Add/Edit Nessus Test Set Window

Use this window to add a new Nessus test set or edit an existing Nessus test set. Test sets let you define what type of assessment to execute (in this case, Nessus), what parameters to pass to the assessment server, and which resources to use. When you add a new test set, it becomes available for selection in the Edit Assessment Configuration window.

To add a Nessus test set, click Menu Button (the configuration menu button in the Test Sets section of the Edit Assessment Configuration window) and select Add Nessus. You can also click the Add button in the Manage Test Sets window.

To edit a Nessus test set, from the Edit Assessment Configuration window, click on the Nessus test set you want to edit, then click Menu Button (the configuration menu button in the Test Sets section), and select Edit. You can also click the Edit button in the Manage Test Sets window.

Name Parameters Test Set Assessment Resources End-System Reachability Test Add Nessus Test Set

Name
Enter a name for the test set.
Parameters
Enter the scan policy name available in the Nessus Policies tab. For example, if you want to scan with the "NessusSimple" policy (as shown below), then you must enter the policy name NessusSimple in the field. This field is not optional and must provide a policy name.
Nessus Policies Tab
End-System Reachability Test
Click the Modify button to open a window where you can select the type of end-system reachability test used to verify that the end-system can be reached prior to and following assessment: ICMP Ping and/or TCP Ping with a list of ports. If neither test is selected, then no test is run.

Running either or both tests allows NAC Manager to determine if an end-system is reachable prior to running an assessment. If the end-system is not reachable, the assessment is not run and the end-system receives the Failsafe policy. If the end-system is reachable, the assessment is performed. Without reachability testing, if assessment is required and the end-system is not reachable, the assessment may take significantly more time and you could see a "false positive" in the sense that the assessment would come back without errors, but only because the end-system could not be contacted to do an assessment. In this case, the end-system would be assigned the Accept policy and allowed on the network without an actual assessment taking place.

Another advantage to running end-system reachability tests is that the test is performed before and after an assessment. If test results are different, the end-system is quarantined. For example, with a TCP Ping test that has 15 ports configured, if any of the ports differ before or after the assessment, the end-system is quarantined. With the ICMP Ping test, if the end-system passes the test before assessment, but fails the test after assessment, the end-system is quarantined.

  NOTE: For ICMP Ping, how NAC Manager handles the timeout per ping attempt may differ depending on the operating system on which Extreme Management Center server is running, however the total timeout period specified is the same (e.g. 2 attempts * 5 timeouts = 10 seconds). For TCP Ping, the number of ping attempts is not specified because it is inherent in the TCP protocol.
Test Set Assessment Resources
Define which assessment servers you want to have perform the assessments.
  • Load Balance All - Balance the assessment load across all of the Nessus servers on the network.
  • Use Assessment Server Pool - as a more granular approach, you can specify an assessment server pool. For example, if you have four Nessus assessment servers, you can put server A and server B in server pool 1, and server C and server D in server pool 2. Then, you can specify which server pool the configuration should use.
    Menu Button Use the configuration menu button to:
Assessment Delay
This option allows you to delay the start of the assessment by the number of seconds specified.

Related Information

For information on related windows:

Top