Rathbun, Dan wrote: > Greetings, > > > > I am trying to figure out the best way to produce a comprehensive list > of subnets on our global network in order to feed it into Nessus. Due > to the size of our network and the dynamic nature of it, a new list > really ought to be generated at least quarterly...if not monthly. I > have tried simply pulling a routing table off one of the core routers, > but the resulting file requires too much reformatting to make it fit for > this use. There has to be an easier way! > > > > I wonder if any of you have found a convenient approach to dealing with > this requirement? If so, would you be willing to share your lessons > learned? Thanks.
I've seen a lot of different approaches. - users have scripts that walk their switches to produce a list of IPs. - some asset databases can export lists of IP addresses. - some users perform a DNS walk and create a list that way. - a variety of commercial and open source systems will export a list of hosts. - some active directory users can pull target hosts from members in the domain. - some users just perform an ICMP or TCP ping sweep with Nessus. - there are asset management systems which include agents to report home from the hosts they are on. - some NIDS and SIMs will export their lists of hosts they have discovered. Each of these methods has pros and cons. For example, an active directory system might not know about a new router and system that does not respond to pings or scans might not be actively discovered. With the Tenable approach, we do a few different things: - The Security Center lets you upload any list of IP addresses and call it whatever you want. - The Passive Vulnerability Scanner is always sniffing your network and building up a list of known hosts and many other parameters and vulnerabilities for each host. - The Security Center can schedule daily or weekly discovery scans. - Dynamic lists can be automatically created based on DNS name, applications or any other data obtained by Nessus or the PVS. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
