Nessus and Mobile Device Scanning. November 7, 2014 (Revision 12)



Similar documents
Nessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide. July 16, 2014 (Revision 2)

How To Run The Nessus 6 Vulnerability Scanner On A Pc Or Mac Or Linux (For A Non-Procedure) On A Microsoft Mac Or Pc Or Linux On A Mac Or Mac (For An Unprocedured Pc Or

Tenable Network Security Support Portal. January 12, 2015 (Revision 14)

Nessus and Antivirus. January 31, 2014 (Revision 4)

Log Correlation Engine Backup Strategy

Patch Management Integration

Log Correlation Engine 4.6 Quick Start Guide. January 25, 2016 (Revision 2)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Nessus Agents. October 2015

How to Add, Deactivate, or Edit a Contact

Tenable for CyberArk

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

SecurityCenter 4.4 Administration Guide

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

SecurityCenter 4.2 Administration Guide

Nessus Credentialed Checks. November 24, 2014 (Revision 38)

Passive Vulnerability Scanner 4.0 User Guide. September 18, 2014 (Revision 12)

SecurityCenter 4.8 Administration Guide. October 2, 2015 (Revision 13)

Nessus 5.2 Enterprise User Guide. September 5, 2014 (Revision 9)

24/7 Visibility into Advanced Malware on Networks and Endpoints

VULNERABILITY MANAGEMENT

SecurityCenter 5.1 with Nessus Agent Support. October 22, 2015

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

3D Tool 2.0 Quick Start Guide

Secret Server Qualys Integration Guide

WHITEPAPER. Nessus Exploit Integration

Nessus 5.2 HTML5 User Guide. September 5, 2014 (Revision 48)

Nessus Cloud User Registration

Best Practices. Understanding BeyondTrust Patch Management

Passive Vulnerability Scanner 4.2 User Guide. June 8, 2015 (Revision 12)

April 11, (Revision 2)

Kaspersky Lab Mobile Device Management Deployment Guide

Understanding BeyondTrust Patch Management

SecurityCenter 4.4 Architecture

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

Office 365 Windows Intune Administration Guide

How to Register for Training

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Nessus 6.4 User Guide

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)

4. Getting started: Performing an audit

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Tenable for Google Cloud Platform

PULSE APPCONNECT. A Micro VPN That Allows Specific Applications on Mobile Devices to Independently Leverage the Connect Secure Gateway.

Defender Token Deployment System Quick Start Guide

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Concierge SIEM Reporting Overview

Technical Note. ForeScout CounterACT Endpoint Detection & Inspection Methods

GlobalSign Integration Guide

Vulnerability Management for. Mobility. Issue 2. Identify Mobility Risk through Mobile Device Visibility and Vulnerability Assessment

Extreme Networks Security Vulnerability Assessment Configuration Guide

May 11, (Revision 10)

The SIEM Evaluator s Guide

June 8, (Revision 1)

Protecting Critical Infrastructure

Learn More MaaS360 Cloud Extender Checklist (MDM for Blackberry)

MaaS360 Cloud Extender

Nessus 5.0 Flash User Guide. April 22, 2013 (Revision 23)

MaaS360 On-Premises Cloud Extender

Advanced Configuration Steps

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

ManageEngine Desktop Central. Mobile Device Management User Guide

GFI Product Manual. Administration and Configuration Manual

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)

How To Deploy Software Updates Using SCCM 2012 R2

User Management Guide

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Administrator's Guide

Introduction to the EIS Guide

AV Management Dashboard

5nine Security for Hyper-V Datacenter Edition. Version 3.0 Plugin for Microsoft System Center 2012 Virtual Machine Manager

Preparing for GO!Enterprise MDM On-Demand Service

Deployment Guide for Microsoft Lync 2010

Using Nessus In Web Application Vulnerability Assessments

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Complete Patch Management

Web Application Vulnerability Testing with Nessus

Nessus Credential Checks for Unix and Windows

Client Manager for Endpoint Protection (CMEP) User s Guide

Mobile Labs Plugin for IBM Urban Code Deploy

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Best Practice Configurations for OfficeScan (OSCE) 10.6

Tenable Enterprise Product Training

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

IBM Security QRadar Vulnerability Manager Version User Guide

Nessus 6.1 User Guide. December 1, 2014 (Revision 4)

Thexyz Premium Webmail

Radia Cloud. User Guide. For the Windows operating systems Software Version: Document Release Date: June 2014

Transcription:

Nessus and Mobile Device Scanning November 7, 2014 (Revision 12)

Table of Contents Introduction... 3 Standards and Conventions... 3 Overview... 3 Scanning for Mobile Devices with Nessus... 4 Creating a Scan... 4 Plugins and Policy Preferences... 5 Reports... 10 For Further Information... 11 About Tenable Network Security... 12 2

Introduction This document describes how Tenable Network Security s Nessus vulnerability scanner integrates with Microsoft Active Directory and mobile device management servers to identify mobile devices in use on the network. Please email any comments and suggestions to support@tenable.com. This document specifically covers Nessus integration with mobile device management. Installation, configuration, and management of Nessus is covered by other documents. A basic understanding of Nessus functionality, mobile devices, and system administration is assumed. Standards and Conventions Throughout the documentation, filenames, daemons, and executables are indicated with a courier bold font such as gunzip, httpd, and /etc/passwd. Command line options and keywords are also indicated with the courier bold font. Command line examples may or may not include the command line prompt and output text from the results of the command. Command line examples will display the command being run in courier bold to indicate what the user typed while the sample output generated by the system will be indicated in courier (not bold). Following is an example running of the Unix pwd command: # pwd /opt/sc4/daemons # Important notes and considerations are highlighted with this symbol and grey text boxes. Tips, examples, and best practices are highlighted with this symbol and white on blue text. Overview Mobile device saturation has reached an all-time high, as both individuals and corporations become more reliant on them to conduct their affairs. An entire market has quickly evolved, centered on Bring Your Own Device (BYOD) security and integration. Like it or not, and know it or not, mobile devices are increasingly being connected to corporate networks. In some cases, such connections may seem like a harmless activity such as charging a battery. In reality, simply charging the device is often performed via USB connection, and doing so may bridge the device with the computer. Active scanning cannot always detect mobile devices on the network directly since the devices are not always active on the network. There are several approaches that can be taken to identify mobile devices connecting to the network. One is to leverage a Mobile Device Management (MDM) console, which will contain a lot of useful information about mobile devices on the network. The drawback to this approach is the reason the issue is called Bring Your Own Device ; the device is often a personal device that is not enrolled in the MDM system. A better approach is to leverage information obtained from devices that connect to Microsoft Exchange servers. Basically, any employees who self-enroll with ActiveSync are sending their mobile OS version and more information back to the Exchange server. This provides a non-intrusive method to obtain the device type and OS version. Since Exchange is so widely deployed, the information is already available in many infrastructures. The drawback to this approach is that the information obtained is less granular than what is available on an MDM. 3

The Nessus Mobile Devices plugin family provides the ability to obtain information from devices registered in a MDM and from Active Directory servers that contain information from MS Exchange servers. This currently includes Apple iphone, Apple ipad, Windows Phone, and Android devices that supply version information, and have checked in to their respective servers in the last 3 months. The Nessus scanner must be able to reach the mobile device management (MDM) servers to query for information. You must ensure there are no screening devices that block traffic to these systems from the Nessus scanner. In addition, Nessus must be provided administrative credentials (e.g., domain administrator) to the Active Directory servers. Scanning for Mobile Devices with Nessus Nessus 5 currently has the ability to scan Microsoft Active Directory Service Interfaces (ADSI), Apple Profile Manager, MobileIron, and Good, allowing for the inventory and vulnerability scanning of both Apple ios-based and Android devices. Nessus can be configured to authenticate to these servers, query for mobile device information, and report on any issues. To scan for mobile devices, Nessus must be configured with authentication information for the management server and the mobile plugins of interest. Since Nessus authenticates directly to the management servers, a scan policy does not need to be configured to scan specific hosts. Creating a Scan In order to scan a mobile system, create a new policy and select the Mobile Device Scan policy wizard. It will ask the basic information required to perform the scan and auto-create the rest of the policy. The wizard will also let you control report verbosity, scan result sharing, and input credentials to access the mobile manager. 4

If any changes need to be made regarding the Mobile scanning, editing the policy will also update the settings for the Mobile template. For ActiveSync scans that access data from Microsoft Exchange servers, Nessus will retrieve information from phones that have been updated in the last 365 days. Plugins and Policy Preferences To complete a scan of mobile devices, you can also create a policy the traditional way. Rather than selecting the default Mobile Device Scan, select Advanced Scan. To scan mobile device management servers, authentication credentials are established in the Credentials tab and the Mobile sub-heading of an Advanced Scan, or Step 2 of the Mobile Scan policy wizard. Your scan policy does not need to be configured to scan any ports or use any port scanners. A majority of mobile device plugins can be found in the plugin family Mobile Devices, visible under an Advanced Scan policy. In addition, there are a few mobile device related plugins in the Service detection (Apple Profile Manager Detection) and Settings families (Apple Profile Manager API Settings and ADSI Settings for ActiveSync). 5

Nessus can also use ActiveSync in addition to a mobile manager: ActiveSync (Microsoft Exchange) allows Nessus to query an ActiveSync server to determine if any Android or iosbased devices are connected. Using the credentials and server information, Nessus authenticates to the domain controller (not the Exchange server) to directly query it for device information. This feature does not require any ports be specified in the scan policy. These settings are required for mobile device scanning. Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only. Nessus cannot retrieve that information from Exchange Server 2007. 6

AirWatch allows Nessus to query the AirWatch API to gather information about all the mobile devices it manages. Using the credentials and the API key, Nessus authenticates to the server to directly query it for device information. This feature does not require any ports be specified in the scan policy. Optionally, communications over SSL can be specified, as well as verifying the SSL certificate. 7

Apple Profile Manager allows Nessus to query an Apple Profile Manager server to enumerate Apple ios-based devices (e.g., iphone, ipad) on the network. Using the credentials and server information, Nessus authenticates to the Profile Manager to directly query it for device information. Optionally, communications over SSL can be specified, as well as directing the server to force a device information update (i.e., each device will update its information with the Profile Manager server). 8

Good for Enterprise allows Nessus to query a Good server to enumerate mobile devices on the network. Using the credentials and server information, Nessus authenticates to the Good server to directly query it for device information. Optionally, communications over SSL can be specified as well as strict SSL certificate verification. 9

MobileIron allows Nessus to query a MobileIron server to enumerate any attached mobile devices (e.g., iphone, ipad, HTC, BlackBerry, Android). Using the credentials and server information, Nessus uses authenticated API calls to query the server for device information. Optionally, communications over SSL can be specified, as well as directing the server to verify the SSL certificate for enhanced security. Reports Once your scan has completed, the results will be available under the Reports tab. Click on the report to begin navigating through the information. More information on reporting can be found in the Nessus User Guide. 10

Each finding will display a list of devices presenting the issue at the bottom of the report: For Further Information Tenable has produced a variety of other documents detailing Nessus installation, deployment, configuration, user operation, and overall testing: Nessus 6.0 Installation and Configuration Guide step by step walk through of installation and configuration Nessus 6.0 User Guide how to configure and operate the Nessus User Interface Nessus Enterprise 6.0 User Guide how to configure and operate the Nessus User Interface for Nessus Enterprise Nessus Enterprise Cloud User Guide describes use of Nessus Enterprise Cloud and includes subscription and activation, vulnerability scanning, compliance reporting, and Nessus Enterprise Cloud support Nessus Credential Checks for Unix and Windows information on how to perform authenticated network scans with the Nessus vulnerability scanner Nessus Compliance Checks high-level guide to understanding and running compliance checks using Nessus and SecurityCenter Nessus Compliance Checks Reference comprehensive guide to Nessus Compliance Check syntax 11

Nessus v2 File Format describes the structure for the.nessus file format, which was introduced with Nessus 3.2 and NessusClient 3.2 Nessus 5.0 REST Protocol Specification describes the REST protocol and interface in Nessus Nessus and Antivirus outlines how several popular security software packages interact with Nessus, and provides tips or workarounds to allow the software to better co-exist without compromising your security or hindering your vulnerability scanning efforts Nessus and Scanning Virtual Machines describes how Tenable Network Security's Nessus vulnerability scanner can be used to audit the configuration of virtual platforms as well as the software that is running on them Strategic Anti-malware Monitoring with Nessus, PVS, and LCE describes how Tenable's USM platform can detect a variety of malicious software and identify and determine the extent of malware infections Patch Management Integration document describes how Nessus and SecurityCenter can leverage credentials on the Red Hat Network Satellite, IBM TEM, Dell KACE 1000, and Microsoft WSUS and SCCM patch management systems to perform patch auditing on systems for which credentials may not be available to the Nessus scanner Real-Time Compliance Monitoring outlines how Tenable s solutions can be used to assist in meeting many different types of government and financial regulations Tenable Products Plugin Families provides a description and summary of the plugin families for Nessus, Log Correlation Engine, and the Passive Vulnerability Scanner SecurityCenter Administration Guide Other online resources are listed below: Nessus Discussions Forum: https://discussions.nessus.org/ Tenable Blog: http://blog.tenable.com/ Tenable Podcast: http://www.tenable.com/podcast Example Use Videos: http://www.youtube.com/user/tenablesecurity Tenable Twitter Feed: http://twitter.com/tenablesecurity Please feel free to contact Tenable at support@tenable.com, sales@tenable.com, or visit our web site at http://www.tenable.com/. About Tenable Network Security Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Our family of products includes SecurityCenter Continuous View, which provides the most comprehensive and integrated view of network health, and Nessus, the global standard in detecting and assessing network data. Tenable is relied upon by more than 24,000 organizations, including the entire U.S. Department of Defense and many of the world s largest companies and governments. We offer customers peace of mind thanks to the largest install base, the best expertise, and the ability to identify their biggest threats and enable them to respond quickly. For more information, please visit tenable.com. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information