Specifications
12-2
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 12 Configuring Network Scanning
Overview
language but usually are written in the Nessus Attack Scripting Language (NASL). NASL is Nessus'
own language, specifically designed for vulnerability test writing. Each plugin is written to test for
a specific known vulnerability and/or industry best practices. NASL plugins typically test by sending
very specific code to the target and comparing the results against stored vulnerable values.
— Anderson, Harry. “Introduction to Nessus” October 28, 2003
http://www.securityfocus.com/infocus/1741 (10/29/04).
Note Cisco NAC Appliance supports the launching of Nessus plugins only and does not support the Nessus
plugins themselves.
You can use most standard Nessus plugins with Cisco NAC Appliance. You can also customize plugins
or create your own using NASL. Refer to the Nessus website for information on how to create plugins
using NASL.
When scanning is performed, the network scanner scans the client system according to the plugins you
selected and generates a standard report to the Clean Access Manager containing the results of the scan.
Network scanning reports will indicate whether the plugin resulted in a security hole, warning, or system
information (according to how the Nessus plugin was written). The Clean Access Manager then
interprets the report by comparing the result of the plugin to the vulnerability definition you have
configured for it. If the report result matches the result you have configured as a vulnerability, the event
is logged under Monitoring > Event Logs > View Logs, and you can also configure the following
options:
• Show the result of the scan to the user.
• Block the user from the network
• Put the user in the quarantine role for limited access until the client system is fixed.
• Warn the user of the vulnerability (with the User Agreement Page).
Figure 12-1 illustrates the general network scanning client assessment process when a user authenticates
via web login. If both the Agent and network scanning are enabled for a user role, the user follows the
sequence shown in Figure 10-1 on page 10-2 then in Figure 12-1 for the network scanning portion. In
this case, the Agent dialogs provide the user information where applicable.
Figure 12-1 Network Scanning Client Assessment