Nessus vulnerability scanner
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Nessus Vulnerability Scanner PowerPoint PPT Presentation


  • 163 Views
  • Uploaded on
  • Presentation posted in: General

Nessus Vulnerability Scanner. Irina Grosu Ana-Teodora Petrea. History. The “Nessus” Project was started by Renaud Deraison in 1998 as a free and open source remote security scanner.

Download Presentation

Nessus Vulnerability Scanner

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Nessus vulnerability scanner

Nessus Vulnerability Scanner

Irina Grosu

Ana-Teodora Petrea


History

History

The “Nessus” Project was started by Renaud Deraison in 1998 as a free and open source remote security scanner.

5th October 2005 – Tenable Network Security changes Nessus 3 to a proprietary license and makes it closed source.

July 2008 – home users get full access to plugin feeds with a non commercial license.

Nessus 4 released on April 9, 2009.

Nessus 5 released on February 15, 2012.

The Nessus 2 engine and some of the plugins are still under GPL license which lead to forked open source projects based on Nessus: OpenVAS, Porz-Wahn.


Background

Background

Network security scanner with an extensive plugin database that is updated on a daily basis.

Rated among the top products of its type throughout the security industry.

Endorsed by professional information security organizations such as the SANS Institute.

Provides the ability to locally audit a specific machine for vulnerabilities, compliance specifications, content policy violations, etc.

Provides the possibility to remotely audit networks and determine whether they have been compromised in some way.


Architecture

Architecture

Modular Architecture – provides the flexibility to deploy the scanner (server) and connect to the GUI (client) from any machine with a web browser

Plugin Architecture – each security test is written as an external plugin and grouped into one of 42 families. This way, users can easily add their own tests by selecting specific plugins, or choose an entire family


Features

Features

NASL – the Nessus Attack Scripting Language, a language designed specifically to write security tests easily and quickly

Up-to-date Security Vulnerability Database – focuses on the development of security checks for newly disclosed vulnerabilities

Tests Multiple Hosts Simultaneously

Smart Service Recognition – Nessus does not expect the target hosts to respect IANA assigned port numbers


Features1

Features

Multiple Services – if two or more web servers run on the same host, on different ports, Nessus will identify and test all of them.

Plugin Cooperation – no unnecessary checks are performed. If a FTP server does not offer anonymous logins, then anonymous login related security checks will not be performed.

Complete Reports – detects security vulnerabilities and the risk level of each (Info, Low, Medium, High, and Critical), and also offers solutions.

Full SSL Support – tests services offered over SSL such as HTTPS, SMTPS, IMAPS.


Features2

Features

Smart Plugins (optional) – ”optimization” option that will determine which plugins should or should not be launched against the remote host. 

Non-Destructive (optional) – Certain checks can be detrimental to specific network services. For avoiding a service failure, enable the ”safe checks” option, which will tell Nessus not to exploit real flaws to determine if a vulnerability is present.


Scanning a simple website

Scanning a simple website

  • Scanned our website for the WADE course: http://soma.azurewebsites.net

  • Identified 10 Vulnerabilities (1 medium, 9 Info):

    • [Medium] Backup Files Disclosure – files that may contain sensitive information can be accessed.

    • [Info] HTTP Methods Allowed (per directory) – the attacker can execute HTTP methods on resource directories like: images, content, scripts.


The nessus port scanning engine

The Nessus Port Scanning Engine

Determining if a port is open or closed is a critical step in the discovery process associated with successful attacking systems

The Nessus port scanner system has three network-based port scanners:

TCP Scanner – sends sequence of packets to initiate a full TCP connect to the target hosts, completing the TCP three-way handshake each time.

The TCP scanner will dynamically estimate the RTT (Round Trip Time) and make multiple passes on unresponsive ports. It does not operate on Windows and Mac OS due to operating system limitations


The nessus port scanning engine1

The Nessus Port Scanning Engine

SYN Scanner -The Nessus SYN scanner is fully supported on Linux, Mac OS X and Windows. Simplifies the process by sending packets and waiting for a response, but not initiating the full three-way handshake.

It does not open sockets, but generates raw packets using low-level libraries tends to be slower, but more reliable.


The nessus port scanning engine2

The Nessus Port Scanning Engine

Netstat Port Scanner- a more reliable way to enumerate open ports on a given host is to login to the system and execute a command that shows all open TCP and UDP ports this method is typically more reliable useful to compare the Netstat results with what is being reported to be open/closed across the network.


Windows malware scan

Windows Malware scan

  • Nessus reports if the scanned host is on a known botnet list or communicating with a known botnet IP. It audits  antivirus agent by reporting if it’s misconfigured or has out-of-date rules. It detects known malware running on the PC. Here's how:

    • Nessus authenticates to the Windows system.

    • It enumerates the list of running processes on the system.

    • For each process, a cryptographic hash is generated and looked up against Tenable's cloud-based database.

    • If the process is found to be malicious, the plugin logs the results with information about the malware found.


Case study clemson university

Case study – Clemson University

The Clemson Clemson University is recognized as the 25th best college in the U.S.

The IT security team is responsible for the compliance, policy setting and information protection of more than 80.000 registered devices connected to its network.

In order to to improve their security and auditing process,they chose  Tenable’s software solutions: SecurityCenter, Nessus and Log Correlation Engine.


Case study clemson university1

Case study – Clemson University

  • Part of the new system is the Nessus Vulnerability Scanner, which automatically scans the systems every 30 days for:

    • Vulnerabilities;

    • Identification of unpatched systems;

  • After the scans are finished, it sends a report to the system administrators and to the security team, highlighting which systems are missing critical patches, and the progress made after applying the missing patches identified in the previous months.


Vulnerability analysis scanners

Vulnerability Analysis Scanners


Integration of other tools with nessus

Integration of other tools with Nessus

Nmap - security scanner that provides features like: host discovery, port scanning, OS detection. It can be integrated with Nessus and it can be used to get the maximum performance with effective scans. The system can be scanned with Nmap and the output can be used as input for Nessus in order to perform an Internal Network Scan.

Nikto - web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. By integrating it with Nessus the scan can be automatically started from the Nessus interface and the result will be displayed in Nessus. Besides the new scanning capabilities, this also allows users to take advantage of the filtering and reporting system of Nessus.


Conclusions advantages

Conclusions - Advantages

Free for non-commercial use.

Available on multiple operating systems (Windows, Mac OS, various distributions of Linux).

Advanced scans for networks, websites, operating systems, mobile devices.

By default Nessus does “Safe Checks” which ensure that there won't be any adverse effects on the system or network.

Aggressive and in-deep checks (e.g. DoS attacks) can be enabled at user’s will.

Good for Security Audits.

Scanning multiple hosts on the same scan.


Conclusions disadvantages

Conclusions - Disadvantages

Hard to configure for beginners.

The free non-commercial license is limited to up to 16 IP addresses that must be within the same household.

Limited support for Ubuntu, Fedora Core, FreeBSD, Debian.


Bibliography

Bibliography

http://www.tenable.com/products/nessus

http://www.tenable.com/blog/integrating-nessus-with-backtrack-5s-tools

http://en.wikipedia.org/wiki/Nessus_(software)

http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/case-studies/Clemson_CS_(EN)_v3_web.pdfhttp:/www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/case-studies/Clemson_CS_(EN)_v3_web.pdf

http://en.wikipedia.org/wiki/Nmap


  • Login