

IBM Endpoint Manager for Lifecycle Management

Protecting Critical Infrastructure

What s New in Centrify Server Suite 2013 Update 2

Online Backup Client User Manual

Online Backup Linux Client User Manual

Online Backup Client User Manual

PATCH MANAGEMENT POLICY IT-P-016

Secondary DMZ: DMZ (2)

SYSTEM DEPLOYMENT & SECURITY AUDITING WITH RHN SATELLITE & NESSUS

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

WHITEPAPER. Nessus Exploit Integration

BM482E Introduction to Computer Security

Industrial Security for Process Automation

May 11, (Revision 10)

Chapter 15: Computer and Network Security

CloudPassage Halo Technical Overview

Host/Platform Security. Module 11

RingStor User Manual. Version 2.1 Last Update on September 17th, RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ

Desktop Central Managing Windows Computers in WAN

IBM Tivoli Endpoint Manager for Security and Compliance

VULNERABILITY MANAGEMENT

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

IBM Endpoint Manager for Server Automation

24/7 Visibility into Advanced Malware on Networks and Endpoints

Stephen Coty Director, Threat Research

Critical Security Controls

CTERA Agent for Linux

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

Security Advice for Instances in the HP Cloud

BitDefender Client Security Workstation Security and Management

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

How To Install Storegrid Server On Linux On A Microsoft Ubuntu 7.5 (Amd64) Or Ubuntu (Amd86) (Amd77) (Orchestra) (For Ubuntu) (Permanent) (Powerpoint

How to Add, Deactivate, or Edit a Contact

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

ESET SHARED LOCAL CACHE

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

AN OVERVIEW OF VULNERABILITY SCANNERS

Cybersecurity Health Check At A Glance

Securing the Service Desk in the Cloud

Transcription:

Nessus Agents October 2015

Table of Contents Introduction... 3 What Are Nessus Agents?... 3 Scanning... 4 Results... 6 Conclusion... 6 About Tenable Network Security... 6 2

Introduction Today s changing threat landscape requires organizations to constantly change how they detect threats against the network. Starting with Nessus 6.3, Tenable has released Nessus Agents, a host-based tool designed to help organizations solve some of the problems encountered with traditional, network-based vulnerability assessments. Network-based vulnerability assessments have a few core challenges. First, to provide the most detailed and complete results, they require credentials to access resources on target hosts. In some organizations, this requirement can cause considerable problems, especially in situations where the IT department believes that there is too much risk in providing credentials to the security team. Additionally, some organizations may not feel comfortable allowing a single username and password combination to connect across the entire environment. Those credentials need to follow the organization s password policy, and more than one set of credentials may be required to scan all systems on the network, even on a single platform. Second, network-based vulnerability assessment tools shine when they are scanning a mostly static network. However, increasingly mobile workforces have decreased the effectiveness of traditional scanning. Geographically distributed sales teams, remote workers, and traveling executives can easily create gaps in asset availability during a vulnerability assessment. While traditional network scans have to originate from a scanner that reaches out to the hosts being scanned, using Nessus Agents, hosts can run the scan while they re not on the network, and then call back in to Nessus Cloud or Nessus Manager once they obtain their results. What Are Nessus Agents? Nessus Agents are lightweight programs that are installed locally on a host. Agents collect vulnerability, compliance, and system data and report that information back to a Nessus Manager system. Nessus Agents currently support 32 and 64-bit editions of the following operating systems: Windows 7 Windows Server 2008 and Server 2008 R2 Windows Server 2012 and Server 2012 R2 Windows 8 Mac OS X CentOS and Red Hat 5, 6, and 7 Amazon, Debian, and Ubuntu Linux Agents run under the local SYSTEM account in Windows or root on Unix-based operating systems, and require sufficient privileges to install software under that account on setup. Nessus Agents are packaged for installation on their respective platforms, and after installation, a scriptable command can be used to register the agent with an instance of Nessus Cloud or Nessus Manager. Once agents are connected, they are managed and updated via Nessus Cloud or Nessus Manager. 3

By default, Nessus Agents communicate back to the Nessus Cloud or Nessus Manager in the same way that standard Nessus scanners do: over TCP port 8834. That communication is encrypted with AES-256 encryption, depending on configuration at the time of installation. Because Nessus Agents are packaged for easy installation, they can be deployed using software management systems such as Microsoft s System Center Configuration Manager (SCCM). Additionally, the configuration of Nessus Agents can be scripted, which allows administrators to easily deploy agents across multiple systems with minimal effort. All of this can be done without needing to create additional administrator or service accounts on the network. Nessus Agents also autoupdate from the Manager once they are installed, so deployment only needs to be done once. Scanning Starting an agent-based assessment will look very familiar to existing Nessus users, with a few slight differences. To get started, users will need to select a template from the new Agents section of the Scan Library. Instead of selecting a scanner or manually entering targets, users will be provided with an option to select groups of agents to serve as targets for the assessment. Users will then need to specify how long a scan is to run; this is the window of time in which targeted agents can check in and upload their results for a particular assessment. 4

There are four agent scan templates: Basic Agent, Policy Compliance Auditing, Windows Malware, and Advanced, which is a combination of the other scan types. Additionally, there are a series of local configuration checks that can be run on the local host. Because each agent runs its local scan independent from other scanners, assessments complete and report their results back to Nessus Manager or Nessus Cloud quickly. Scan Type Basic Agent Scan Policy Compliance Auditing Windows Malware Scan Capabilities Local patch checking and local information gathering, such as users, status of antivirus software, software starting up via the registry, USB device history, and more. Checks hosts against administrator-specified compliance and system hardening and configuration policies. Scans for malware on systems connected via Windows agents. Advanced Agent Scan A fully customizable agent scan that allows administrators to turn off specific plugins, check for malware and other harmful software, and more. When a scan is initiated, the Nessus Manager sends instructions to each Nessus Agent to run a configured scan. Once the scan has been initiated on the Manager, each agent in the defined scan group is given a certain amount of time to check back in to the Manager with their results. If an agent is offline or cannot connect back to the Manager within the defined window, it is treated the same way that an offline host would be in a traditional network scan, and doesn t appear in the results. A scan will show as still running while it waits for any agents that have not checked back in with their results. 5

When creating scans, administrators can now choose between either traditional scans using full Nessus scanners or agentbased scans using Nessus Agents. Each type of scan serves a different role. Traditional, credentialed scans are well suited to assessing servers and static desktops, while agents can be used on laptops and other systems that may need special consideration. For organizations that are comprised completely of remote workers, a fully agent-based deployment enhances the assessment capabilities from previous versions of Nessus. Because agents are easily added to existing Nessus Manager deployments, organizations that simply wish to augment their existing assessment infrastructure with the flexibility that agents provide can do so. Results Scan results from Nessus Agents will look familiar to users who have previous experience with Nessus. Results are organized by the hostname of the device on which the agent is installed, and display the number of detected vulnerabilities. Results management, for the most part, remains similar to that of traditional Nessus usage, where reports can be generated and sent to administrators or analysts for action. However, by using Nessus Agents on individual laptops or workstations, additional reporting options are available for organizations. Conclusion Tenable s Nessus Agents feature gives organizations increased flexibility and options when deploying Nessus. Lightweight Nessus Agents can provide visibility into parts of an organization s network that would have previously been difficult or impossible to scan using traditional methods. Also, because agents are installed similarly to other applications, there is no need for the creation of additional user accounts or managing system account passwords. Systems that were previously offlimits due to internal policies regarding credential management, assets that might have been unavailable previously, and other types of remote and mobile systems are now more easily accessible thanks to Nessus Agents. About Tenable Network Security Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Our family of products includes SecurityCenter Continuous View, which provides the most comprehensive and integrated view of network health, and Nessus, the global standard in detecting and assessing network data. Tenable is relied upon by many of the world s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense. For more information, visit tenable.com. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information