3D Tool Examples Dave Breslin (@ Tenable Discussions Forum)

Slides:



Advertisements
Similar presentations
Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect.
Advertisements

E-MENTORING Introduction The UNC Online Mentoring system provides the means for users to connect with program approved mentors. This presentation will.
Leveraging Continuous View to Hunt Malware. Why hunt for malware? Scanned services Unauthorized systems Patches Config Unauthorized software Malware Malware.
Navigating the New SAQs (Helping the 99% validate PCI compliance)
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Breaking Kill Chains A “How To” Guide for SecurityCenter.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
SecurityCenter Reporting Nessus Scan Report. SecurityCenter Reports For customers who use Nessus for vulnerability scanning and then move to SecurityCenter,
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Essential NetTools Pranay Kumar. Essential NetTools  This tool is a set of network tools useful in diagnosing networks and monitoring your computer's.
Vulnerability Assessments with Nessus 3 Columbia Area LUG January
Vulnerability Scanning at NU Robert Vance NUIT-Telecom & Network Services.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Web server security Dr Jim Briggs WEBP security1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
User Responsibility A “How To” Guide for SecurityCenter.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Finding Exploitable Admin Systems A “How To” Guide for SecurityCenter.
Vulnerability Types And How to Use Them.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Website Hardening HUIT IT Security | Sep
Using Iterators in Reports
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Network Connectivity Options Currently offered by Wyless.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Malware Hunter How To Guide for SecurityCenter Continuous View™
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Users Guide. Connect to RFID System Assure connection to local WiFi node Attempt to connect to Internet. If connection cannot be achieved have IT department.
Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Standardized Threat Indicators Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect Intelligence Research.
Using Assets with Dashboards A Guide. About this Guide This guide shows how to create, export, and load a dashboard that requires an asset This guide.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Module 5: Configuring Access for Remote Clients and Networks.
TZO Troubleshooting Training for Agents By Erik Collett
DSL-520B. What is a DSL-520B -ADSL2+ MODEM ROUTER -1 RJ-11 ADSL port, 1 RJ-45 10/100BASE-TX Ethernet LAN port with auto MDI/MDIX -Factory reset button.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.
MIS Week 6 Site:
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
0 eCPIC Admin Training: OMB Submission Packages and Annual Submissions These training materials are owned by the Federal Government. They can be used or.
Module 7: Advanced Application and Web Filtering.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Security fundamentals Topic 10 Securing the network perimeter.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
How to Setup Scan to on most Sharp Models.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Using Find / Update in SecurityCenter Reports A “How To” Guide for SecurityCenter.
DCS230 Centralized or Decentralized Data Transfer Prof. Nalini Venkatasubramanian -Myung Guk Lee -YunHo Huh -Abhinav.
NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.
CIRCABC How to use FTP protocol in CIRCABC CIRCABC TEAM.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
Security fundamentals
Major focus areas derived from NIST Guidelines
Chapter 7: Identifying Advanced Attacks
Automating Security Frameworks
Backdoor Attacks.
Section 13 - Integrating with Third Party Tools
Vulnerability Scanning with Credentials
Introduction to SQL Server 2000 Security
Configuring TMG as a Firewall
IIS.
IS 4506 Server Configuration (HTTP Server)
How to use FTP protocol in CIRCABC CIRCABC TEAM
Presentation transcript:

3D Tool Examples Dave Breslin (@ Tenable Discussions Forum)

Tenable Documentation 3D Tool 2.0 User Guide 3D Tool 2.0 Quick Start Guide

Topology Topology derived from Nessus traceroute data Consider creating a user in SecurityCenter just for use with the 3D Tool Filter a SecurityCenter traceroute query by address to control the areas of your network to render

Nessus Traceroute Plugin 10287

SC Host Query

IP Topology Configuration (Create a login first, see 3D Tool 2.0 Quick Start Guide->Step 4)

Topology Rendering for Host

Network Topology Rendering (Use another SecurityCenter 10287 query not filtered on a single host)

Internet Facing Services Use 3D Tool “Modifiers” to highlight Internet facing services Hosts will have raised bars representing counts for Internet facing services Its important to understand where host services are exposed to the Internet when prioritizing vulnerabilities Use PVS plugin 14, “Accepts External Connections” Use existing network topology demonstrated in previous slide

PVS Plugin 14

SC Plugin 14 Query

(3D Tool 2.0 User Guide -> Modifiers -> Count List) Modifier (PVS Plugin 14) (3D Tool 2.0 User Guide -> Modifiers -> Count List) Ensure to use “Total Vulns” from the Internet Facing Services SecurityCenter Query

Internet Browsing Services Use a “Count List” Modifier like the previous Internet Facing Services example Hosts will have raised bars representing counts for services they connect to on the Internet Its important to understand where hosts reach out to the Internet when prioritizing “client” vulnerabilities Client vulnerabilities are detected by PVS and Nessus when using credentialed scans Use PVS plugin 16, “Outbound external connection”

PVS Plugin 16

Port 21 FTP Connections Use a “Connections List” Modifier Show connection line for hosts that connect to port 21 Dark shaded side of a connection line will highlight a host that makes a connection to port 21 White shaded side of a connection line will highlight a host that provides a service on port 21 Its important to understand on a network where services are provided and used Use PVS plugin 3, “Internal client trusted connection”

PVS Plugin 3

SC Query FTP Connections

(3D Tool 2.0 User Guide -> Modifiers -> Connections List) Modifier (PVS Plugin 3) (3D Tool 2.0 User Guide -> Modifiers -> Connections List)

Nessus Versus PVS Vulns Use two “Count List” Modifiers Hosts will have bars on top of them representing Nessus vulnerability counts Hosts will have bars below them representing PVS vulnerability counts Its important to look for potential gaps in coverage Nessus gaps might be caused by unscanned service ports, infrequent host scanning or lack of credentialed scanning PVS gaps might be caused by configuration errors, network visibility issues or poor operations management

SC Vuln Queries Consider filtering out info and low severity rated vulnerabilities

Modifiers (Vulnerability Counts) (3D Tool 2.0 User Guide -> Modifiers -> Count List) Ensure to use “Total Vulns” from both queries

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.