Usually, Tenable is able to produce not only a host-based patch audit for a given vulnerability, but if there is a network service involved, also produce a network check which does not require credentials. The goal is to accept no damage or interruption of the target system except perhaps a log entry from the probe. When Tenable writes a network check, we try to make the check as "nice" as possible. These are plugins which make some sort of network check other than leveraging credentials such as SSH, Windows domain or SNMP. The "safe checks" setting effects network check plugins. This post will explain why disabling "safe checks" for testing pre-production equipment is a good idea, why enabling "safe checks" for production testing is recommended and why some network plugins for Nessus can have adverse effects. The "safe checks" setting allows Nessus users to enable a set of plugins within Nessus' library of vulnerability checks which Tenable feels can have negative effects on the network, device or application being tested. One of these options is to enable or disable "safe checks". There are also many different options that Nessus users can configure to optimize their scans. Nessus has more than 11,000 plugins which can be used to audit networks with host based checks and network checks.
0 kommentar(er)
