Vulnerability Scanning Tools Guide

Overview

Tool Pros Cons
ScanUH
  • Easy to use. Does not require any setup or knowledge of the Tenable ecosystem.
  • Reports and Scan policies are preconfigured for a no hassle scan experience.
  • Does not require the installation of agents onto endpoints or standing up an additional server for a scanner.
  • Can only scan Â鶹´«Ã½IPs that are publically accessable.
  • Provides a default report for each vulnerability scan.
  • Limited scan policies to choose from.
  • External scans may not return detailed vulnerabilities reports compared to internal scans.
Nessus Scanner w/ Tenable.sc
  • Performs vulnerability scans behind your firewall.
  • Does not require the installation of Agents onto individual endpoints.
  • Able to scan publicly and privately accessible resources within your department.
  • Uses Tenable.sc to run scans and view results.
  • Able to create own report templates.
  • Able to create own scan policies to target particular vulnerabilities or increase/decrease the intensity
  • Able to find network based vulnerabilities.
  • Requires the setup and management of a server to perform vulnerability scans.
  • Scan speed is determined by the resources allocated to the scanner.
Nessus Agents w/ ScanÂ鶹´«Ã½+ Nessus Manager
  • Able to perform host based vulnerability and compliance scans.
  • Scanners use minimal resources on the host system.
  • Able to perform scans on assets that are not connected to the Â鶹´«Ã½network.
  • Cannot find network based vulnerabilities.
  • Requires the installation of agent software and use of resources on each endpoint.
  • Scan speed is determined by the resources available on each endpoint.
  • Requires a seperate interface to launch scans on your agents.
  • Requires a seperate interface to manage your agents.

Interested?

Please sign up on our if you would like to host your own Nessus Scanner and/or use Nessus Agents in your environment.


ScanUH

ScanÂ鶹´«Ã½Example Network Diagram

ScanÂ鶹´«Ã½is a self service vulnerability scanner hosted by Â鶹´«Ã½Information Security. ScanÂ鶹´«Ã½is our frontend to Tenable.sc (Tenable Security Center) so user's don't need to go through the hoops of creating and launching a scan. Settings are generic and universial so it can work for the majority of the Â鶹´«Ã½IT community. The scanners connected to ScanÂ鶹´«Ã½can be used to scan publically accessible devices on the Â鶹´«Ã½network. Scans are launched using our web application and does not require the installation of any software or endpoint resources.

ScanÂ鶹´«Ã½is best suited for those who only have publicly accessible endpoints and want an external vulnerability assessment without the installation of any software or use of host resources. Results are skwed if there is a Firewall, IDS, or IPS infront of the devices scanned.

Responsibility Matrix

Tasks IT Specialist Â鶹´«Ã½InfoSec
Perform Scans R/A I
Risk Analysis R/A I/C
Manage Scanner R

R = Responsible
A = Accountable
C = Consulted
I = Informed

Minimum System Requirements

None

Nessus Scanner w/ Tenable.sc

Nessus Scanner Network Diagram

The Nessus scanner is a network based vulnerability assessment tool that can be used to scan a range of endpoints within a designated network. The Nessus scanner will collect vulnerability and compliance data from each endpoint and send it back to Tenable.sc. Multiple Nessus scanners can be used to maximize coverage across networks and minimize resource uses. Individual endpoints do not require the installation of any software to be scanned.

The Nessus scanner is best suited for those who want a network based vulnerability assessment of endpoints within a private or publicly accessible network and are able to designate a server's resources to vulnerability scanning.

Deployment Considerations

When deploying Nessus, knowledge of routing, filters, and firewall policies is often helpful. Deploying behind a NAT device is not desirable unless it is scanning the internal network. Any time a vulnerability scan flows through a NAT device or application proxy of some sort, the check can be distorted and a false positive or negative can result.

In addition, if the system running Nessus has personal or desktop firewalls in place, these tools can drastically limit the effectiveness of a remote vulnerability scan. Host-based firewalls can interfere with network vulnerability scanning. Depending on your firewall's configuration, it may prevent, distort, or hide the probes of a Nessus scan.

Certain network devices that perform stateful inspection, such as firewalls, load balancers, and Intrusion Detection/Prevention Systems, may react negatively when a scan is conducted through them. Nessus has a number of tuning options that can help reduce the impact of scanning through such devices, but the best method to avoid the problems inherent in scanning through such network devices is to perform a credentialed scan.

Source:

Responsibility Matrix

When using the Tenable.sc, you will be provided with a Security Manager account. The role of the Security Manager account has been separated from the IT specialist role in the responsibility matrix below to demonstrate the usage of the account.

Tasks IT Specialist Security Manager Account Â鶹´«Ã½InfoSec
Perform Scans A R I
Manage Organization R C I
Risk Analysis A R I/C
Management of Tenable.sc Server I I R
Setup and Manage Nessus Scanner R C I/C

R = Responsible
A = Accountable
C = Consulted
I = Informed

Minimum System Requirements

  • OS: Windows, macOS, Major Linux Distros ()
  • CPU: 4 2GHz cores
  • Memory: 4 GB RAM (8 GB recommended)
  • Disk Space: 30GB

Licensing

The Nessus Scanners are licensed by the number of IPs scanned. The Nessus Scanners need to connect to InfoSec's Tenable.sc to receive a valid license. Since it's licensed per IP, you can run as many scanners as needed. Our license is a shared resource so please restrict select "critical" subnets to scan.

Nessus Agents w/ ScanÂ鶹´«Ã½+ Nessus Manager

Nessus Agents Network Diagram

Nessus Agents are lightweight, low-footprint programs that you install locally on hosts to supplement traditional network-based scanning or to provide visibility into gaps that are missed by traditional scanning. Nessus Agents collect vulnerability, compliance, and system data, and report that information back to the Nessus Manager for analysis. With Nessus Agents, you extend scan flexibility and coverage. You can scan hosts without using credentials, as well as offline assets and endpoints that intermittently connect to the internet. You can also run large-scale concurrent agent scans with little network impact.

Nessus agents are best suited for those who want an in-depth vulnerability assessment of endpoints within a private or publicly accessible network and do not mind the use of endpoint resources to perform scans.

Responsibility Matrix

Tasks IT Specialist Â鶹´«Ã½InfoSec
Management of Nessus Manager I R
Install and Update Nessus Agent Software on Endpoints R/A C/I
Manage Users and Initial Onboarding A R
Perform Scans C/I R/A
Claim Agents in a timely manner on ScanUH R C

R = Responsible
A = Accountable
C = Consulted
I = Informed

Minimum System Requirements

  • OS: Windows, macOS, Major Linux Distros ()
  • CPU: 2 1GHz cores
  • Memory: 1 GB RAM
  • Disk Space: 2GB

Licensing

The Nessus Agents are licensed per endpoint. The Nessus Agents need to connect to InfoSec's Nessus Manager to receive a valid license. Our license is a shared resource so please restrict to critical endpoints (Servers, Staff, Faculty).