WIXLIB

September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.1

Unified Security Monitoring PCI, SOX & FISMACIS, NIST, CERTRIAA, MPAA, NERCReal-time MonitoringBest-Practices AuditingData Leakage MonitoringSoftware EnumerationAccurate Asset DiscoveryCommunication ActivitySeptember 26, 2007 Nessus 3 Vulnerability ScannerDistributed ScanningPatch & Configuration AuditingData Leakage IdentificationPassive Network MonitoringNetwork Change DetectionRole-Based AnalysisAutomatic Asset DiscoverySecurity WorkflowSophisticated ReportingCopyright 2002-2007 Tenable Network Security, Inc.2 Log AggregationNetwork Anomaly DetectionCompromise DetectionRole-Based AnalysisUsage MonitoringAutomatic Asset LearningFalse Positive ReductionForensic AnalysisEasy to deploy and operate

Nessus 3 Vulnerability Scanner Scans networks to discover hosts, applicationsand vulnerabilities Downloaded more than 3,000,000 times in last12 months Available for wide varietyof Windows and UNIXplatforms Audits more than 15,000different vulnerabilities– Free Users audit with older checks– Commercial customers can auditconfigurations and use latest checks CVSSv2 and CVESeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.3

Agent-less Auditing With Nessus Agencies audit with multiple Nessus Scanners– Management and reporting performed by theSecurity Center Individuals audit with single Nessus Scanners Vulnerability Audits Patch Audit Configuration Audits(including S-CAP content) Sensitive Data Discovery(credit cards, SSNs, .etc)September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.4

September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.5

Enterprise Agent-less Auditing Tenable Security Center In use at more than 30 Government agencies– Current under Common Criteria evaluation Role BasedScan SchedulingAsset DiscoveryResults ReportingAsset Trending SIM, NBAD & LogsSeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.6

September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.7

September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.8

Nessus 3 Configuration Checks for Windows Windows Audit Points–––––––File access control checksRegistry access control checksService access control checksCustom checks (password, audit, Kerberos, .etc)File & registry permissionsExistence of a file or registry settingFile Content Check Supported Audit Platforms––––Windows XP ProWindows 2000Windows 2003Vista (Soon)September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.9

Nessus 3 Configuration Checks for UNIX UNIX Audit Points–––––File permission checksFile content checksProcess checksPassword & User policy checksMD5 Check of files Supported Audit Platforms–––––SolarisOS XMost flavors of LinuxFreeBSDAIX (Soon)September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.10

Example Windows Audit group policy: "Password Policy" item name: "Enforce passwordvalue: 24 /item item name: "Maximum passwordvalue: 90 /item item name: "Minimum passwordvalue: 1 /item item name: "Minimum passwordvalue: [12.14] /item /group policy September 26, 2007history"age"age"length"Copyright 2002-2007 Tenable Network Security, Inc.11

Example UNIX Audit# Example 8# File content check to audit if file /etc/host.conf# contains the string described in the regex field.# custom item #System: "Linux"type: FILE CONTENT CHECKdescription: "This check reports a problem if theorder is not 'order hosts,bind' in /etc/host.conf"file: "/etc/host.conf"search locations : "/etc"regex: "order hosts,bind"expect: "order hosts,bind" /custom item September 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.12

Available Configuration Audit Content NIST S-CAP DISA STIG CERT NSA SNAC NERC(SCADA)September 26, 2007 CIS PCI Vendors TenableResearchCopyright 2002-2007 Tenable Network Security, Inc.13

Content Tools - Windows Nessus Policy CreatorSeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.14

Content Tools - x2a Tenable is about to release the x2a tool whichwill convert XCCDF files to Nessus 3 andSecurity Center audit policies files Currently available “S-CAP” files have beenderived from a pre-release version and areavailable on our support web siteSeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.15

Content Tools - inf2audit.exeSeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.16

Content Tools - c2a.plSeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.17

Configuration Auditing Roadmap Continued support for SCAP and CIS standards Nessus configuration audit support for Routers,Switches and Firewalls 100% (we’re 95% today) OVAL XCCDF support Passive network analysis and mapping todetermine configurations Nessus 3.2 (in beta now) will support IPv6 Continued refinement of log and networkevent analysis as it pertains to compliance andconfiguration auditingSeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.18

Contact Information http://www.tenablesecurity.com http://blog.tenablesecurity.com http://www.nessus.org Video DemosWhite PapersMultiple Webinars on ComplianceFree Nessus DownloadSeptember 26, 2007Copyright 2002-2007 Tenable Network Security, Inc.19

Nessus 3 Configuration Checks for Windows Windows Audit Points – File access control checks – Registry access control checks – Service access control checks – Custom checks (password, audit, Kerberos, .etc) – File & registry permissions – Existence of a file or registry setting – File