Scribd
Upload
279 views23 pages

Nessus

This document discusses using Nessus for vulnerability assessment. Nessus is an open-source vulnerability scanner that uses plugins to test for vulnerabilities. It has a client/server architecture that allows remote scanning. The document covers Nessus features, how to perform scans, challenges like false positives and crashing systems, and factors that influence scan time like network speed and number of hosts.

Uploaded by

Shivaprakash Timmapur
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
279 views23 pages

Nessus

This document discusses using Nessus for vulnerability assessment. Nessus is an open-source vulnerability scanner that uses plugins to test for vulnerabilities. It has a client/server architecture that allows remote scanning. The document covers Nessus features, how to perform scans, challenges like false positives and crashing systems, and factors that influence scan time like network speed and number of hosts.

Uploaded by

Shivaprakash Timmapur
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Vulnerability Assessment

Using Nessus
Paul Asadoorian, GCIA, GCIH
Network Security Engineer
Brown University

Paul_Asadoorian@brown.edu
Overview
l Introduction to Nessus

l Nessus Architecture

l Nessus in Action

l Scanning Methodologies

l Reporting

l Challenges
Nessus
l A “Free, Powerful, up-to-date, easy to use,
remote security scanner”

l Open-Source, free to use, modify, etc..

l Vulnerability definitions, called plugins, are


free as well

l Easy is a matter of perspective


Nessus - Features
l Plugins – uses its own scripting language (NASL) to
define how it tests for vulnerabilities

l Client/Server architecture – Client and server can be


anywhere on the network

l Protocol aware – i.e. It will detect FTP running on


port 31337

l Application Aware – Tests web servers running on


the same port
Nessus – Features
l Intelligent scanning – Anonymous FTP

l Reports provide vulnerability listings and a


good number of resolutions

l Client/Server uses SSL to protect report


results

l Much better about not crashing targets!


Nessus - Architecture

SSL

Nessus Nessus
Client Server

Target
Systems
Nessus Client
l Native Unix GTK Client (Linux, Solaris, and
others)

l Windows Client (NessusWX)

l Windows Client is preferred, more report


options, better interface
Nessus Client - Unix
Nessus Client - Windows
Nessus Server
l Runs on most Unix flavors (Unix, Linux,
*BSD)
l I find it runs best on Linux, your mileage may vary

l Performs all scanning functions, sends


results back to client

l Includes a plugin update facility


Nessus Example
l Creating a Nessus Session

l Performing a scan

l Analyzing the results


Nessus Reports
l Numerous different formats

l Problem – How to get the reports to the user


securely

l Answers include:
l Commercial Products
l Write your own Perl or PHP application
Commercial Nessus
l http://www.tenablesecurity.com/ - Complete
Nessus Systems

l Renaud Deraison - Director of Research

l Ron Gula - Chief Technology Officer

l Nessus Consoles, Proxies, and Appliances


Do-It-Yourself Nessus
l Scan results are posted to a database server

l Web server displays reports, reading from the


database server

l Accounts are created for users so they can


only see their reports
Scanning Methodologies
l Someone scans your system(s) and makes
the report available to you

l The end user requests a scan directly from


the server, the machine is scanned, and
report is sent automatically

l When the user connects to the network the


system is scanned automatically (Popular
with wireless and VPN)
Scanning Methodologies
l Servers are scanned on a regular basis
(maybe weekly) and results are compared

l Network Perimeter is scanned on a regular


basis

l Which ones should I do?


Challenges – False Positives
l Must verify to some degree the vulnerabilities
Nessus has found

l This is time consuming and sometimes quite


difficult

l Nessus is getting better, but still a ways to go


Challenges – Crash and Burn
l Nessus will crash systems, routers, firewalls,
and any other devices on the network!

l Happens no matter how careful you are

l Monitor your configuration closely, test new


plugins first

l Prepare for the worst


Challenges – What about the
application?
l Nessus does some application level
vulnerability assessment

l Tools from SPI Dynamics, EEye, and ISS are


better

l Make sure you have at least one other tool to


test the application!
Challenges – Scan What?
When?
l Getting permission to scan is half the battle

l There is no guarantee that it will not crash the


system

l As you know, people don’t like it when you


find things wrong with their systems
Challenges – How long will it
take?
l Depends!
l Number of hosts
l Number of open ports
l Number of services running on those ports
l What kind of host (Windows, Unix, Mac)
l How many hosts have firewalls
l Speed of the network
l Other network traffic
l How many vulnerabilities are found
l If the host crashes after the first plugin or just
before the last
Challenges – How long does it
usually take?
l One host = A morning or afternoon

l More than one host = 1 Day

l Entire Class C subnet = 2-3 Days

l Entire Class B = Weeks


Conclusion
l Questions?

l Email: Paul_Asadoorian@brown.edu

l Nessus Web Site:


http://www.nessus.org

l Presentation:
http://pauldotcom.com/presentations.htm

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy