Recently, I had the chance to work with several larger Tenable enterprise customers who were charged with figuring out what the perimeter of their network really looked like.
I showed them how multiple Nessus scanners and Passive Vulnerability Scanners deployed throughout their infrastructure could be leveraged to provide near real-time visibility into every boundary or enclave.
With the rise in popularity of the SANS Consensus Audit Guidelines, which specifically call out "Boundary Monitoring", and the increased number of Tenable federal customers deploying 20+ active and passive scanners to perform CyberScope scanning, I decided to write a best practices paper on how network boundaries can be monitored and understood.
The paper starts out with simple concepts such as comparing what a scanner on the inside of a firewall can find compared to what one on the outside scanning inbound can find. It finishes with how distributed scanning and sniffing can help identify trust relationships and poor firewall rules between enclaves. There is also a lot of great artwork that facilitates understanding of these complex ideas: