Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Junos Local Patch Checking Support Added to Nessus

Tenable has authored a collection of plugins to identify Juniper Junos devices and perform local patch checking. By providing SSH or SNMP credentials, Nessus will log into a device running Junos and check for missing patches, such as:

You can enable these plugins by selecting the "Junos Local Security Checks" plugin family when creating policies in Nessus (or SecurityCenter) as shown below:

Junos Plugin Family Selection

Junos Plugin Family Selection

Plugin ID 55392, Junos Version Detection, was added to identify the operating system version of the device being scanned:

Junos Version Detection

Junos Version Detection

Plugin ID 55933, Unsupported Junos Operating System, was also developed to identify Junos installations using software no longer supported by Juniper Networks:

Unsupported Junos Operating System

Unsupported Junos Operating System

Below is an example of plugin ID 55935, Junos IPv6 over IPv4 Security Policy Bypass (PSN-2011-07-299), being triggered on a target system:

 Junos IPv6 over IPv4

Junos IPv6 over IPv4 Security Policy Bypass

Conclusion

Keeping up with the latest patches on all your systems is no small task, especially when you include embedded systems such as routers, firewalls, and switches. Such devices are critical to your network operations, so a safe and efficient way to ensure their security is a welcome addition to your vulnerability management program. Local patch checking is a great way to ensure that all of the systems and devices in your enterprise are running the latest software in a safe and efficient manner.

Resources