Creating "Gold Build" Audit Policies
Many of Tenable's customers have told us that their provisioning, network management or change control processes require that "like" servers be configured the same way. For example, an organization might run twelve Exchange servers and twenty MS SQL servers. It is good IT practice to configure these systems the same way. If this is a new concept to you, we're talking about configuring similar settings, such as lock out policies, how often passwords should be changed, what sort of software has been installed and so on. If your organization is audited for any reason, it may fall upon you to show that your systems are configured in a manner that is consistent with your own policies.
The WNPC tool is designed to be operated on one "gold" system and then to extract the configuration of that system to produce an audit file for Nessus Direct Feed users. The tool is available as a Windows executable. When it is run, there is a very simple interface which allows for cut n' pasting of the text policy values or for saving to a specific Nessus 3 ".audit" file.
Below is an example screen shot of the Windows Nessus Policy Creator in action:
Any of the .audit files can then be used with Nessus 3 for scanning hosts to see if they are compliant. By "compliant" we mean that a host is configured as expected as compared to this "gold" system. The WNPC tool collects several thousand audit points for access control settings in the registry and file system. It also audits all security policy settings such as password complexity, event logging and lock out policies.
There are many use cases for this technology:
- Security Center users can create per-asset configuration policies and then scan those particular assets for those particular configuration settings.
- Consultants using Nessus 3 and the Direct Feed can quickly create policies for a customer and then scan their other assets for deviations from that policy.
- Policies can be created from "factory" default settings as a baseline, and then an audit of systems in the field can be conducted to detect what has been changed.
- IT Organizations can work with the Windows operating system directly to "harden it" to their liking and then use the WNPC to create the audit policy automatically.
For more information, to read the compliance check documentation and to obtain the Windows Nessus Policy Create tool, please visit the Nessus 3 Agent-less Compliance Checks page.
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
September 26, 2024Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26.
Establishing a Cloud Security Program: Best Practices and Lessons Learned
September 26, 2024As we’ve developed Tenable’s cloud security program, we in the Infosec team have asked many questions and faced interesting challenges. Along the way, we’ve learned valuable lessons and incorporated key best practices. In this blog, we’ll discuss how we’ve approached implementing our cloud security program using Tenable Cloud Security, and share recommendations that you may find helpful.
- Nessus