System Vulnerability Scanning with SecurityCenter/Nessus
In an effort to expedite the identification and remediation of system vulnerabilities on the Penn State network, the University deployed a vulnerability scan manager/aggregator/analyzer called SecurityCenter. Console access is given to select IT staff, allowing them to manage and analyze vulnerability scans within their unit’s assigned IP space. This allows them to secure hosts prior to deployment and to secure existing assets against newly identified threats. It also allows units to identify and remediate vulnerabilities prior to submitting requests for compliance scans performed by the Office of Information Security. OIS continues to be the final arbiter for all compliance scans, including AISGI and PCI scans.
SecurityCenter is not a scanner. It manages scans across multiple Nessus vulnerability scanners and then aggregates the data for analysis. Scans are governed by asset lists (which consist of IP ranges) and repostories, which are used to store the vulnerability data collected by the scanners. In our deployment, each unit is assigned a root access list (consisting of all the IP Ranges assigned to the unit by TNS) and one repository.