NAC Appliance & Nessus Scanning

Unanswered Question
Nov 7th, 2007
User Badges:
  • Bronze, 100 points or more

Hi All,


In the process of getting our NAC appliance setup moved into a production level. We have everything working up to getting Nessus scanning working. I'm a bit confused by the documentation. It appears as though Nessus scanning only applys to web login users... is this correct? The doc shows activating Nessus vulnerability handling under General Setup -> Web Login. I don't see anywhere how to enable it for an agent environment. I have a setup where our test user is placed into the proper roles, and I have selected a Nessus vulnerabilty for that role. I never see the scan happen though. It's as if the agent isn't required to go through vulnerability scanning before being placed into his or her role. Is that correct? Thanks in advance for any help!


-Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pmccubbin Wed, 11/07/2007 - 07:05
User Badges:
  • Silver, 250 points or more

Hi Michael,


You must be very busy. Your fine blog has gone without an update for too long.


To answer your question, Nessus Scanning applies to both web login users and users with the Agent installed.


You would be very interested in the book from the Cisco Press by Jamey Heary on the NAC Appliance. It was published this last August and contains much clearer explanations than the Cisco documentation. Though I would still read everything in the Cisco docs and release notes.


Pages 266 in the Heary book is where it begins to explain the process of downloading the plugins from Nessus, renaming them so they can be uploaded into the CAM, and then selecting the User Role to configure scanning on.


Hope this helps.


Best,


Paul

wiluszm Thu, 11/08/2007 - 08:41
User Badges:
  • Bronze, 100 points or more

Paul,


Good to hear from you. I have been rather busy and I'm hoping to get some time in the near future to get the blog updated. The CMPC program I wrote has been quite popular with nearly 400 downloads so far.


Back to the issue of Nessus scans. We're looking good, getting scans done now on the agent side. But I'm trying to test by enabling the TFTP server detected plugin. I have it setup as seen in the attachment. When I test against the workstation, it shows that it detected the TFTP server running. But, when the user logs in with the agent and is placed in that same role, they never are notified they are vulnerable. Why is that?


Thanks for the help so far!


-Mike

http://cs-mars.blogspot.com



Attachment: 
pmccubbin Thu, 11/08/2007 - 08:57
User Badges:
  • Silver, 250 points or more

Hi Mike,


It appears from the .jpg you didn't configure a URL that can assist users in remediating their systems.


After you enter the Instructions, enter a Link and click Update.


Let us know if that does the trick.


Best,


Paul

wiluszm Thu, 11/08/2007 - 11:10
User Badges:
  • Bronze, 100 points or more

Paul,


No luck by adding a URL. If I edit the web settings and tell it to block user access if they fail vulnerability check. The user does fail and a report is generated, but the user only sees a screen stating they were blocked and under detail it's blank. Not sure. I looked in the book and it provides about as much details as the docs. It does show a screenshot of the agent showing the user which vulnerability check he or she failed, but I can't get that on my agent.


-Mike

pmccubbin Thu, 11/08/2007 - 12:25
User Badges:
  • Silver, 250 points or more

Mike,


Out of curiosity did you do any work with the User Agreement Configuration? Not sure if it will help.


If a couple of reboots doesn't fix it then please open a TAC case and let us know what you find out.


Paul

wiluszm Fri, 11/09/2007 - 06:57
User Badges:
  • Bronze, 100 points or more

Paul,


Tried setting some text for the UA and still the same screen. I'm gonna lean on TAC, I'll let you know how it goes. Thanks for all the input so far.


-Mike

http://cs-mars.blogspot.com

Actions

This Discussion