| examine how to use this powerful open source vulnerability scanner to monitor systems for security issues.
We'll assume that you're using the Unix Nessus GUI, but the commands are quite similar for those using NessusWX (for Windows). First, start the Nessus client by issuing the "nessus" command. You'll be presented with the window shown below:
The top portion of this window allows you to specify the Nessus server that you'd like to use to originate the scan. If you're running the client and server on the same host, keep the default settings. Otherwise, you'll need to enter the appropriate hostname and port. The lower portion of the window requires that you enter the appropriate Nessus credentials to begin the scan. It's important to remember that these are separate and distinct from system login credentials and must be created using the nessus-adduser command.
After entering this information, click the "Log in" button to authenticate to the Nessus server. Next, we'll take a look at the Scan Options tab, shown below:
This tab contains several important options. First, the "Port range" textbox allows you to enter the specific ports that you'd like to scan. If you leave this set to "default," it will scan all of the destination ports contained within the nessus-services file. Otherwise, you may specify ports using ranges (e.g. "1-1024") and/or comma-delimited lists (e.g. "80, 443, 8080").
The other important option contained on this tab is the "Safe checks" box. Checking this box ensures that Nessus only runs plug-ins designated by their developers as "non-dangerous." If you're running a scan against a production system, it's critical that you check this box, as the unsafe plug-ins could cause an unintentional denial of service on the target system. (On the other hand, if you can do it, so can the bad guys!)
Next, let's move on to the Target tab, shown below:
You may use this tab to select either a single system or a comma-delimited list. Alternatively, you may read a list of hosts from a text file using the "Read file" button or attempt to perform a DNS zone transfer to obtain all of the hostnames in a domain by checking the "Perform a DNS zone transfer" box.
Once you've set the appropriate options for your scan, click the "Start the scan" button at the bottom of any tab, and you'll be off and running. The system will display the dialog box shown below:
It's important to note that scanning a single system could take several minutes or longer, depending upon the specified scope. When the scan completes, you'll see a full scan report, such as the one shown below:
You may navigate through this report to view the various alerts shown for each system grouped by host, port and severity.
That's all there is to it! You now have the basic information you need to conduct vulnerability scans with Nessus.
NESSUS TECHNICAL GUIDE
How to get started
How to run a system scan
How to build an enterprise scanning program
How to manage Nessus reports
How to simplify security scans
How to use Nessus with the SANS Top 20
|Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.|
This was first published in January 2006