Tenable Appliance 4.1 User Guide Last Updated: 01 June,2016 Contents Introduction 6 Tenable VM Appliance Installation 8 VM Image Prerequisites 9 SecurityConsiderations 10 Obtainingthe Tenable VMware VirtualMachine Image 11 Obtainingthe Tenable Hyper-V VirtualMachine Image 13 VM Updgrade Compatability 15 Tenable Hardware Appliance Installation 17 Prerequisites 18 Unpackingthe Box 19 Rack Mount Instructions 20 Hardware Specifications 21 Hardware Features 22 Network Connections and Initialization 23 Configuration and Operations 25 Set Admin Password 28 Configuration/Operations Tab 30 Appliance Tab 31 Administration Tab 33 Updates 34 System 36 Restart/Shut Down 37 Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuousView,Passive VulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Configure Clock Settings 38 Configure SNMP Agent Strings 40 SystemLogForwarding 41 Web Interface 42 Appliance Management Interface Users 43 RecoveryCode Link 44 Configure Response Headers 46 Configure Website SSL Certificate 47 Generate Certificate SigningRequest 48 Logout Redirection URL 49 Restrict Console Operations 50 ReinstallAppliance (Hardware Appliance Only) 51 Backup Tab 52 Backup Appliance 55 Standalone Application Import 56 Restore fromFile 57 NetworkingTab 58 Configure Networking 60 Configure Hostname 61 Interfaces 62 Configure VLANs 64 Parent Interface 66 Bulk Import/Configuration 67 Add VLAN 69 Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuousView,Passive VulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. VLANs (Configure/Export) 71 Logs Tab 72 Support Tab 74 Applications Tab 76 EnablingApplications 77 The SecurityCenter Application 78 Enable SecurityCenter 81 Current Disk Capacity 82 Manage SecurityCenter 83 Plugin Management 84 Web Server ListeningConfiguration 86 Web Server Security 87 Web Server Authentication 88 Certificate AuthorityManagement 89 The Nessus Application 90 Enable the Nessus Application 92 Manage Nessus 93 AdditionalNessus Actions 94 Edit Nessus Users 95 Certificate Management 96 Web Server Authentication 97 Nessus Rules (nesusd.rules) 98 The LCE Application 99 LCE Clients 100 Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuousView,Passive VulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. The PVS Application 102 Manage PVS 104 PVS MonitoringConfiguration 105 Certificate Management 106 Web Server Authentication 107 UsingNessus, SecurityCenter, and PVS 108 Troubleshooting 109 Appendix1:MigratingfromTenable Appliance VMware 111 Appendix2:Expandingthe VirtualDisk on VMware 113 Appendix3:Expandingthe VirtualDisk on Microsoft's Hyper-V Server 114 Locate Disk to be Expanded 115 Expand Hard Disk 2 117 Ignore Repartition Notice 120 Boot Appliance 121 Acknowledgements 122 Related Third-Partyand Open-Source Licenses 126 Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuousView,Passive VulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Introduction This document describes the installationandoperationofthe Tenable Appliance.The Tenable Appli- ance is a browser-managedapplicationthat hosts various Tenable enterprise applications including Nes- sus,SecurityCenter(SC),andthe Passive Vulnerability Scanner(PVS).Alink is providedforthe Log CorrelationEngine (LCE) application,whichwill be available ina future release. The Tenable Appliance is available as eithera Virtual Machine downloadoras a physical hardware appli- ance.The functionality is nearly identical forboth,but there are some differences inthe installation. Applications are available forinstallationonanas-neededbasis onthe appliance andmay be enabledor disabledconveniently underone platform.Please email any comments andsuggestions tosup- [email protected]. Abbreviations The following abbreviations are usedthroughout this documentation: LCE -Log CorrelationEngine l PVS -Passive Vulnerability Scanner l SC -SecurityCenter l VM -Virtual Machine l SSL -Secure Sockets Layer l Tenable Appliance Platform The Tenable Appliance VM is available forMicrosoft’s HyperVplatform,VMware Server,VMware Player,VMware ESX,VMware Workstation,andVMware Fusion(http://vmware.com/) andmay be downloadedfromthe Tenable Support Portal locatedat https://support.tenable.com/.The Tenable Appliance is alsoavailable as Series 100,200,or300 hardware models,whichcanbe obtainedby con- tacting [email protected]. Skill Requirements It is recommendedthat the Tenable Appliance be configuredby personnel familiarwiththe Nessus vul- nerability scanner,Tenable Enterprise Solutions (SC,LCE,andPVS),andthe organization’s security Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuous -6- View,PassiveVulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. policies andprocedures.Iftraining is requiredforNessus orTenable Enterprise Solutions,please visit: http://tenable.com/training/. When usingtheVM version of theappliance, somegeneral knowledgeof theVirtual Machineplatform beingused isrequired. Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuous -7- View,PassiveVulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Tenable VM Appliance Installation This sectiondescribes the installationsteps forthe Tenable VM Appliance.Ifyouhave purchasedthe Tenable Hardware Appliance,please refertothe sectiontitled“Tenable Hardware Appliance Install- ation”. Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuous -8- View,PassiveVulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. VM Image Prerequisites Before beginning installation,please be sure tohave a host systemwiththe following resources avail- able: Asystemwiththe ability toruna VM image andat least 4 GB ofassignedmemory. l Theneeded assigned memoryfor aVM imagewill varydependingon theTenableapplications enabled. Pleaserefer to theinstallation documentation for theindividual applicationsfor memory recommendationsand adjusttheVM memorysettingasappropriate. At least 6 GB offree disk space toaccommodate the base VM image.Ifyouchoose toincrease the l VM disk size make sure the extra space is available onthe VM host system. At least one IPaddress forthe appliance.By default,the VM appliance will obtainanIPaddress l froma DHCPserver,ifone is available.Otherwise,a fixedaddress,netmask,andoptional gate- way may be assignedduring the installationprocess.Ifthere is a DHCPserveravailable,but a staticIPaddress is tobe assigned,this may be set during the configurationprocess.Using multiple addresses allows formulti-homing the appliance ondifferent network segments tocut downon the network load. Aswith anysecuritymanagementdevice, astatic IP address(assigned manuallyor viaDHCP)is recommended for useon theappliancenetworkinterfaces. Along withthe IPaddress,the following values must be configuredforthe Tenable VM Appliance tobe network accessible: The network subnet mask forthe appliance. l The IPaddress ofthe Default Gateway forthe appliance (ifapplicable). l The IPaddresses ofthe DNSservers forthe appliance (ifapplicable). l Ahostname forthe appliance. l Itisnecessaryto haveahostnameavailableto assign to theapplianceduringinstallation to ensuretheSSL certificateisgenerated properly. Theapplianceshipswith thedefaulthostnameof “tnsappliance”. Whenever thehostnameischanged, anew server certificatewill begenerated and thedevicewill require areboot. Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuous -9- View,PassiveVulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners. Security Considerations Whendeploying the Tenable Appliance inanexternal oruntrustedenvironment,it is strongly recom- mendedthat additional security precautions be takentoprotect the device fromattack andillicit use. Considerimplementing the following recommendations: Use a signedSSL Certificate froma trustedandreliable Certificate Authority. l Configure userrules that restrict scanning toIPaddresses they are permittedtoscan.Adopt a l “default deny” policy foruserroles andscanning activity. Whenconfiguring the device via the webinterface,avoidusing a webproxy orotherdevice that l may assist a thirdparty inobtaining sensitive information. Copyright©2016.TenableNetworkSecurity,Inc.Allrightsreserved.TenableNetworkSecurityandNessusareregisteredtrademarksofTenableNetworkSecurity,Inc.SecurityCenterContinuous -10- View,PassiveVulnerabilityScanner,andLogCorrelationEnginearetrademarksofTenableNetworkSecurity,Inc.Allotherproductsorservicesaretrademarksoftheirrespectiveowners.