Using Manufacturer Information For Automatic Dynamic Asset List Creation
We've blogged in the past about how the Security Center can use any data obtained by Nessus or the Passive Vulnerability Scanner to automatically classify a host into one or more political or technical asset lists. Information gathered by the 13,000+ Nessus scanning, patch auditing and compliance checks and the 3000+ Passive Vulnerability Scanner plugins can be used to automatically find and categorize your networks and systems by Windows domain, installed software, location on the network and so on.
With the recent introduction of the "Computer Manufacturer Information" Nessus check (plugin ID #24270), it is now possible to use this information to classify your Windows assets based on hardware manufacturer information. This blog entry shows what sort of data can be obtained by this plugin and how it can be used to create lists of existing Dells, HPs and ThinkPads, as well as existing portable, tower, rack mount and other types of systems.
Computer Manufacturer Information Example
Plugin #24270 can query the remote Windows device and ask it which manufacturer made it, the model of the unit and what sort of type it is. Let's look at two examples:
Computer Manufacturer : Dell Inc.
Computer Model : Latitude D820
Computer Type : Portable
Computer Manufacturer : Dell Computer Corporation
Computer Model : Dimension 8200
Computer Type : Mini Tower
This text comes from two scans against a laptop and an older tower. The plugin provides information on the manufacturer and the specific vendor computer model. Both of these values are controlled by the manufacturer.
The type indicates the physical form factor of the device and can have the following values:
- All in One
- Bus Expansion Chassis
- Desktop
- Docking Station
- Expansion Chassis
- Hand Held
- Laptop
- Low Profile Desktop
- Lunch Box
- Main System Chassis
- Mini Tower
- Notebook
- Other
- Peripheral Chassis
- Pizza Box
- Portable
- Rack Mount Chassis
- Sealed-Case PC
- Space-Saving
- Storage Chassis
- SubChassis
- Sub Notebook
- Tower
- Unknown
Asset Classification
The Security Center can make use of the output from this plugin and automatically create dynamic asset lists based on the manufacturer or type. Below is a screen shot of a basic rule that matches the word "Dell" as a manufacturer:
|
Each time Nessus performs a scan of this plugin, with the above dynamic asset rule, the Security Center will automatically create a list of all "Dell" computers.
Any of the information in this plugin can be used to create a dynamic asset list. With this plugin and Security Center, it is very trivial to scan a network with credentials and create lists for many different items such as unique manufacturers, unique device types and specific deployed models .
Security, Compliance and IT Management Implications
Being able to categorize assets based on manufacturer, model and type can have a variety of implications for IT monitoring. These include:
- Discovering manufacturers which have been purchased against corporate acquisition policies. For example, you might be an "HP" shop. If so, why are there a few "Dell" laptops in the network?
- Remotely identifying if a device is a mobile device or not. Laptops, hand-helds and even mini-towers can be easily moved. Being able to determine what a device actually is without physically touching it is very valuable.
- Having the ability to identify just the models from a specific IT purchase or from a recent merger/acquisition is also extremely useful. Occasionally, a computer vendor will ship computer units with different default Windows settings, different BIOS settings, hardware that requires replacing and so on.
- Rapid counting of assets. Being able to scan with Security Center or Nessus and then quickly report on the number of unique manufacturers, number of laptops, specific model counts is very valuable to IT.
For More Information
Tenable has released this plugin under the Nessus Registered Feed. It is released for Nessus 3 as a .nbin file and makes use of Tenable's implementation of agentless WMI technology. Users who wish to write their own WMI queries for Nessus should consider the current Nessus 3.2 BETA which supports a library for rapid development and testing.
Related Articles
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!