VULN SCANNING BCIS 4630 Fundamentals of IT Security Dr. Andy Wu
Overview • Nessus • Architecture • Plugins • Reporting
Vulnerability Scanning • Scans the target for potential problems that yield the target vulnerable to attacks: • Unpatched OS • Outdated applications • Unsecure accounts • Misconfigurations • Etc. • Nessus is a market leader in vulnerability scanning. • Major contenders include SATAN, SAINT, Retina, etc.
Nessus Architecture • Client-server architecture. • The program is in fact installed on the Nessus server. • Includes a large number of plug-ins. • Each plugin is a source of vulnerability. • Well organized and tied to industry vulnerability databases. • Plugins are organized into “families”. • A policy controls which vulnerabilities to load (scanning for those vulnarabilities).
Nessus Server • The server component receives scanning requests from the client and performs the actual scan. • Runs as a service. • The managed port number is 8834. • Maintains a list of user accounts. • A user account is required for scanning. • Two types of accounts: admin and regular.
Nessus Client • Connects to the server to perform the scan. • Typical thin-client (browser) application. • SSL connection to the server. • Can create its own, “private” scanning policies, or use “shared” policies” created by the administrator.
Reporting Capabilities • Dynamic, context-driven, tabbed views in Web browser • Overview, executive summary reports • Detailed reports by port numbers/vulnerability IDs • Exported to HTML or rich-text formats