Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
531532533534535536537538539540
12-13
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 12 Configuring Network Scanning
Configure Vulnerability Handling
Note Cisco recommends using the Agent for host registry checks. In order to use Nessus Windows registry
checks, you will need to have a common account (with access to the registry) on all the machines you
want to check. This can be configured under Device Management > Clean Access > Network Scanner
> Scan Setup > Options | Category: Login configurations | Preference Name: [SMB
account/domain/password]. For details on Nessus 2.2 Windows registry checks (requiring credentials),
refer to http://www.nessus.org/documentation/nessus_credential_checks.pdf.
Configure Vulnerability Handling
If scanning uncovers a vulnerability on the user’s system, the user can be blocked from the network,
quarantined, or only warned about the vulnerability.
Network scan reports are listed by user logon attempt under Device Management > Clean Access >
Network Scanner > Reports. Client scan reports can be enabled by selecting the Enable pop-up scan
vulnerability reports from User Agreement page option from Device Management > Clean Access
> General Setup.
If enabled, a client scan report will appear in a popup window to notify users if a vulnerability result was
found. This client report is a subset of the scan report and lists only vulnerability results along with
instruction steps or a URL link that guide the user through remediation for the vulnerability. If browser
popups are blocked on the users system, the user can click the Scan Report link on the logout page to
view the report. The warning text that appears to users for each vulnerability is configurable, as
described in the following procedures.
Note that typically, plugins do not return results when no issue is found. If a client goes through network
scanning and no vulnerability results are found, no scan report popup is displayed.
To configure how vulnerabilities are handled:
1. Open the Network Scanner > Scan Setup > Vulnerabilities form.
2. Select a User Role and Operating System. Note that plugins selected apply to the User Role:OS
pair. The same set of plugins appears for all operating systems in the role. However, you can
customize which plugins are considered vulnerabilities per operating system.