INTRODUCTION TO NESSUS
Nessus is one of the most popular and capable vulnerability scanners, it is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture regarding all the CVE’s , CWE’s , CVSS Scores and other architectures regarding all the Network Attacks. Nessus is a proprietary vulnerability scanner developed by Tenable Network Security. We will be covering up the installation, configuration steps, creating policies and maintainmg controls, starting a scan, and analyzing the reports using NESSUS Vulnerability Scanner.
It now costs $2,190 per year, which still beats many of its competitors. A free “Nessus Home” version is also available, though it is limited and only licensed for home network use. Nessus is constantly updated, with more than 70,000 plugins.
How it works?
Nessus works by testing each port on a computer, determining what service it is running, and then testing this service to make sure there are no vulnerabilities in it that could be used by a hacker to carry out a malicious attack.
Nessus Plugins :
These programs are named plugins and are written in the Nessus Attack Scripting Language (NASL). The plugins contain vulnerability information, a simplified set of remediation actions and the algorithm to test for the presence of the security issue.
INSTALLAION AND CONFIGURATION
= Downloading the Nessus home feed (free) or professional feed from the following link:
= Once you download the Nessus tool, you need to register with the Nessus official website to generate the activation key, which is required to use the Nessus tool. You can do it from the following link:(http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code)
= Click on “Nessus for Home” and enter the required details. An e-mail with an activation key will be sent to your mail.
= Install the tool. (Installation of the Nessus tool will be quite confusing, so tutorials should be useful).For installation guidelines go to: (http://static.tenable.com/documentation/nessus_5.0_installation_guide.pdf).
= Check for your operating system and follow the steps mentioned in the PDF.
Open Nessus in the browser; normally it runs on port 8834. The URL will be like : (http://localhost:8834/WelcomeToNessus-Install/welcome).
= Create an account with Nessus. Entering the activation code you have obtained by registering with the Nessus website. Also you can configure the proxy if needed by giving proxy hostname, proxy username, and password.
= Then the scanner gets registered with Tenable and creates a user.
= Download the necessary plug-in. (It takes some time to download the plug-in; while you are watching the screen, you can go through the vast list of resources we have for Nessus users).
= Once the plug-ins are downloaded, it will automatically redirect you to a login screen. Provide the username and password that you have created earlier to login.
= Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system.
= Checks whether the systems in the network have the latest software patches
= Tries with default passwords, common passwords, on systems account
= Configuration audits – ISO27001 , ISO27002 , PCIDSS , HIPPA.
= Vulnerability analysis
= Mobile device audits
= Customized reporting
= For more details on the features of Nessus, visit: http://www.tenable.com/products/nessus/nessus-product-overview/nessus-features.
Host Discovery : This can will let us know about all the connected nodes or devices in the same network. Hence in blackbox testing it wil be very useful to know how many machines are there in scope to test.
Basic Scan : Basic scan will give you details which are not dat in detail but they are enough you understand the basic security architeure of the device on which we are doing the scan.
Advance Scan : Includes dynamic approach with custom policy and rules to scan on the target. Hence we can proceed with any cutomized scan on any deviceto get a desired result report based on our selected parameters. In this advance scan we can actualy input what to do and what to skip options too hence it will increase the scan speed along with the productivity by giving attention to only policies which are critical than the policies which are not buiness critical.
Audit Cloud Instrastructure : Cloud based CMS and other buiness applications can be audit from Nessus.
Internal PCI Network Scan : PCI DSS scan is a global payment gateway audit having controls to check the overall security of the implemented project to process the transactions internaly or externely for the organisation.
Malware Scan : MDM(Mobile Device Management) Config Audit : MDM is implemented when companyis using BYOD policy in the organization.
Including other scans like :n Mobile Device Scan, Offline Config, Audit PCI Quarterly External Scan , Polciy Complaince Auditing, SCAP and OVAL Auditing, Web Application Tests etc. with other protection.
Nessus gives you lots of choices when it comes to running the actual vulnerability scan. You’ll be able to scan individual computers, ranges of IP addresses, or complete subnets. There are over 1200 vulnerability plug-ins with Nessus, which allow you to specify an individual vulnerability or a set of vulnerabilities to test for. In contrast to other tools, Nessus won’t assume that explicit services run on common ports; instead, it will try to exploit the vulnerabilities.
Scanning the networks through :
= Host Discovery
= Basic Scan
= Advanced Scan