Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Scanning Strategies for Consultants

Nessus helps consultants perform a wide variety of security assessment services for their clients. This blog entry describes how many of the new features Tenable has added to Nessus over the past few years dramatically alter the types of services that can be provided during an assessment.

 

Audit iPads, iPhones, Android and Windows Mobile Devices

Nessus now provides the ability to audit which users run mobile devices and determine the patch level for your client. Any mobile device that interacts with ActiveSync can be enumerated, and its general patch level can be determined by pointing Nessus at the local Windows domain controller. 

This information helps consultants provide better advice for their clients and can lead to additional work such as the deployment of a NAC, a mobile device user policy, enforcing a certain type of mobile device, or even identification of rogue or unauthorized mobile devices.

Performing Patch Audits without Asking for the Admin Password!

Regardless of their security expertise, consultants are rarely given a domain login or passwords to their clients’ DNS servers and Exchange servers.  Without such a login though, you can’t find specific missing patches that shed light on client-side vulnerabilities. 

If your client has invested in a patch management system, Nessus can be configured to communicate with it and pool its scan results with the patch auditing results from the patch management system. Nessus supports many major Windows patch management systems, including SCCM and Tivoli (Bigfix).

Identifying Readily Exploitable Systems without Performing an In-depth Pen Test

A Nessus vulnerability scan can identify which services, clients or Internet facing devices are readily compromised with public exploits. If your client has any of these, performing a penetration test is likely not needed because you already know that such an attack will succeed. 

Nessus includes correlation with many different types of exploit platforms and can filter scan results against any of these technologies.

This technology can also help consultants recommend when a penetration test is appropriate. For example, if you’ve scanned a DMZ and see that there are no Internet facing vulnerabilities that are exploitable, but you see that there are Internet browsing users with vulnerable web browsers, you may recommend a social engineering penetration test.

Identifying Malware and Botnets

I’ve spoken with many consultants who use Nessus and were surprised to see Nessus identify botnets and malware running on their clients’ Windows systems.

Nessus’s botnet identification technology identifies systems that are listed on, communicating with, performing DNS lookups to, or hosting botnet content. The Windows malware identification technology identifies malicious processes that are running with an index of all leading anti-virus products.

If you find malware or botnets during a Nessus scan of your clients’ systems, you may be able to assist customers with their malicious software defenses. It’s possible you can help them remove the virus, perform an audit of their deployed anti-virus agents with Nessus or extend your consulting to help enhance their firewall, log analysis, email security or other types of malicious code protection.

Preparing for PCI Certification

Tenable is a PCI  Authorized Scanning Vendor (ASV) and achieved this certification with the Nessus Perimeter Service. The Nessus scanners and user interface to perform the scans are exactly the same as those that consultants have access to with the Nessus ProfessionalFeed. This means you can perform your network scans to prepare for a PCI audit with the same exact policies Tenable uses for PCI certification scanning from the Perimeter Service.  

It is important to note that an official PCI scan must be performed by an ASV, but it is helpful to use the Nessus PCI scan policy to identify non-compliant issues before an ASV is engaged. Identifying these issues before an official PCI scan from the Nessus Perimeter Service is performed is an excellent way to assist clients who attempt to obtain and maintain their PCI certifications.

Take Training And Be Certified

Tenable offers a wide variety of certification training programs. The training programs are entirely web-based, on demand and have built-in hands-on labs hosted at Tenable, which gives you direct experience running scans and performing audits of Linux, Windows and Cisco devices.

Having the Tenable Certified Nessus Auditor certification on your resume allows you to tell your clients that you’ve mastered the #1 network auditing tool in the world, in use throughout the Department of Defense, the PCI industry and more than 15,000 organizations world-wide.

For More Information

If you are a consultant who uses Nessus, you can join in with the rest of the community at the Nessus Discussions Forum where tips, techniques and announcements are discussed at length and often directly with the R&D staff from Tenable.

To sign up for Tenable’s training and certification, visit our e-commerce site or learn more about the programs here. There is also a tremendous amount of videos and information at the Tenable YouTube channel.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.