ACAS Nessus scans of Cisco devices

Similar Messages

• Antivirus scan with nessus plugins on cisco nac

  Hello,
  We plan to use nessus plugins with cisco nac.
  For some users, the computer should have any antivirus installed and updated before it can access network.
  For other users, the computer should have mcafee antivirus installed and updated.
  we tried to use plugins ID  16193 for the 1st check and 12107 for the 2d check.
  We'd like to know if we need to configure credentials under scan option on each computer to check
  if so, how to do if it's a guest's computer and we don't have credentials ?
  For test, a credential was configured (under scan option) for the computers.
  we chose "vulnerable if  hole, warning, info".
  We tried to authenticate from a computer that has no antivirus installed, and from another computer that has mcafee installed but outdated.
  we always get "no vulnerability detected" but when we launch test, it reports mcafee installed but outdated for the 2nd PC, no information for the 1st PC.
  we tried to check if ftp service is running on the computer and it works fine.
  We get notification on user's computer for FTP and client is not allowed to access network, but none for Antivirus (either Mcafee or any antivirus).
  - how to do if we need that user are notified when there's no antivirus installed on his computer or when it is outdated ?
  Any advice is extremelly appreciated.

  You must download and install the appropriate Nessus for your PC.
  After you download the latest plugins from the Nessus site, in the directory (for a Windows install) c:/Program Files/Tenable/Nessus/Plugins you will have a "plugin.tar.gz" file. You must rename or copy this to "plugins.tar.gz".
  Next, in the NAC Manager console, under CLEAN ACCESS -> NETWORK SCANNER -> Plugin Updates, browse to the same folder and pick the "plugins.tar.gz" file. It MUST be named exactly as shown - with the S - to work. Perform the UPLOAD. When finished navigate over to the Scan Setup tab and select All in the Show ___ Plugins dropdown. You should hae around 20,000 of them.
  HTH.
  Jim

• Is it recommend to have a vulnerability scan for Cisco ASA device.

  Dear everyone. 
  I have a doubt on vulnerability scan for Cisco ASA device. Currently we have a vulnerability for network devices include firewall. But after run the vulnerability scan for cisco ASA, found nothing show in the scan report. 
  Is it recommend to have a vulnerability scan for Cisco ASA and will it be defeat the purpose of firewall?

  Do I understand are you asking can you configure the ASA to allow an external user run a scan against the internal network?
  If so, the answer is generally no. The ASA will, by default, not allow any inbound connections (or attempted connections) that are not explicitly allowed in an inbound access-list (applied to the outside interface). In most cases there would also need to be network address translation (NAT) rules configured.
  If you had a remote access VPN, you could allow the external scanner to log in via that, Then they would then have the necessary access to scan the internal systems (assuming the VPN granted access to all the internal networks)

• CiscoWorks Nessus scan yellow vulnerability issue

  Hi,
  Nessus scan reports yellow Vulnerability for our CiscoWorks server:
  x.x.x.x (ip address of CiscoWorks server) YELLOW Sybase ASA Client Connection Broadcast Remote
  Information Disclosure Locate service enabled on Sybase server
  sybaseanywhere 2638
  If anyone knows the status for this issue, please let me know.
  We have the following CiscoWorks products and version:
  (LMS 2.6)
  CiscoWorks Common Services 3.0.6
  Campus Manager 4.0.6
  CiscoView 6.1.5
  Device Fault Manager 2.0.11
  Internetwork Performance 2.6.0
  Resource Manager Essentials 4.0.5
  Your help would be greatly appreciated.
  Thanks.
  GY (Gongyuan Yao)
  Contractor (LHC Network Support)
  [email protected] 301-435-3168(o)
  240-417-1488 (c)

  This is CSCsk35018:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk35018
  The following two discussions will shed additional light on top of what the Bug Tool provides:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40^1%40%40.2cc0b896/4#selected_message
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbec487

• Vulnerability on Cisco Devices!!!

  I would like to know the best solution for this three issues on my cisco devices (pix 515e, asa5510, sw 2960s) detected by the Security Metrics Vision Vulnerability Scan:
  1. SSL server accepts weak ciphers.
  2. SSL certificate is signed with weak hash function: MD5.
  3.TLS Protocol Session Renegotiation Security Vulnerability.
  Thank you for any assistance!!!
  Orlando

  > 1. SSL server accepts weak ciphers.
  Specify just the ciphersuites you like, e.g.
      ssl encryption aes256-sha1 3des-sha1
  I'm not sure about (2) and (3); open a TAC with Cisco; they may not be possible to work around on the current software.
  -- Jim Leinweber, WI State Lab of Hygiene

• Unable to open 2 9509 switches at the same time in Cisco Device Manager

  Dear Friends,
  There are a pair of MDS 9509 switches whose management addresses are 172.16.2.197 and 172.16.2.198.
  When we try to manage these Devices through Cisco device manager, the first device opens up without any problem, but when the second 9509 is opened in Cisco Device Manager, it fails giving the following error message:
  "Open udp transport failed: Address already in use: Cannot bind"
  To get around this issue, if we close the first interface to the 9509 switch, then we are able to open up the second 9509 in Device Manager.
  We have this problem only in Cisco device manager. If we open one switch in Cisco device manager and the other switch in Cisco Fabric Manager, it works.
  Also, we can telnet to both the devices successfully at a time.
  The device manager in use is 4.1.
  Please find enclosed the sh version outputs for your kind reference.
  Can you please help me understand the cause of this issue?
  Thanks a lot
  Gautam

  Is it always the same MDS that fails to open, or can you open either one first, and then the second one poses the problem (no matter which one is second)?
  Can you try from a second work station and see if you can open DM to both switched at the same time? I suspect the address it is complaining about is the local workstation IP, not the MDS IP.
  If you open the FM map, then you click on the MDS ICONs, can you open DM to both MDS?
  - Mike

• Cisco devices that support Multicast traffic?

  Folks,
  I am looking for list of Cisco devices that support Multicast traffic. Does anyone know how to get this information?
  Thanks,
  Nagesh 

  Cisco Feature Navigator

• Nessus scan on AS 10.1.2.0.2 gives HIGH vulnarabilities

  Anyone run into "nessus" scan problems with AS?
  I have SSL enabled AS using SSLConfigTool and "nessus" gives below when Secuity scans the server. I have applied the Jan07 CPU to this AS.
  Any advise, greatly appreciated.
  Scan Results:
  nv-video (4444/tcp)
  It was possible to kill the HTTP proxy by
  sending an invalid request with a too long header
  A cracker may exploit this vulnerability to make your proxy server
  crash continually or even execute arbitrary code on your system.
  Solution: upgrade your software
  Risk Factor : High
  CVE : CVE-2002-0133, CVE-2002-0133
  BID : 3904, 3905, 3904
  Other references : OSVDB:6804
  Plugin ID : 11715
  It was possible to kill the web server by
  sending an invalid request with a too long HTTP 1.1 header
  (Accept-Encoding, Accept-Language, Accept-Range, Connection,
  Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since,
  Max-Forwards, TE, Host)
  A cracker may exploit this vulnerability to make your web server
  crash continually or even execute arbirtray code on your system.
  Solution: upgrade your software or protect it with a filtering reverse proxy

  Anyone run into "nessus" scan problems with AS?
  I have SSL enabled AS using SSLConfigTool and "nessus" gives below when Secuity scans the server. I have applied the Jan07 CPU to this AS.
  Any advise, greatly appreciated.
  Scan Results:
  nv-video (4444/tcp)
  It was possible to kill the HTTP proxy by
  sending an invalid request with a too long header
  A cracker may exploit this vulnerability to make your proxy server
  crash continually or even execute arbitrary code on your system.
  Solution: upgrade your software
  Risk Factor : High
  CVE : CVE-2002-0133, CVE-2002-0133
  BID : 3904, 3905, 3904
  Other references : OSVDB:6804
  Plugin ID : 11715
  It was possible to kill the web server by
  sending an invalid request with a too long HTTP 1.1 header
  (Accept-Encoding, Accept-Language, Accept-Range, Connection,
  Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since,
  Max-Forwards, TE, Host)
  A cracker may exploit this vulnerability to make your web server
  crash continually or even execute arbirtray code on your system.
  Solution: upgrade your software or protect it with a filtering reverse proxy

• Archive process hung on all cisco devices - help

  I have Archive setup on all of my devices in the enviornment to archive configs via tftp to a server on the network.  A team mate of mine elected to down that box because the "did no know what it was."  Now I have a process hung on every one of my cisco devices that is preventing the archive from performing.  I am hoping to find a way to stop this process short of a rebuild of every on of my devices.
  PID
  QTy
  PC
  Runtime(ms)
  Invoked
  uSecs
  Stacks
  TTY
  Process
  295
  Lsa
  1E3BD48
  0
  23
  0
  4404/6000
  0
  Archive Config
  Jan  2 10:26:53: %ARCHIVE_CONFIG-4-ARCHIVE_SKIPPED: Archive of router configuration was skipped due to a previous initiation.

  Appologies, I assume most would realize this...but I meant to say "short of a REBOOT of every ONE of my devices".  Symptom to too many things at once.  Thanks.

• ISE version 1.0 - Unable to get management access for cisco devices

  Hi All,
  I want to manage all cisco devices with read and write privilege with ISE 1.0.
  Is this functionality is available in this version?
  I configured the 2960 switch.  On switch  redius test is successful. When I telnet to the switch, it ask for username and password. But message is authorization fail. But on ISE shows authentication is successful.
  Is it configuration issue or this feature is not available in this version?
  Regards,
  Hanumant

  Hanumant,
  You will have to create an authorization profile to send back the privilege level for the user:
  Here is the attribute (cisco-av-pair) you will have to send back:
  shell:priv-lvl=xx

• Automatic back up on Cisco devices

  I am planned to do the automatic configuration on all my network devices.. I  had successfully implemented  automatic back up  configuration on Router and switches with krone policy. But i am not able to configure the same  on ACS,ACE & ASA firewall and ISE.
  all are cisco devices. I can able to configure krone policy on ACS but back up was not working,   kindly suggest how to configure automatic back up on above said devices.

      archive command we had bug in cisco. It not taking the back up correctly as per time configuration. Right i am looking freeware to take the back up locally with my windows machine.
     Marvin option was good. But we need linux server( VM need to create) and also network not much aware of linux commands. So its difficult for us implement with out much knowledge about  Linux.
  I had  implemented krone policy but its working fine for router and switch only then i had problem  to take back up of ACS,ISE,ACE and firewall . The automatic back up tool should be unique.

• Which cisco device to register a 7921g to?

  what cisco devices are capables to register a 7921g wifi ip phone?
  I think I can do it wiht a uc520 for example, but,  there would be any other smaller device?
  I have a cisco srp527 wich gives me dsl conection, and I´m trying to connect it with some cisco device which I can register the 7921g against.
  I would appreciate some advice
  Thank you in advance
  Javier

  If you have a cisco router that runs CME (Call Manager Xpress) then you can register your 7921 on to it
  Here are the basic steps for that
  https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/6346-102-1-20737/CCNA-Voice%20VoIP.pdf
  I am not too sure about SME products you mentioned
  HTH
  Rasika
  ****Pls rate all useful responses *****

• Non-Cisco devices support in LMS 4.1

  Hi! How i could import third party MIB file for my devices? Is there any guide/manual for working with non-cisco devices?

  Specifically which module are you talking about?
  The most flexibile module is HUM which has support for third party devices
  Most modules do not support non cisco devices, compelte list is here:
  http://www.cisco.com/en/US/products/ps11200/products_device_support_tables_list.html
  Regards
  Farrukh

• How can I restore out of box configuration on Cisco device?

  Hello,
  The new Cisco devices (routers and switches) are coming with some default (out of box) configuration, but not without configuration, not with blank configuration.
  I realized that there is some command that can restore thе default configuration. But I can't find it.
  What is this command? Anyone does it know?
  Thanks in advance!
  Best Regards,
  Tsvety

  Mike's suggestion was correct. I would only add that one needs to erase vlan.dat if you have a switch that was used elsewhere. Cisco procedure linked here (for switches) and here (for routers).
  Even a brand new factory-fresh box will have SOME configuration bits on it. A skeleton configuration - the default VLAN 1, empty interface definitions, etc. will always be there. The only way to remove everything would be to erase flash altogether forcing one to boot in rommon (not very useful).

• Change hostname on Cisco devices that are in production

  I'm new to Cisco devices and to my current job as network analyst. Mostly in an attempt to establish consistency and to ease identification, I'd like to change the hostname of most of our Cisco switches and routers. However, I don't want to create any other problems.
  If I proceed with the hostname change on our Cisco devices that are in production, would there be any negative impact that I may expect?
  Thanks in advance!

  Hi
  Couple of things spring to mind
  1) DNS resolution. How do you resolve the hostnames for your routers/switches now ?. if you do it via DNS then you need to update it to reflect the new name.
  2) Any scripts etc. that you may use to automate taks on your network may need updating although if they use DNS to resolev just see 1
  3) SSH. If you are using SSH to manage your routers/switches and you change the hostname the ssh key will become invalid. You will need to regenerate the key.
  HTH
  Jon