Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Now Audits Juniper Junos Configuration

Keeping Your Routers and Firewalls in Check

Continuing with the theme of helping you secure and maintain your critical infrastructure (see our previous post: "New Nessus Compliance Checks Available for Check Point GAiA"), we are pleased to announce the availability of Juniper Junos compliance checks. Junos is the underlying operating system (OS) powering Juniper's routers, firewalls, and network switches.

Ensuring a consistent configuration across your entire network infrastructure contributes to a healthy and more secure network. For example, a configuration error could lead to an easily-exploitable weakness on devices (such as a clear-text management protocol or default SNMP community string settings). A successful attack against a router allows someone to sniff all the traffic passing through it, potentially accessing sensitive information or performing Man-in-The-Middle (MiTM) attacks.

New Compliance Checks

To provide Nessus users with a way to audit Junos router/firewall/switch security settings relating to the underlying OS, we've developed a set of checks based on the CIS Benchmark for Junos as a guide.

Below is an example of the audit results:

JunosCheck

The compliance checks for Junos download the configuration file from the device and use CONFIG_CHECK options to compare values. For example, below is the compliance check for section 6.16.2 of the CIS benchmarks for Junos:

&ltcustom_item&gt
type         : CONFIG_CHECK
description  : "6.16.2 Require Encrypted Configuration Files"
info         : "Level 2, Scorable"
regex        : "set system"
expect       : "encrypt-configuration-files"
info         : "Configuration files should be encrypted."
info         : ""
info         : "ref: https://benchmarks.cisecurity.org/tools2/CIS_Juniper_JunOS_Benchmark_v1.0.1.pdf pg. 169"
&lt/custom_item&gt

The above code block searches the configuration for the entry "encrypt-configuration-files" as the CIS Benchmark requires that configuration files be encrypted on Junos devices. If the "encrypt-configuration-files" entry is not listed in the results of the "Set system" command, the check will fail.

Conclusion

The addition of Junos compliance checks allows organizations to use Nessus (and SecurityCenter) to perform compliance auditing against Juniper's line of routers, firewalls, and network switches. If you've standardized on this platform to run your network, this provides valuable information to help you secure your network. Nessus audits the security and policy compliance configurations of Windows, Unix, databases, and virtualization platforms as well. Correlating this information with other sources of vulnerability and events provides you with an in-depth look at the security of your enterprise.

Nessus ProfessionalFeed and SecurityCenter customers can download all the latest compliance checks from the Tenable Support Portal. For more information on using Nessus for compliance auditing, view the Nessus configuration and compliance auditing video.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.