Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tracking Cisco, Juniper, and PaloAlto Authentication Scan Results

by Cesar Navas
July 16, 2019

To ensure they have the most complete information about the security posture of assets, organizations should deploy scans that use credentials. Scans that use credentials and successfully authenticate on a system (and run with Local Security Checks enabled) return a much more comprehensive set of data about the system. This Assurance Report Card (ARC) provides the ability to report and analyze authenticated scan results for Network Devices, such as Cisco, Juniper, and PaloAlto. 

When managing a large enterprise, problems often arise when verifying the validity of a vulnerability scan. However, challenges can arise while ensuring the Operating System (OS) is correctly identified so that the relevant checks can be run and that the system is properly authenticated. For example, some hosts may have invalid credentials, valid credentials but insufficient privileges, or connectivity issues. Through the use of Dynamic Assets, Tenable.sc is able to group devices together for a comparative analysis.  Using the ARC, Tenable.sc provides advanced analysis capabilities to facilitate and easily distribute this functionality to organizations.   

This ARC presents a series of policy statements which, together, can be used to troubleshoot, fix, and verify authenticated scan results. The policy statements are grouped so that the analyst can focus on issues related to OS Detection, Authentication Errors, and Authentication Success. The first four policy statements relate to OS detection and the OS detection confidence level. The first policy statement reports on systems that are scanned by Nessus that are suspected of being Cisco, Juniper, or PaloAlto network devices. The next policy statement helps identify suspected network devices for which identifying the OS was not possible. Examine these systems so that these systems can be properly identified and then authenticated. The next two policy statements indicate the OS detection confidence level of systems suspected of being network devices where the OS was identified.

The following five policy statements help isolate various types of authentication-related issues that may occur. Policy statements five through eight are split in between two sections of the ARC: Authentication Errors and Authentication Success. Policy statement five and six help identify network devices with authentication errors. The next three policy statements start the Authentication Success section of the ARC and provide analysts with a clear view of systems with successful credentials that may still have authentication problems.

Finally, the last policy statement shows those systems identified as Cisco, Juniper, or PaloAlto network devices with successful authentication, with local checks enabled, and without authentication errors.

This ARC is available in the Tenable.sc feed, which is a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The ARC can be easily located in the Tenable.sc feed under the Compliance category. The ARC requirements are as follows:

  • Tenable.sc 5.9.0
  • Nessus 8.4.0

This ARC provides the organization with clear and simplified method to identify Cisco, Juniper, and PaloAlto devices for analysis. By first Discovering the systems suspected of being a Cisco, Juniper, and PaloAlto device from the scanned devices, the ARC can then assess the operating systems of the targets to ensure the devices are indeed Cisco, Juniper, and PaloAlto devices. Then, the data is Analyzed for proper authentication, which facilitates the Fix and Measuring steps to the Cyber Exposure Lifecycle. Tenable.sc is the On-Prem solution for understanding a comprehensive picture of the network, while keeping the data under the organization’s control. Built on leading Nessus technology, Tenable.sc discovers unknown assets and vulnerabilities, and monitors unexpected network changes before they turn into breaches 

ARC Policy Statements

  1. Number of systems scanned suspected to be a Cisco, Juniper, or PaloAlto network device - This policy statement displays a ratio number of the systems identified as a Cisco, Juniper, or PaloAlto network device compared to the total number of systems scanned. Compliance for this policy is Any system matching the policy.

  2. OS Detection: Suspected Cisco, Juniper, or PaloAlto devices where OS detection was not successful - This policy identifies systems that are suspected of being Cisco, Juniper, or PaloAlto devices, but for some reason the OS was not discovered. Systems that match this policy should be investigated for misconfiguration, valid login credentials, or for proper identification as a network device. Compliance for the policy is No systems matching the policy.

  3. OS Detection: Less than 6% of Systems suspected to be Cisco, Juniper, or PaloAlto devices where OS detection confidence level was less than 95 - This policy identifies systems that were suspected of being Cisco, Juniper, or PaloAlto devices, however, to a degree, Nessus was not confident of the operating systems. Systems matched by this policy should be investigated for misconfiguration, valid login credentials, or for proper identification as a network device. Compliance for the policy is less than 6% systems matching the policy, which allows for new systems that are found to be on the network.

  4. OS Detection: Greater than 94% of Systems suspected to be Cisco, Juniper, or PaloAlto devices where OS detection confidence level was greater than 94 - This policy identifies systems that were scanned and suspected of being Cisco, Juniper or PaloAlto devices. Nessus is confident of the identified operating system. Compliance for the policy is greater than 94% systems matching the policy.

  5. Authentication Errors: Systems Suspected as Cisco, Juniper, or PaloAlto devices and Authentication Failures - This policy identifies systems with no matching authentication plugins. This could mean no suitable protocol was presented to Nessus, no credentials were available for the operating system, or another issue is present. These systems should be investigated and special attention should be paid to how the operating system was detected and what condition exists that prevents proper authentication attempts. Compliance for the policy is No systems matching the policy.

  6. Authentication Errors: Systems Suspected as Cisco, Juniper, or PaloAlto devices with No authentication attempts recorded - This policy identifies systems where the OS is correctly identified as a Cisco, Juniper, or PaloAlto device, however, the credentials provided with the scan failed to allow Nessus to login correctly. Invalid credentials, incompatible protocol settings, or other similar problems could cause this issue. The vulnerability data collected on this system should be considered incomplete. This policy statement displays a ratio number of the systems so identified compared to the total number of Cisco, Juniper, or PaloAlto devices. Compliance for the policy is No systems matching the policy.

  7. Authentication Success: Systems identified as Cisco, Juniper, or PaloAlto devices and Authentication Failures - This policy identifies systems where the operating system is correctly identified and with authentication success, however, the credentials provided with the scan failed to allow Nessus to login correctly. Invalid credentials, incompatible protocol settings, or other similar problems could cause this issue. The vulnerability data collected on this system should be considered incomplete. Compliance for the policy is No systems matching the policy.

  8. Authentication Success: Systems identified as Cisco, Juniper, or PaloAlto devices with Local Checks disabled - This policy provides a list of systems that have been successfully authenticated, however, local checks were not enabled. While these systems should be considered successfully authenticated, there could be missing vulnerability data. System administrators should investigate these systems for misconfiguration. This policy statement displays the percentage of Cisco, Juniper, and PaloAlto devices identified compared to the total number of network devices with Local Checks disabled. Compliance for the policy is No systems matching the policy.

  9. Authentication Success: Less than 6% of Systems identified as Cisco, Juniper, or PaloAlto devices with Local Checks Enabled & Errors - This policy provides a list of systems that have been successfully authenticated, however, there were recorded problems related to permissions or access to any number of resources. While these systems should be considered successfully authenticated, there could be missing vulnerability data. System administrators should investigate these systems for misconfiguration or possible insufficient privileges for the scan account. This policy statement displays the percentage of Cisco, Juniper, and PaloAlto devices identified compared to the total number of network devices with Local Checks enabled. Compliance for the policy is less than 6% systems matching the policy, which allows for new systems that are found to be on the network.

  10. Authentication Success: Greater than 94% Systems identified as Cisco, Juniper, or PaloAlto devices with Successful Authentication, Local Checks, and without Errors - This policy identifies the majority of Cisco, Juniper, and PaloAlto devices on the network. Analysts can rely on the vulnerability data collected for these targets. Nessus was able to login and collect missing patches, compliance settings, and many other risk indicators based on the applied scan policies. Compliance for the policy is greater than 94% systems matching the policy.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training