by Andrew Freeborn
November 30, 2015
A managed network should be able to map the hosts in the network to see what is contained in DNS. As networks change, maintaining an accurate record of hosts in DNS is not always quickly kept in line. This report helps analysts to validate hosts in DNS and discover hosts to validate their presence on the network.
Maintaining IP addresses within an organization is widely accepted and promoted as part of a healthy DNS system. In most organizations, there will be an ebb and flow of hosts coming onto the network, changing IP addresses, and leaving the network. A healthy and accurate DNS system can help the organization to maintain a one true source of IP address-to-host data. This report can help analysts maintain order within the DNS system by providing details from various Nessus plugins to validate hosts on the network. The information in the report also helps analysts to maintain operational awareness of hosts in the organization. Using this report at regular intervals can help analysts to maintain a healthy DNS system as well as share this information within the organization to fix any potential issues.
This report provides information for each IP address that SecurityCenter is aware of through the use of Nessus scans. As this report depends upon scans, it is updated as often as Nessus scans are scheduled to provide information. The report is a great resource to share among different teams within the organization such as network engineers and system administrators. The report provides succinct data that helps analysts form remediation strategies to ensure the IP addresses found are matched in DNS.
The data found in this report is based on two Nessus plugins used during scans in the organization. The first plugin performs a variety of ping tests to see if there are hosts that respond. Sometimes hosts will have a firewall or a network device in front of the host that may block these requests. The next plugin checks the IP address in DNS to validate if the host is a match to the DNS query response.
This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. This report can be easily located in the SecurityCenter Feed under the category Monitoring. The report requirements are:
- SecurityCenter 4.8.2
- Nessus 6.5.3
Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View (CV) and Nessus. SecurityCenter CV performs log normalization from hundreds of unique data sources. Nessus is the global standard in detecting and assessing network data.
This report contains the following chapters:
- Executive Summary: This chapter provides an overview of the network data detected through Nessus plugins
- Host details: This chapter contains a 90-day line chart of the results of two Nessus plugin IDs, 10180 and 12053, and a listing of all of the IP addresses in the organization