Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Now Audits Juniper Junos Configuration

Keeping Your Routers and Firewalls in Check

Continuing with the theme of helping you secure and maintain your critical infrastructure (see our previous post: "New Nessus Compliance Checks Available for Check Point GAiA"), we are pleased to announce the availability of Juniper Junos compliance checks. Junos is the underlying operating system (OS) powering Juniper's routers, firewalls, and network switches.

Ensuring a consistent configuration across your entire network infrastructure contributes to a healthy and more secure network. For example, a configuration error could lead to an easily-exploitable weakness on devices (such as a clear-text management protocol or default SNMP community string settings). A successful attack against a router allows someone to sniff all the traffic passing through it, potentially accessing sensitive information or performing Man-in-The-Middle (MiTM) attacks.

New Compliance Checks

To provide Nessus users with a way to audit Junos router/firewall/switch security settings relating to the underlying OS, we've developed a set of checks based on the CIS Benchmark for Junos as a guide.

Below is an example of the audit results:


The compliance checks for Junos download the configuration file from the device and use CONFIG_CHECK options to compare values. For example, below is the compliance check for section 6.16.2 of the CIS benchmarks for Junos:

type         : CONFIG_CHECK
description  : "6.16.2 Require Encrypted Configuration Files"
info         : "Level 2, Scorable"
regex        : "set system"
expect       : "encrypt-configuration-files"
info         : "Configuration files should be encrypted."
info         : ""
info         : "ref: https://benchmarks.cisecurity.org/tools2/CIS_Juniper_JunOS_Benchmark_v1.0.1.pdf pg. 169"

The above code block searches the configuration for the entry "encrypt-configuration-files" as the CIS Benchmark requires that configuration files be encrypted on Junos devices. If the "encrypt-configuration-files" entry is not listed in the results of the "Set system" command, the check will fail.


The addition of Junos compliance checks allows organizations to use Nessus (and SecurityCenter) to perform compliance auditing against Juniper's line of routers, firewalls, and network switches. If you've standardized on this platform to run your network, this provides valuable information to help you secure your network. Nessus audits the security and policy compliance configurations of Windows, Unix, databases, and virtualization platforms as well. Correlating this information with other sources of vulnerability and events provides you with an in-depth look at the security of your enterprise.

Nessus ProfessionalFeed and SecurityCenter customers can download all the latest compliance checks from the Tenable Support Portal. For more information on using Nessus for compliance auditing, view the Nessus configuration and compliance auditing video.

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.