NORMAL – scans the Nessus default set of ports (~5000) or.QUICK – scans the ports known to be associated with SSL (such as HTTPS, IMAP, LDAP, NNTP, POP3, SMTP, XMPP, SQL).Select the type of scan you want to perform based on the following levels of “intrusiveness”: Step One: Name your policy and modify any of the other optional settings then click on “Next”: Select the Heartbleed Detection wizard and you will be guided through a simple two-step process. To use the wizard simply click on the “Policies” tab and then click on “New Policy”. This wizard will create a policy that performs a remote check for the Heartbleed vulnerability (CVE-2014-0160) on all ports where SSL is detected. To facilitate the detection process for its customers, Tenable has also provided a new “Heartbleed Detection” Policy Wizard which is now available for use with Nessus and Nessus Perimeter Service. Details about the vulnerability can be found in a blog by Tenable’s Ken Bechtel, Beware of Bleeding Hearts. A plugin for detecting the vulnerability in Apache web server logs has also been added to the Log Correlation Engine™ (LCE™) and available for reporting in Securit圜enter™ and Securit圜enter Continuous View™. Tenable Network Security® released plugins for the detection of the OpenSSL heartbeat vulnerability (aka the “Heartbleed Vulnerability”) on the 8th of April for Nessus® and the Passive Vulnerability Scanner™ (PVS™). To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page. Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor.
0 kommentar(er)
