Tenable Vulnerability Management Specialist – Assessment and Analysis + TenableCore

This post summarzie as a Tenable Vulnerability Management Specialist, what you should know, such as installation and configuration, operations, a technology overview including architecture and design discussions for typical environments, and detailed scanning and analysis instructions.

Host Discovery

Template Good For:

  • Great starting point
  • Quickly identifies assets for running VA (vulnerability assessment) only on live targets
  • Minimal network impact

Best Practice

  • daily - run scan on the network to discover new hosts
  • use scan scheduling to automatically discover assets
  • do not scan through firewall
    • if icmp is not disabled on network devices, a discovery scan can cause false positives and other issues
  • If has to scan through firewall
    • ensure firewall is correctly configured to allow Scanner
    • Disable ICMP in Discovery scan

Options

  • customize host discovery scans based upon network need
  • Configurate a host discovery scan to perform OS identitifation and port scanning
    • Ping/scanning customization: Adjust Ping settings to avoid false positives and prevent interfering with hosts
  • Tune a scan to improve performance
    • For port scan tuning, if it is for speed, choose only SYN, leave TCP and UDP disabled.
    • based on scanner's hardware resources, tune Advanced-Max simultaneous checks (various options) for speed, accuracy and thoroughness
    • Nessus Global Scan settings - Nessus Scanner settings can impact performance

Analysis

Create a tag

Tags:
- Asset Assessed - True/False
- OS : is equal to (Use Wildcards!)
- Source : is equal to
Alternative Host Discovery
- Third Party Integrations (ServiceNow, FireMon, Noetic)
    - CMDB
    - Asset Discovery
- Cloud Connectors
    - AWS, Azure, GCP

Alternative Host Discovery - Tenable Nessus Network Monitor (NNM)

Main Steps:

  1. Deploy Tenable Nessus Scanner (Internal) or Cloud Scanner (Public IP)
  2. Policy : Discovery Scan
  3. Scan targets
  4. Scan schedule (Optional)

Vulnerability Assessment

A comparison between "Basic Network Scan" and "Advanced Scan"

https://community.tenable.com/s/article/What-are-the-differences-between-the-Basic-Network-Scan-and-Advanced-Scan?language=en_US

Settings

Basic Network Scan

Advanced Scan

Allows plugins to be enabled or disabled No Yes
Allows audits to be added to the scan No Yes
Default Max simultaneous hosts per scan 30 5
Default Network Timeout 5 5
Default Simultaneous checks per hosts 4 5
Default Port scan range Common ports Default ports
Default CGI scanning Disabled Disabled
Default methods for Host Discovery
  • TCP
  • ARP
  • ICMP (2 retries)
  • TCP
  • ARP
  • ICMP (2 retries)
Default Paranoina level
(a.k.a. Override normal accuracy)
Normal Normal

Table 1: Summary of capabilities between Web Application Scanning and legacy Nessus WAS scans.

Features

Web Application Scanning

Legacy Nessus WAS

VM & WAS Unified Visibility Yes
Safe Scanning Yes
Advanced Authentication Yes No
Manual Crawling Yes No
OWASP Top 10 Project Support Yes No
Known Vulnerability Detection Yes
Unknown Vulnerability Detection Yes
Modern Framework Support Yes No
High Detection Accuracy Yes

Table 2: Details of capabilities between Web Application Scanning and legacy Nessus WAS

https://community.tenable.com/s/article/What-s-the-difference-between-Tenable-io-WAS-and-Legacy-Nessus-WAS?language=en_US

Features

Web Application Scanning

Legacy Nessus WAS

VM & WAS Unified Visibility Web application assets are integrated with the same dashboards as other assets automatically for unified visibility. Web application assets can be integrated into Tenable.sc by creating additional filters to customize the dashboard.
Safe Scanning Users can create a list of blocked URLs to exclude from scans and define customized scan performance thresholds to avoid application disruption. Users need to define customized scan performance thresholds to avoid application disruption.
Advanced Authentication Supports a broad range of authentication options such as forms, cookies, NTLM, and Selenium scripts to address most web application requirements. Automatically detect when authentication is required and validate when authentication has been successfully configured. Supports only login forms and cookie-based authentication. The product is unable to automatically detect or validate successful authentication.
Manual Crawling Records manual crawling of web applications using Selenium to assess and validate user-defined workflows. This is an important capability for assessing Single Page Applications. Manual crawling is not available.
OWASP Top 10 Project Support The product is purpose-built for the OWASP Top 10 and provides out-of-the-box vulnerability assessment and reporting aligned to OWASP risk categories. OWASP Top 10 is not supported out-of-the-box. Users can create custom dashboards to manually align specific vulnerabilities to OWASP risk categories.
Known Vulnerability Detection Detects known or specified vulnerabilities related to Content Management Systems (WordPress, Joomla!, And Drupal). CVE plugins supporting web application servers, language engines, web frameworks, and JavaScript libraries are also available. Supports a leading range of known or specified vulnerabilities based on CVE plugins.
Unknown Vulnerability Detection Detects unknown or generic vulnerabilities in support of OWASP Top 10 without the need for specific CVE plugins. Provides detection of generic cross-site scripting and injection vulnerabilities in support of OWASP Top 10.
Modern Framework Support Supports web applications built with modern web frameworks such as HTML5, JavaScript, AJAX, and Single Page Applications, as well as traditional web frameworks. Modern web framework support is not available.
High Detection Accuracy Leading vulnerability detection accuracy with minimal false positives and negatives across all web applications. Strong vulnerability detection accuracy across web applications built using traditional frameworks.
Best Practice
Options 
- Reporting and Advanced Options
- Plugins
Agents

Compiance Assessment

Vulnerability Analysis

TenableCore Tenable NNM - Nessus Network Monitor

 

TenableCore Tenable Nessus

 You can use the Tenable Core operating system to run an instance of Tenable Nessus in your environment. After you deploy Tenable Core + Tenable Nessus, you can monitor and manage your Tenable Nessus processes through the secure Tenable Core platform.

To deploy Tenable Core + Tenable Nessus as a VMware virtual machine:

  1. Download the Tenable Core Nessus VMware Image file from the Tenable Downloads page.

  2. Open your VMware virtual machine in the hypervisor.
  3. Import the Tenable Core + Tenable Nessus VMware .ova file from your computer to your virtual machine. For information about how to import a .ova file to your virtual machine, see the VMware documentation.
  4. In the setup prompt, configure the virtual machine to meet your organization's storage needs and requirements, and those described in  System and License Requirements.
  5. Launch your Tenable Core + Tenable Nessus instance.

    The virtual machine boot process appears in a terminal window.

版权声明:
作者:zhangchen
链接:https://www.techfm.club/p/148420.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>