Otherwise, Nessus will try to perform port scanning with a number of plugins from the port scanners family, which can be done remotely or locally (if credentials are available). If this plugin receives no response from the target, the host is marked as dead and the scan stops. The Ping Remote Host plugin ( 10180) is usually the first plugin to run in a Nessus scan (although it can be disabled) when trying to determine if a given hostname or IP corresponds to a live target. Port scanningĪ Nessus scan starts by checking if a given host is alive and, if that's the case, listing the ports that are found open. In the following sections, we describe the particular phases and the main families and plugins involved. Finally, with all the information coming from previous phases, Nessus tries to determine the OS and version of the remote host.Software detection: the main goal is to list the different apps, their versions and patches available in the host.Service and protocol detection: Nessus probes the open ports, looking for listening services and known protocols.Port scanning: the Nessus scanner pings the host in different ways, retrieves the open ports and determines whether the scan should proceed.The four phases of asset detection involve: However, there may be some overlap between phases (some plugins for protocol detection may run at the same time as some plugins for software detection).įigure 1: Nessus asset detection phases and outputs These are logically sequential and performed by multiple plugins, which produce outputs that are consumed in subsequent phases. The asset detection process is logically structured in four main phases, as shown in Figure 1: port scanning service and protocol detection software detection and OS fingerprinting. Note that Nessus scanners mainly focus on the IT space, including shadow IT assets, while OT assets are covered by other Tenable products, such as Tenable.ot. While the vast majority of plugins (+95%) focus on vulnerability coverage, asset detection relies on accurate information about the host, which is retrieved via specialized plugins (most of them INFO severity). Asset Detection in Nessus ScannersĪsset detection in Nessus scanners is performed by a number of Nessus plugins. Other metrics, such as Asset Exposure Score (AES), rely on core VM information, and consequently on asset inventory information too. risk-based VM (RBVM), precisely computing cyber exposure metrics for Lumin.įor Lumin metrics such as Asset Criticality Rating (ACR), the impact of asset inventory information is direct, as ACR is computed based on device type and capabilities.core vulnerability management (VM), which heavily relies on the data points such as installed software and version and.increasing asset visibility and revealing blind spots.However, the impact of these capabilities is substantial for: While the Nessus scanner is well known for its ability to detect vulnerabilities, its capabilities to retrieve inventory information from the network may be slightly less known. Therefore, the accuracy of these checks depends on precise platform, software, version and patch information coming from the assets. Most vulnerability checks rely on publicly available information regarding the specific platforms and versions affected. Once you've identified all your assets, you need visibility into each of them in order to gather accurate information to assess your risk. Any assets that are not properly managed pose additional risk. With the attack surface continuously growing in size and complexity, it is more critical than ever that you identify all the assets in your network - not just your core IT assets but also any assets related to operational technology (OT) as well as any " shadow IT" assets. Here's how the asset detection process in Nessus scanners can help.Ĭompiling a complete asset inventory has always been a prerequisite for effective core vulnerability management (VM). Building a precise inventory of existing assets across your attack surface is essential for effective vulnerability management.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |