Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Now Audits Huawei VRP Configurations

As part of Tenable's Continuous Monitoring Solution, Nessus, Nessus Enterprise and Nessus Enterprise Cloud users can now perform configuration audits against Huawei devices running the Versatile Routing Platform (VRP).

Huawei (pronounced "wah-way") is a manufacturer of several different types of networking and telecommunications hardware and software. Huawei products are more popular in Asia and Europe than in the U.S. This new plugin supports devices running Huawei Versatile Routing Platform VRP (R) software. The 'display version' command can be run on the target to obtain the release information and determine if it’s supported by the Nessus audit files.

Scan Configuration Details

To perform configuration audits against Huawei devices in your environment you will need:

  • Remote admin credentials for Huawei device
  • SSH services running on the device
  • Enable Plugin ID #73157 (Huawei VRP Compliance Checks)
  • Download the Audit File for Huawei (TNS_Huawei_AR-Series_Best_Practices.audit) from the Tenable Support Portal and upload it into your new policy

What Can I Discover?

The audit file covers several configuration items on Huawei devices, including:

  • Password policies
  • Banner configuration
  • Inactivity timeout
  • Logging and auditing settings
  • Insecure services
  • General device and license information
  • SNMP settings

Below are some example results:

 

A Huawei device passes the check because AAA authentication is enabled.
A Huawei device passes the check because AAA authentication is enabled.

 

 

The device has failed the check for a
The device has failed the check for a "super password", similar to a Cisco "enable" password.

 

Offline Configuration Auditing

Nessus adds support for Huawei to a growing list of network devices for which offline configuration auditing can be performed. This eliminates the need for Nessus to use SSH and directly access the device(s), as you will upload the configuration and the associated audit file to Nessus. This provides another way to get the same results without having to run Nessus scans against your network devices directly. To obtain the configuration file on Huawei devices you can use the command:

display current-configuration all

Save that output to a text file, then using the Offline Configuration Auditing Policy Wizard, initiate the configuration checking and review the results. Below is a screen shot of the wizard in action:

 

From the “Config Types to Audit” menu you can now choose Huawei VRP, along with several other network equipment manufacturers such as Cisco, Palo Alto, and more.
From the “Config Types to Audit” menu you can now choose Huawei VRP, along with several other network equipment manufacturers such as Cisco, Palo Alto, and more.

 

Configuration auditing Huawei devices allows you to conform to compliance standards such as SANS-CSC, PCI, CSF 800-53, and HIPAA.

For more information about this feature please refer to the Tenable Discussions Forum entry that contains more technical details about the checks themselves. Tenable customers can go to the Tenable Support Portal and download the new audit file which can be implemented in all Nessus and SecurityCenter Continuous View products.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.