Nessus Technical Guide

Nessus Technical Guide

This Content Component encountered an error

If you're looking for a vulnerability scanner, chances are you've come across a number of very expensive commercial solutions with long lists of features and benefits. Unfortunately, if you're in the same situation as most of us, you simply don't have the budget to implement these fancy systems. You might have considered compromising by turning to free tools like SATAN or Saint. However, you probably saw these tools as a compromise,...

as their feature sets didn't quite match the commercial solutions'.

It's time that you give Nessus a look! This free tool offers a surprisingly robust feature set and is widely supported among the information security community. It doesn't take long between the discovery of a new vulnerability and the posting of an updated script for Nessus to detect it. In fact, Nessus takes advantage of the Common Vulnerabilities and Exposures architecture that facilitates easy cross-linking between compliant security tools.

The Nessus tool works a little differently than other scanners. Rather than purporting to offer a single, all-encompassing vulnerability database that gets updated regularly, Nessus supports the Nessus Attack Scripting Language (NASL), which allows security professionals to use a simple language to describe individual attacks. Nessus administrators then simply include the NASL descriptions of all desired vulnerabilities to develop their own customized scans.

Nessus uses a modular architecture consisting of centralized servers that conduct scanning and remote clients that allow for administrator interaction. The Nessus server is currently available for Unix, Linux and FreeBSD. The client is available for any Unix- or Windows-based operating system. It's important to note that the fact that the server is Unix-based doesn't limit the extent of the systems that may be scanned. NASL descriptions exist for a large number of Windows vulnerabilities, and the tool is extremely powerful for use even within a Windows-only environment.

If you're looking for a robust, inexpensive (free!) vulnerability scanning solution, you should definitely take Nessus out for a test drive! The following tips will guide you along the way.


NESSUS TECHNICAL GUIDE

  Introduction
  How to get started
  How to run a system scan
  How to build an enterprise scanning program
  How to manage Nessus reports
  How to simplify security scans
  How to use Nessus with the SANS Top 20

This learning guide originally appeared on SearchSecurity.com

This was first published in March 2006

Dig deeper on Endpoint security management tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close