Nessus Vulnerability Scanner. Irina Grosu Ana-Teodora Petrea. History. The “Nessus” Project was started by Renaud Deraison in 1998 as a free and open source remote security scanner.
Nessus Vulnerability Scanner
The “Nessus” Project was started by Renaud Deraison in 1998 as a free and open source remote security scanner.
5th October 2005 – Tenable Network Security changes Nessus 3 to a proprietary license and makes it closed source.
July 2008 – home users get full access to plugin feeds with a non commercial license.
Nessus 4 released on April 9, 2009.
Nessus 5 released on February 15, 2012.
The Nessus 2 engine and some of the plugins are still under GPL license which lead to forked open source projects based on Nessus: OpenVAS, Porz-Wahn.
Network security scanner with an extensive plugin database that is updated on a daily basis.
Rated among the top products of its type throughout the security industry.
Endorsed by professional information security organizations such as the SANS Institute.
Provides the ability to locally audit a specific machine for vulnerabilities, compliance specifications, content policy violations, etc.
Provides the possibility to remotely audit networks and determine whether they have been compromised in some way.
Modular Architecture – provides the flexibility to deploy the scanner (server) and connect to the GUI (client) from any machine with a web browser
Plugin Architecture – each security test is written as an external plugin and grouped into one of 42 families. This way, users can easily add their own tests by selecting specific plugins, or choose an entire family
NASL – the Nessus Attack Scripting Language, a language designed specifically to write security tests easily and quickly
Up-to-date Security Vulnerability Database – focuses on the development of security checks for newly disclosed vulnerabilities
Tests Multiple Hosts Simultaneously
Smart Service Recognition – Nessus does not expect the target hosts to respect IANA assigned port numbers
Multiple Services – if two or more web servers run on the same host, on different ports, Nessus will identify and test all of them.
Plugin Cooperation – no unnecessary checks are performed. If a FTP server does not offer anonymous logins, then anonymous login related security checks will not be performed.
Complete Reports – detects security vulnerabilities and the risk level of each (Info, Low, Medium, High, and Critical), and also offers solutions.
Full SSL Support – tests services offered over SSL such as HTTPS, SMTPS, IMAPS.
Smart Plugins (optional) – ”optimization” option that will determine which plugins should or should not be launched against the remote host.
Non-Destructive (optional) – Certain checks can be detrimental to specific network services. For avoiding a service failure, enable the ”safe checks” option, which will tell Nessus not to exploit real flaws to determine if a vulnerability is present.
Determining if a port is open or closed is a critical step in the discovery process associated with successful attacking systems
The Nessus port scanner system has three network-based port scanners:
TCP Scanner – sends sequence of packets to initiate a full TCP connect to the target hosts, completing the TCP three-way handshake each time.
The TCP scanner will dynamically estimate the RTT (Round Trip Time) and make multiple passes on unresponsive ports. It does not operate on Windows and Mac OS due to operating system limitations
SYN Scanner -The Nessus SYN scanner is fully supported on Linux, Mac OS X and Windows. Simplifies the process by sending packets and waiting for a response, but not initiating the full three-way handshake.
It does not open sockets, but generates raw packets using low-level libraries tends to be slower, but more reliable.
Netstat Port Scanner- a more reliable way to enumerate open ports on a given host is to login to the system and execute a command that shows all open TCP and UDP ports this method is typically more reliable useful to compare the Netstat results with what is being reported to be open/closed across the network.
The Clemson Clemson University is recognized as the 25th best college in the U.S.
The IT security team is responsible for the compliance, policy setting and information protection of more than 80.000 registered devices connected to its network.
In order to to improve their security and auditing process,they chose Tenable’s software solutions: SecurityCenter, Nessus and Log Correlation Engine.
Nmap - security scanner that provides features like: host discovery, port scanning, OS detection. It can be integrated with Nessus and it can be used to get the maximum performance with effective scans. The system can be scanned with Nmap and the output can be used as input for Nessus in order to perform an Internal Network Scan.
Nikto - web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. By integrating it with Nessus the scan can be automatically started from the Nessus interface and the result will be displayed in Nessus. Besides the new scanning capabilities, this also allows users to take advantage of the filtering and reporting system of Nessus.
Free for non-commercial use.
Available on multiple operating systems (Windows, Mac OS, various distributions of Linux).
Advanced scans for networks, websites, operating systems, mobile devices.
By default Nessus does “Safe Checks” which ensure that there won't be any adverse effects on the system or network.
Aggressive and in-deep checks (e.g. DoS attacks) can be enabled at user’s will.
Good for Security Audits.
Scanning multiple hosts on the same scan.
Hard to configure for beginners.
The free non-commercial license is limited to up to 16 IP addresses that must be within the same household.
Limited support for Ubuntu, Fedora Core, FreeBSD, Debian.