Keeping Your Firewalls in Check
Ensuring that your network infrastructure, in particular your routers and firewalls, is secure and maintains its integrity is critical to successfully defending your network. If an attacker were to gain control of these types of systems, they could potentially impact the security of your network as a whole. For example, an attacker with access to your firewall could read the firewall rules and use the information to selectively attack open services and create backdoors that would slip through your firewall.
New Compliance Checks
To provide Nessus users with a way to audit firewall security settings relating to the underlying operating system (OS), we now support the Check Point GAiA OS, implementing about 50 compliance checks for various settings based on best practices. The checks are for OS settings only and do not allow you to audit the firewall rules themselves. Below is an example:
The compliance checks for Check Point GAiA download the configuration files and use the CONFIG_CHECK options to compare values. For example, below is the compliance check for the Telnet service:
<custom_item> type : CONFIG_CHECK description : "telnet Service - 'set net-access telnet = off'" info : "Do not use plain-text protocols." regex : "set net-access telnet" expect : "set net-access telnet off" </custom_item>
The above code block searches the configuration for an the entry "set net-access telnet." The "expect" statement checks to see if the setting is set to "off," meaning Telnet is disabled. If the value is found to be something other than "off," then the check fails and a high-severity alert is generated in the results.
The addition of Check Point GAiA compliance checks allows organizations to use Nessus (and SecurityCenter) to provide deeper coverage of compliance, configuration, and security issues. Nessus audits the security and policy compliance configurations of Windows, Unix, databases, virtualization platforms, and routers, with expanded coverage for firewalls. Correlating this information with other sources of vulnerability and events provides you with an in-depth look at the security of your enterprise. Nessus ProfessionalFeed and SecurityCenter customers can download all the latest compliance checks from the Tenable Support Portal.
For more information on using Nessus for compliance auditing, view the Nessus configuration and compliance auditing video.