The Nessus 4 vulnerability scanner can be used to perform agent-less configuration audits of Unix and Windows systems, applications and SQL databases. If your organization has a configuration policy for server settings or if you wish to audit your systems against public and government best practices from the NSA, CERT and CIS, Nessus can perform these audits for you.

Security Center and ProfessionalFeed Support

The compliance checks for Nessus 4 are available to Tenable customers who subscribe to the ProfessionalFeed or who have implemented Tenable's Security Center. ProfessionalFeed subscribers can run the configuration audits as part of their regular vulnerability scans and patch audits with Nessus. Security Center customers can use specific compliance audits against specific assets. This allows for auditing and reporting of unique assets, such as the HR database servers, email servers, firewalls, Active Directory servers and so on.

PCI Auditing

Nessus ProfessionalFeed subscribers can perform PCI-DSS vulnerability audits, web application assessments and also perform configuration audits of the operating systems, applications and SQL databases against minimum PCI recommended standards.

Tenable also offers a variety of complete enterprise PCI solutions that build upon our additional log analysis, user monitoring and network behavioral profiling solutions.

Configuration Auditing

Nessus 4 can perform configuration scans of Unix and Windows servers, applications and SQL databases to test for specific policy settings. Supported configuration audit policies include:

• Anti-Virus Vendor Audits
• CERT recommendations
• CIS best practice guides
• DISA STIGs
• GLBA guidelines
• HIPAA profiles
• NIST SCAP and FDCC content
• NSA best practice guides
• PCI configuration requirements
• recommended vendor settings
• ... and many more

The types of configuration audits performed by Nessus 4 include Windows user policies, file permissions, registry permissions, service permissions and specific security policies such as Kerberos and event auditing policies. Windows tests can also include custom WMI queries and scanning for computers that have been infected with viruses and malware. For Unix systems, user policies, file permissions, running processes and file content checks can be audited. SQL audits can detect a wide variety of issues such as if various stored procedures have been disabled. Combinations of each of these types of audits can be combined to perform tests against 1000s of files, registry settings, users and so on.

Content Auditing

The Nessus 4 vulnerability scanner can also be used to perform agent-less content audits of Windows systems. If your organization has a data leakage or data usage policy, Nessus can perform these audits for you and help identify where this information is located. This helps to audit and enforce policies that lower your organization's risk of breach or data loss.

Nessus scanners have the ability to log into systems and audit their content for:

• Adult Content
• Credit Cards
• Corporate Financial Spreadsheets
• Drivers License Numbers
• Document keywords such as "TOP SECRET" or "CONFIDENTIAL"
• Human Resource information such as salaries
• Social Security Numbers
• ... and much more

These policies can also be easily extended to support searches for your organization's specific types of data.

Technical Documentation, Tools and Compliance Audit Files

The plugin checks which perform these audits are available through the ProfessionalFeed or to Security Center customers. Documentation about the syntax and use of the compliance checks, tools for automated creation of audit files, and access to the currently available audit files is available to Tenable customers through the Tenable Support Portal. Tenable's Discussion Forums also include conversations and content related to auditing computer systems and applications.