Transcript 3D Tool Examples - Tenable Discussions Forum

Dave Breslin (@ Tenable Discussions Forum)
Tenable Documentation
 3D Tool 2.0 User Guide
 3D Tool 2.0 Quick Start Guide
Topology
 Topology derived from Nessus traceroute data
 Consider creating a user in SecurityCenter just for use
with the 3D Tool
 Filter a SecurityCenter traceroute query by address to
control the areas of your network to render
Nessus Traceroute Plugin 10287
SC Host Query
IP Topology Configuration
(Create a login first, see 3D Tool 2.0 Quick Start Guide->Step 4)
Topology Rendering for Host
Network Topology Rendering
(Use another SecurityCenter 10287 query not filtered on a single host)
Internet Facing Services
 Use 3D Tool “Modifiers” to highlight Internet facing




services
Hosts will have raised bars representing counts for
Internet facing services
Its important to understand where host services are
exposed to the Internet when prioritizing vulnerabilities
Use PVS plugin 14, “Accepts External Connections”
Use existing network topology demonstrated in previous
slide
PVS Plugin 14
SC Plugin 14 Query
Modifier (PVS Plugin 14)
(3D Tool 2.0 User Guide -> Modifiers -> Count List)
Ensure to use “Total Vulns” from the Internet Facing Services SecurityCenter Query
Internet Browsing Services
 Use a “Count List” Modifier like the previous Internet




Facing Services example
Hosts will have raised bars representing counts for
services they connect to on the Internet
Its important to understand where hosts reach out to the
Internet when prioritizing “client” vulnerabilities
Client vulnerabilities are detected by PVS and Nessus
when using credentialed scans
Use PVS plugin 16, “Outbound external connection”
PVS Plugin 16
Port 21 FTP Connections
 Use a “Connections List” Modifier
 Show connection line for hosts that connect to port 21
 Dark shaded side of a connection line will highlight a host
that makes a connection to port 21
 White shaded side of a connection line will highlight a
host that provides a service on port 21
 Its important to understand on a network where services
are provided and used
 Use PVS plugin 3, “Internal client trusted connection”
PVS Plugin 3
SC Query FTP Connections
Modifier (PVS Plugin 3)
(3D Tool 2.0 User Guide -> Modifiers -> Connections List)
Nessus Versus PVS Vulns
 Use two “Count List” Modifiers
 Hosts will have bars on top of them representing Nessus




vulnerability counts
Hosts will have bars below them representing PVS
vulnerability counts
Its important to look for potential gaps in coverage
Nessus gaps might be caused by unscanned service ports,
infrequent host scanning or lack of credentialed scanning
PVS gaps might be caused by configuration errors,
network visibility issues or poor operations management
SC Vuln Queries
Consider filtering out info and low severity rated vulnerabilities
Modifiers (Vulnerability Counts)
(3D Tool 2.0 User Guide -> Modifiers -> Count List)
Ensure to use “Total Vulns” from both queries