Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
3
Replies

CCA unreliable Network Scanning using Clientless Mode

aonibala
Level 1
Level 1

‎04-26-2006 09:51 AM - edited ‎03-09-2019 02:44 PM

Cisco claimed that the Nessus based Network Scanning of CCA using "clientless mode" can determine missing Microsoft patches (CCA agent mode performs flawlessly). Our appliances version 3.6.2 can NOT detect most of the missing patches. When we create a local account known to the CCA, it can only determine less than 50% of the missing patches.

We got the same result also when we scan the computers using Nessus running on Linux, with the Safe Check enabled (I will scan them again with the Safe Check disabled). Thus we know that the poor performance is caused by the inherited Nessus limited scanning capability.

Any advise is welcome!

thanks,

Audie

Labels:
0 Helpful
3 Replies 3

thomas.chen
Level 6
Level 6

‎05-03-2006 08:53 AM

I suggest using a sniffer on your client pc to verify that the scan is making it to the host. Please be aware that the scanning module is Nessus and that no Nessus plugins are tested or supported by cisco.

"With release 3.6(0) and above, you can use Nessus 2.2 plugins to perform network scanning in Cisco Clean Access. The filename of the uploaded Nessus plugin archive must be plugins.tar.gz.

Note that most Nessus 2.2 plugins are backwards compatible with Nessus 2.0. Plugins not compatible with Nessus 2.2 can be updated by uploading

a new plugins.tar.gz archive."

http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/cca/cca36/36rnhtm#wp38802

0 Helpful

aonibala
Level 1
Level 1
In response to thomas.chen

‎05-08-2006 09:15 AM

Hi Thomas,

Yes the network scan is hitting the computers. The success rate determining missing patches is 5% using clientless. The rate goes up to 50-60% when local account known to CCA is created. The client mode has "great" success rate, but we cannot install it to the client computers.

Cisco SE's have checked the CCA, and stated that the thin-java client is our best hope. It may arrive in the end of this year :-(

thanks,

Audie

0 Helpful

aonibala
Level 1
Level 1
In response to aonibala

‎05-16-2006 07:01 AM

We have better luck by disabling the "Safe Check". It is an unsupported configuration, but the network scanning get "slightly" better result. The success rate is about 10-20%, and it did not crash the XP computers.

I hope the thin java applet will come out soon.

thanks,

Audie

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents