Nessus合规检查参考指南

需积分: 5 117 浏览量更新于2024-07-08 收藏 4.25MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

"Nessus Compliance Checks Reference.pdf 是Nessus官方最新的文档，涵盖了网络安全性、漏洞扫描以及合规性检查的详细信息。该文档旨在帮助用户理解和使用Nessus进行系统配置审计、数据泄露检测以及合规性验证。文档中包含了各种设备和平台的合规性文件参考，例如Adtran AOS、Amazon Web Services (AWS)、Aruba OS、Blue Coat Proxy SG、Brocade Fabric OS和Check Point GAiA等。此外，还提到了关于字符串匹配的技巧、审计文件语法、关键词调试等内容，为用户提供全面的合规性检查指南。" Nessus是一款广泛使用的网络安全工具，主要用于网络漏洞扫描和合规性检查。在这份官方文档中，Nessus介绍了如何执行这些检查以确保系统的安全性并符合行业标准。以下是一些关键知识点： 1. **合规性检查（Compliance Checks）**：这是Nessus的主要功能之一，用于评估系统是否符合预定义的安全策略和法规要求，如PCI-DSS、HIPAA或NIST等。 2. **合规标准（Compliance Standards）**：文档列举了多种合规标准，用户可以根据自己的需求选择相应的标准来运行检查，确保系统遵循最佳实践。 3. **配置审计（Configuration Audits）**：Nessus通过扫描网络设备的配置文件，查找不安全或不符合标准的设置，从而提供改进建议。 4. **数据泄露防护（Data Leakage）**：Nessus能检测潜在的数据泄露风险，防止敏感信息通过网络流出。 5. **字符串匹配提示（Tips on String Matching）**：这部分提供了在编写自定义检查时如何有效地匹配字符串的指导，这对于创建针对特定环境的合规性检查至关重要。 6. **设备和平台参考文件（Device and Platform References）**：文档包含了多个设备和平台的合规性文件，如Adtran AOS、AWS、Aruba OS等，用户可以找到针对这些系统的具体检查规则和语法。 7. **审计文件语法（Audit File Syntax）**：详细说明了Nessus如何解析和执行审计文件，这对于创建和理解自定义合规性检查规则非常有用。 8. **关键词调试（Keywords Debugging）**：当遇到检查失败或不确定结果时，用户可以通过调试关键词来了解问题所在，优化检查过程。 9. **已知良好审计（Known Good Auditing）**：这是一种验证系统是否处于良好状态的方法，通过与已知安全配置进行对比，确保系统的当前状态是安全的。 10. **平台特定的扫描要求和检查（Platform-Specific Scan Requirements and Checks）**：针对不同平台（如ArubaOS、Blue Coat Proxy SG、Brocade Fabric OS等）的扫描需求和检查方法，确保对每个平台的兼容性和深度扫描能力。 Nessus Compliance Checks Reference文档是Nessus用户进行系统安全管理和合规性验证的重要参考资料，它提供了丰富的信息和指导，有助于提高网络的安全性和合规性管理水平。

资源详情

资源推荐

Configuration Audits, Data Leakage, and Compliance

What is an audit?

Nessus can be used to log into Unix and Windows servers, Cisco devices, SCADA systems, IBM iSeries

servers, and databases to determine if they have been configured in accordance to the local site secur-

ity policy. Nessus can also search the entire hard drive of Windows and Unix systems, for unauthorized

content.

It is important that organizations establish a site security policy before performing an audit to ensure

assets are appropriately protected. A vulnerability assessment will determine if the systems are vul-

nerable to known exploits but will not determine, for example, if personnel records are being stored on

a public server.

There is no absolute standard on security – it is a question of managing risk and this varies between

organizations.

For example, consider the password requirements such as minimum/maximum password ages and

account lockout policies. There may be very good reasons to change passwords frequently or infre-

quently. There may also be very good reasons to lock an account out if there have been more than five

or even disabling lockouts altogether.

These configuration settings have much to do with system management and security policy, but not

specifically system vulnerabilities or missing patches. Nessus can perform compliance checks for Unix

and Windows servers. Policies can be either very simple or very complex depending on the require-

ments of each individual compliance scan.

Audit vs. Vulnerability Scan

Nessus can perform vulnerability scans of network services as well as log into servers to discover any

missing patches. However, a lack of vulnerabilities does not mean the servers are configured correctly

or are “compliant” with a particular standard.

The advantage of using Nessus to perform vulnerability scans and compliance audits is that all of this

data can be obtained at one time. Knowing how a server is configured, how it is patched and what vul-

nerabilities are present can help determine measures to mitigate risk.

Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable NetworkSecurity, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of

Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.