Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Creating "Gold Build" Audit Policies

Nessuslogo_6

Security Center users and the Direct Feed subscribers have the ability to audit the host-based configuration of their UNIX and Windows servers. Tenable has produced several audit polices based on our own research, public guidance from CERT, NSA, NIST and the Center for Internet Security. For the Windows operating system, Tenable has also produced the Windows Nessus Policy Creator (WNPC). This entry will discuss the purpose and usage of the tool.

Many of Tenable's customers have told us that their provisioning, network management or change control processes require that "like" servers be configured the same way. For example, an organization might run twelve Exchange servers and twenty MS SQL servers. It is good IT practice to configure these systems the same way. If this is a new concept to you, we're talking about configuring similar settings, such as lock out policies, how often passwords should be changed, what sort of software has been installed and so on. If your organization is audited for any reason, it may fall upon you to show that your systems are configured in a manner that is consistent with your own policies.

The WNPC tool is designed to be operated on one "gold" system and then to extract the configuration of that system to produce an audit file for Nessus Direct Feed users. The tool is available as a Windows executable. When it is run, there is a very simple interface which allows for cut n' pasting of the text policy values or for saving to a specific Nessus 3 ".audit" file.

Below is an example screen shot of the Windows Nessus Policy Creator in action:

Wnpc







Any of the .audit files can then be used with Nessus 3 for scanning hosts to see if they are compliant. By "compliant" we mean that a host is configured as expected as compared to this "gold" system. The WNPC tool collects several thousand audit points for access control settings in the registry and file system. It also audits all security policy settings such as password complexity, event logging and lock out policies.

There are many use cases for this technology:

  • Security Center users can create per-asset configuration policies and then scan those particular assets for those particular configuration settings.
  • Consultants using Nessus 3 and the Direct Feed can quickly create policies for a customer and then scan their other assets for deviations from that policy.
  • Policies can be created from "factory" default settings as a baseline, and then an audit of systems in the field can be conducted to detect what has been changed.
  • IT Organizations can work with the Windows operating system directly to "harden it" to their liking and then use the WNPC to create the audit policy automatically.

For more information, to read the compliance check documentation and to obtain the Windows Nessus Policy Create tool, please visit the Nessus 3 Agent-less Compliance Checks page.