Home > Networking Tips > Network Security > Nessus: Vulnerability scanning in the enterprise
Networking Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

NETWORK SECURITY

Nessus: Vulnerability scanning in the enterprise


Mike Chapple
01.23.2006
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


In the previous two installments of our series on using Nessus in the enterprise, we explored downloading and installing the Nessus vulnerability scanner and conducting system scans. Now that you have these basic procedures under your belt, we'll examine some general advice for building an enterprise scanning program with Nessus.

Developing an enterprise scanning program is, by necessity, a highly customized task. You can't simply take a stock plan off the shelf and implement it in your organization. You need to consider the unique technical, regulatory, political and cultural requirements facing your enterprise before launching this inherently intrusive activity. For example, the scanning program used by a research university would necessarily be quite different from that used by an ultra-secret government agency. Both plans would differ significantly from the scanning plan used by an e-commerce retailer. Let's look at a few broad principles that apply in any large enterprise.

  • Don't keep scanning secret. Over the course of my career, I've seen many organizations implement vulnerability scanning programs for the first time. With very few exceptions, the security officials responsible for the program decide that the best way to launch this effort is to treat these scans as a tightly-held secret. Invariably, this backfires. The primary reason is political – you don't want system administrators to feel that you're policing their configuration management. On the contrary, the goal of your scanning program should be to increase administrator awareness and assist them in the secure configuration of their systems. A scan that produces very few results is a successful scan!

  • Coordinate your scans widely. This advice goes hand-in-hand with the previous tip. In addition to notifying system administrators, make sure that everyone who's even tangentially affected by your scans knows what you're doing. Remember that the scanning process can have unforeseen effects on your infrastructure. You certainly don't want your company to become aware of your new scanning procedures because they brought the network to its knees! Notify system administrators, network engineers, application administrators, management and support personnel of the scans in advance -- they will serve as an early-warning system if problems arise. This is especially true the first several times you scan systems.

  • Balance the risks and benefits of scanning. Some scans may produce unpredictable results. If you're running scans for vulnerabilities that might produce a denial of service when exploited, the scan itself might induce that denial of service. As a remedy, you may wish to enable the "All but dangerous" option in Nessus for the majority of your routine scans and then perform periodic full scans on a highly coordinated basis. (Don't, however, decide that you'll never run the dangerous scans because you're not the only one with a copy of Nessus -- the bad guys also have it!)

  • Provide a self-service option. If possible, allow administrators to initiate scans on their own. With Nessus, you can simply create accounts for them using the nessus-adduser command. You can also create rules that limit the systems that individual users may scan. For example, if an administrator is only responsible for the 192.168.53.x subnet and the individual server 192.168.22.13, you might use the following rules to limit the access for that user:

    accept 192.168.53.0/24 accept 192.168.22.13 default deny

    Allowing users to initiate their own scans lets them go above and beyond your enterprise scanning program. For example, administrators might want to self-initiate scans at various points during the system build process or after making configuration changes on a system.

Hopefully, these tips gave you some good general advice on incorporating Nessus into your enterprise security architecture. In the final installment of this series, we'll take a look at building reports using Nessus output.

This tip was originally published on SearchSecurity.com as part of their Nessus technical guide.


NESSUS TECHNICAL GUIDE

  Introduction
  How to get started
  How to run a system scan
  How to build an enterprise scanning program
  How to manage Nessus reports
  How to simplify security scans
  How to use Nessus with the SANS Top 20

About the author: Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.


Rate this Tip
To rate tips, you must be a member of SearchNetworking.com.
Register now to start rating these tips. Log in if you are already a member.


Submit a Tip




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Security
How to configure Windows Server 2008 advanced firewall MMC snap-in
Security across network boundaries with Secure Mobile Architecture
USB storage devices: Two ways to stop the threat to network security
Network security: Using unified threat management (UTM)
Network security: Empower users without endangering IT
Network analysis -- Enhancing security assessments
VPN security: Hiding in plain sight, using network encryption
OSI: Securing the Stack, Layer 8 -- Social engineering and security policy
Anti-spam protocols help reduce spam
NAC -- Strengthening your SSL VPN

Network Security Products
How to configure Windows Server 2008 advanced firewall MMC snap-in
How to retrieve passwords from locked laptops
How to interpret test scan results to assess network vulnerability
What commands allow network traffic to pass through PIX firewalls?
For an SMB firewall, what features should I look at?
Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition'
What should I know before implementing a packet sniffer?
Remote access security management software is a time saver for network administrators
Will WPA2-PSK keep wireless networks safe from war drivers?
How to train Intrusion detection systems (IDS)

Network Security Monitoring
What are the best methods for handling rogue access points?
Internet monitoring vendor adds throttling, filtering, to its appliance
How to interpret test scan results to assess network vulnerability
Endpoint security locks down law firm's network
Can a broadband network installer compromise your network security?
Network security: Using unified threat management (UTM)
Network analysis -- Enhancing security assessments
Are there network monitoring tools for Layers 1 through 7?
Using a packet sniffer for network packet analysis
What core network security items are needed to secure networks?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Nessus  (SearchNetworking.com)
network analyzer  (SearchNetworking.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsWebcastsWhite PapersNetworking Product Trials
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2000 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts