More Flexible Assessments of Windows ACLs
Tenable recently increased the flexibility of performing configuration assessments of Windows access control lists (ACLs) with the Nessus compliance checks.
Previously, an ACL policy could only be built with exact understanding if it were "inherited" or "not inherited". For large numbers of checks, it might not make any difference if an ACL were inherited from someplace else or not, just that the actual ACL was correct.
For example, to perform a file ACL test without regard if it is "inherited" or "not inherited", use the phrase "not used" with the "acl_inheritance" keyword. Below is an example .audit file which performs a file ACL test without regard if the policy were inherited or not:
<file_acl: "ASU1">
<user: "Administrators">
acl_inheritance: "not used"
acl_apply: "This folder, subfolders and files"
acl_allow: "Full Control"
</user><user: "System">
</user>
acl_inheritance: "not used"
acl_apply: "This folder, subfolders and files"
acl_allow: "Full Control"
</user>
<user: "Users">
acl_inheritance: "not used"
acl_apply: "this folder only"
acl_allow: "list folder / read data" | "read attributes" |
"read extended attributes" | "create files / write data" |
"create folders / append data" | "write attributes" |
"write extended attributes" | "read permissions"</acl>
These changes effect the acl_inheritance keyword for auditing ACLs of files, registry entries and services.
Obtaining These Checks
Tenable customers who manage their Nessus scanners with a Direct Feed subscription or the Security Center have already received this update. If your organization is not connected to the Internet or performing regular updates, the change was made available on December 29th.
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Nessus