Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE
12345678910
Copyright © 2015. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc.
8
Certain network devices that perform stateful inspection, such as firewalls, load balancers, and Intrusion
Detection/Prevention Systems, may react negatively when a scan is conducted through them. Nessus has a
number of tuning options that can help reduce the impact of scanning through such devices, but the best method
to avoid the problems inherent in scanning through such network devices is to perform a credentialed scan.
Host-Based Firewalls
If your Nessus server is configured on a host with a “personal” firewall such as ZoneAlarm, Windows firewall, or any other
firewall software, it is required that connections be allowed from the Nessus client’s IP address.
By default, TCP port 8834 is used for the Nessus Web Server (user interface). To open up TCP port 8834, choose the
Exceptions” tab and then add port “8834” to the list.
For other personal firewall software, consult the vendor’s documentation for configuration instructions.
Vulnerability Plugins
Numerous new vulnerabilities are made public by vendors, researchers, and other sources every day. Tenable strives to
have checks for as many recently published vulnerabilities tested and available as soon as possible, usually within 24
hours of disclosure. The check for a specific vulnerability is known by the Nessus scanner as a “plugin”. A complete list of
all the Nessus plugins is available at http://www.tenable.com/plugins/index.php?view=all.
Plugins are downloaded directly from Tenable through an automated process within Nessus. Nessus verifies the digital
signatures of all plugin downloads to ensure file integrity. For Nessus installations without access to the Internet, there is
an offline update process that can be used to ensure the scanner stays up to date.
You are required to register for plugins and update them before Nessus will start and the Nessus scan
interface becomes available. The plugin update occurs in the background after initial scanner registration and
can take several minutes.
Nessus Product Types
Tenable provides commercial support, via the Tenable Support Portal or email, to Nessus customers who are using
version 5 or later. Nessus also includes a set of host-based compliance checks for Unix and Windows that are very useful
when performing compliance audits such as for SOX, FISMA, or PCI DSS.
You may purchase Nessus through Tenable’s Online Store at https://store.tenable.com/ or via a purchase order through
Authorized Nessus Partners. You will then receive an Activation Code from Tenable. This code will be used when
configuring your copy of Nessus for updates.
If you are using Nessus in conjunction with Tenable’s SecurityCenter, it will automatically update your Nessus
scanners without additional interaction.
If you are a 501(c)(3) charitable organization, you may be eligible to use Nessus at no cost. For more information, please
visit the Tenable Charitable Organization Subscription Program web page.
If you are using Nessus at home for non-professional purposes, you may subscribe to Nessus Home. There is no charge
to use Nessus Home, however, there is a separate subscription agreement for Nessus Home that users must agree to
comply with.
IPv6 Support
Nessus supports scanning of IPv6 based resources. Many operating systems and devices are shipping with IPv6 support
enabled by default. To perform scans against IPv6 resources, at least one IPv6 interface must be configured on the host