Nessus – A Vulnerability Scanning Tool. SUNY Technology Conference June 2003. Bill Kramp. Finger Lakes Community College Canandaigua, NY email@example.com. Outline. What is Nessus? Why use it? System and Software Configuration Scanning Reports Demonstration Discussion. Nessus.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Nessus – A Vulnerability Scanning Tool SUNY Technology Conference June 2003
Bill Kramp Finger Lakes Community College Canandaigua, NY firstname.lastname@example.org
Outline • What is Nessus? • Why use it? • System and Software • Configuration • Scanning • Reports • Demonstration • Discussion
Nessus • Vulnerability scanning tool • Open source • Zero software costs • Zero annual maintenance costs • Minimal hardware needs
Why scan? • To meet your campus security policy. • To find out what services are running. • To double check that software patches are installed correctly. • If you don’t find the holes, the hackers will. • Like Martha says “It’s a good thing”.
System Requirements • Server: • Linux • Solaris • FreeBSD • Clients: • Win32 • X11 • Java
Server Software • Four basic parts to the Nessus server: • Nessus-core • Nessus-libraries • Libnasl • Nessus-plugins
Plugins • Plugins are the scripts that perform the vulnerability tests. • NASL – This is the Nessus Attack Scripting Language which can be used to write your own plugins. • Nessus-update-plugins command– A script that will download new, or updated Nessus plugins. Can be run manually or from cron. • 1600 plugins available as of June 10, 2003
Port Scanners • Port scanning will detect the ports (services) available. • Port scanning types: • Ping • SYN scan • Tcp connect() scan • Scan for LaBrea tarpitted hosts • SNMP port scan • Can define port ranges to scan
Defining Targets • Hosts • Server.domain.edu • 172.21.1.2 • Subnet • 192.168.100.0 • Address range • 192.168.1.1-192.168.1.10
Vulnerability Scanning • Scanning methods: • Safe • Destructive • Service recognition – Will determine what service is actually running on a particular port. • Handle multiple services – Will test a service if it appears on more then one port. • Will test multiple systems at the same time.
Viewing Reports • Nessus will indicate the threat level for services or vulnerabilities it detects: • Low severity – Notification of issues • Medium severity – Warnings to think about • High severity – Issues that should be resolved • Description of vulnerability • Risk factor • CVE number
Common Vulnerabilities and Exposures • CVE created by http://www.cve.mitre.org/ • Attempting to standardize the names for vulnerabilities. • CVE search engine at http://icat.nist.gov/
Report Options • Output types: • Text • HTML • PDF • Filter by severity • Sort by host or vulnerability
Export Options • Comma Separated • MySQL • SQL • Nessus .nsl
User Accounts • Nessus supports individual accounts. • Different rules can be applied to each account: • Limit access to specific host(s) • Limit access by subnets • Have no restrictions
Nessus Resources • http://www.nessus.org/ • Nessus PHP Interface (to MySQL): http://enterprise.bidmc.harvard.edu/pub/nessus-php/ • Win32 Client: http://nessuswx.nessus.org/ • Gnome Client: http://sussen.sourceforge.net/
Commercial Products • SecureScan http://www.vigilante.com/ • Retina http://www.eeye.com/ • Internet Scanner http://www.iss.net/
Discussion • Does any campus have policies to test? • What software are other campuses using?
Nessus – A Vulnerability Scanning Tool A complete copy of the Power Point presentation will be available on the college website at http://paws.flcc.edu/~krampwd/