Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Now Secures NetApp Data ONTAP

The Nessus vulnerability scanner now performs configuration and compliance audits for NetApp storage devices.

Securing All Three Layers

Nessus recently added capabilities to perform configuration and compliance audits in two major areas of the enterprise. First, Tenable added the ability to audit enterprise Cisco networking equipment, namely Cisco's Nexus NX-OS. Then, we expanded and greatly enhanced support for auditing VMware vSphere and vCenter. Now, we've added support for auditing NetApp Data ONTAP storage devices. The new .audit is primarily based off the NetApp hardening guides (technical reports TR-3649 and TR-3996).

The ability to audit the environments mentioned above provides enterprises with the tools to manage configuration and compliance at the core of the enterprise. Namely, you can now control the security of the configurations in your virtualization platform, networking virtualization backbone, and storage environment.

I've often found that organizations lack focus when it comes to securing virtual infrastructure devices. In their defense, they're complicated to set up and maintain, and configuration and compliance auditing adds another layer of complexity by enforcing hardening standards. However, if an attacker were to gain access to these devices, it would be the equivalent of allowing them to enter the data center and access all of your systems directly. This is especially true with storage systems; a compromised storage controller gives an attacker direct access to all of your data. (However, you should be securing and hardening all three layers – virtualization, networking, and storage!)

For companies that need to adhere to strict compliance requirements with regards to data handling, data retention (e.g., e-mail), and data duplication (e.g., back-up), this is a big plus. With NetApp Data ONTAP, all this can be done with a simple switch of an option.

Note that Nessus .audits have PCI and HIPAA cross-references wherever applicable.

Getting Started Auditing NetApp Data ONTAP

The NetApp storage compliance checking plugin logs into the system using SSH. Nessus executes the 'options' command and performs the audit against the output. Provide Nessus with root-level credentials to the NetApp appliance, upload a NetApp audit policy into your Nessus policy, and enable Plugin ID #66934 (NetApp Data ONTAP Compliance Checks).

Below is a sample of the NetApp Data ONTAP compliance results which show how many hosts passed and failed each check.

Nessus

The following screenshot shows that host 172.26.22.149 passed the 'Disable Telnet' check. Note that relevant PCI and HIPAA cross-references are linked.

Nessus

This screenshot shows that host 172.26.22.149 failed the 'cifs.signing.enable = on' check because CIFS signing is not enabled.

Nessus

In addition to the compliance plugin, other Nessus plugins also report the operating system (OS) version and the last time the filer was rebooted. See the results for Plugin ID #11936 and #56468 for more details.

For More Information

For more information and technical details, please refer to the following posts on the Tenable Discussion Forum.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.