cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
675
Views
0
Helpful
6
Replies

NAC Appliance & Nessus Scanning

wiluszm
Level 1
Level 1

Hi All,

In the process of getting our NAC appliance setup moved into a production level. We have everything working up to getting Nessus scanning working. I'm a bit confused by the documentation. It appears as though Nessus scanning only applys to web login users... is this correct? The doc shows activating Nessus vulnerability handling under General Setup -> Web Login. I don't see anywhere how to enable it for an agent environment. I have a setup where our test user is placed into the proper roles, and I have selected a Nessus vulnerabilty for that role. I never see the scan happen though. It's as if the agent isn't required to go through vulnerability scanning before being placed into his or her role. Is that correct? Thanks in advance for any help!

-Mike

6 Replies 6

pmccubbin
Level 5
Level 5

Hi Michael,

You must be very busy. Your fine blog has gone without an update for too long.

To answer your question, Nessus Scanning applies to both web login users and users with the Agent installed.

You would be very interested in the book from the Cisco Press by Jamey Heary on the NAC Appliance. It was published this last August and contains much clearer explanations than the Cisco documentation. Though I would still read everything in the Cisco docs and release notes.

Pages 266 in the Heary book is where it begins to explain the process of downloading the plugins from Nessus, renaming them so they can be uploaded into the CAM, and then selecting the User Role to configure scanning on.

Hope this helps.

Best,

Paul

Paul,

Good to hear from you. I have been rather busy and I'm hoping to get some time in the near future to get the blog updated. The CMPC program I wrote has been quite popular with nearly 400 downloads so far.

Back to the issue of Nessus scans. We're looking good, getting scans done now on the agent side. But I'm trying to test by enabling the TFTP server detected plugin. I have it setup as seen in the attachment. When I test against the workstation, it shows that it detected the TFTP server running. But, when the user logs in with the agent and is placed in that same role, they never are notified they are vulnerable. Why is that?

Thanks for the help so far!

-Mike

http://cs-mars.blogspot.com

Hi Mike,

It appears from the .jpg you didn't configure a URL that can assist users in remediating their systems.

After you enter the Instructions, enter a Link and click Update.

Let us know if that does the trick.

Best,

Paul

Paul,

No luck by adding a URL. If I edit the web settings and tell it to block user access if they fail vulnerability check. The user does fail and a report is generated, but the user only sees a screen stating they were blocked and under detail it's blank. Not sure. I looked in the book and it provides about as much details as the docs. It does show a screenshot of the agent showing the user which vulnerability check he or she failed, but I can't get that on my agent.

-Mike

Mike,

Out of curiosity did you do any work with the User Agreement Configuration? Not sure if it will help.

If a couple of reboots doesn't fix it then please open a TAC case and let us know what you find out.

Paul

Paul,

Tried setting some text for the UA and still the same screen. I'm gonna lean on TAC, I'll let you know how it goes. Thanks for all the input so far.

-Mike

http://cs-mars.blogspot.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: