JH Enterprise Security Center

The product Tenable SecurityCenter is used to create and perform system vulnerability scans on Johns Hopkins servers and high value systems. (It is not intended for use to scan desktops or other systems.)  We have multiple Nessus scanners located throughout the Johns Hopkins network to facilitate rapid scanning of these servers and systems. 

SecurityCenter manages all of the JH Nessus scanners as well as performs daily downloads of vulnerability plugins from Tenable.  As the new and updated plugins are available, they can be included in your scans.

You can request a SecurityCenter vulnerabilty scanning account by sending an email to monitoring@jhmi.edu. Include your JHED ID and the list of FQDN or IP addresses that you need to scan.

SecurityCenter can be accessed at https://securitycenter.nts.jhu.edu

Setting Up your Systems for Scanning:

You must add the Nessus scanner IP addresses to the “allowed” list of IP addresses for your systems if you have host intrusion monitoring, system firewalls, IPTABLES, or other controls in place that limit access to the systems that will be scanned,

The IP addresses for the JH Enterprise Nessus Vulnerability scanners are:

1.    10.173.37.101
2.    10.173.37.102
3.    10.173.37.103
4.    10.173.37.104
5.    10.173.37.105
6.    10.173.37.106
7.    10.173.37.107
8.    10.173.37.108
9.    10.173.37.109
10.  128.220.1.110
 

Some of the new features in SecurityCenter version 5.1:

  1. Introduction of HTML5 interface
  2. This release of Tenable SecurityCenter has many new report templates, you can find them within the system by selecting Reporting – Reports – Add. You will then be able to view and select from a variety of report templates. In addition you have the ability to create a report from an individual scan result using an existing template.
  3. Combination Filtering – there is enhanced filtering capabilities. Users now have the ability to apply set logic against multiple assets. For example, while on the “Analysis” screen you are now able to perform a filter that essentially does: “I want to look at all the vulnerabilities that are in Asset A and Asset B and are not in Asset C”.
Resources

SecurityCenter 5.6 User Guide (pdf)

Using SecurityCenter – get started guide  (pdf)

FREE On Demand Training – from Tenable, just register and get started

Tenable Products Plugin Families (pdf)

Tenable Blog (resources and articles written by Tenable staff)

Tenable Webcasts (upcoming and archived learning resources)

Tenable Videos (introductory training on SecurityCenter, Nessus, and other Tenable products)

Tenable User Discussion Forums (multiple discussion forums on Nessus, SecurityCenter and other Tenable products. Ron Gula, one of the founders of and current CEO/CTO at Tenable, is very active on these forums.

SecurityCenter is managed and operated by IT@JH Enterprise Technology Services Enterprise Management, Monitoring & Security. You can contact us by sending an email to monitoring@jhmi.edu