General discussion
-
Topic
-
Tech Notes
Lockedblog root
All Comments
-
-
Right Tool For the Job – Nessus
The Need
Vulnerability assessments are one of the key tools that
information security professionals use to learn about their network environment. With the increasing quantity of threat agents
and government regulations that carry harsh penalties, businesses have to know
where their security vulnerabilities exist and now to mitigate them.I had an opportunity a little over a year ago to help
analyze tools for a vulnerability assessment proof of concept project at a
multi-national Fortune 500 company. The idea of the project was to learn the
business value that vulnerability assessments might provide and to discover the
actual vulnerabilities.The Job
We were sure some level of vulnerability assessments were
necessary, but recognized that there were no internal mitigation processes to
support the findings of the assessments. This proved to be a good intuition.
About nine months after we were successfully scanning and building processes, I
read an article about a company who had spent about $90,000 on a commercial
vulnerability scanning solution only to see it fail miserably because they had
not developed support processes.For the proof of concept phase, the scanner couldn?t be on a
short evaluation period timeframe because as much as the technical results of
the scans were important, building internal mitigation support processes were
equally important.The Tool
Even though we had access to commercial tools, we chose the
open source Nessus (http://nessus.org) vulnerability scanner. Nessus is the de facto
standard of vulnerability scanners. In fact, many commercial products use the
Nessus engine in their products and nearly every major security hardware vendor
supports Nessus scan results.Nessus currently comes in two versions. The open source Nessus
2.2.x version and the recently released Nessus 3 closed source but free
version. Tenable Security (http://www.tenablesecurity.com)
supports the Nessus project and maintains the development of both versions.Nessus features include:
- Highly
configurable scan options like scanning as few a one host to multiple
subnets.
- DNS
resolution or MAC address tracking for DHCP-enabled targets
- Scan
throttling to avoid network bandwidth saturation
- Fully
featured, highly configurable nmap port scanner
- Plug-ins
– each plug-in is a test, for example every Microsoft security patch is a
separate plug in. Currently there are over 10,000 for the free version of
Nessus 3
- NASL
scripting that allows custom plug-in creation
- GUI or
command line clients
- Reports
in .html and txt formats
- Exports
directly to MySQL databases for analysis
Working with Nessus
Nessus uses client-server architecture and is deployable on
many different operating system types. Tenable Security offers a version of the
Nessus scanner for Windows called NeWT, however; it is not as feature-rich as
the Linux version of Nessus.We really wanted to test the full features of Nessus so we
decided to go with a SuSE Enterprise Linux 9 virtual machine on VMWare ESX for
the server and our Windows XP machines running the Nessuswx GUI client.The members of the testing team were not Linux gurus and
fortunately, the installation of Nessus over a year ago on was not that
difficult, but challenged our Linux skills. Today installing Nessus on openSUSE
10 Linux is no harder than installing an application on Windows. You only need
a minimum installation of openSUSE 10, and then install the Nessus .rpm from http://nessus.org/download. The
installation sets up Nessus as a running service on the openSUSE machine.We began scanning local subnets and generated the built-in
.html reports that Nessus creates. We found unknown vulnerabilities on the
network nearly from the first scans completed. As I gained confidence in
Nessus, and learned how to throttle the bandwidth usage, we expanded our
scanning out to the company facilities near our location, then eventually to
the locations throughout the United
States.You can scan with administrator credentials on the target
machine, or as an unknown user to get different views of vulnerabilities with
Nessus. Nessus scans ports and checks vulnerabilities in discovered services as
the unknown user or with administrator credentials, conducts full host-based
scans checking registry settings, services and file permission vulnerabilities.Since Nessus has the ability to export the scan findings
into MySQL, I installed MySQL and use custom queries to sort through the
generous quantity of vulnerability data that Nessus creates. We conduct scans on the company?s subnets
located all over the world from the Louisville location and generate insightful vulnerability reports using Nessus and MySQL.See these screenshots (http://techrepublic.com.com/2300-1009-6048886.html)
of Nessus and Nessuswx in the Nessus gallery.Right tool for the job?
With Nessus in production for a little over a year now, we
are able to provide the company the vulnerability assessment information from
any facility in the world that we knew it needed.Because Nessus is free, runs on free operating systems and
requires little hardware resources, it has allowed the internal support
processes to develop along with the skill sets to support vulnerability
analysis.Write your own review
If you’ve found the perfect tool for the job, we want to hear about it. Send us an e-mail describing the product and the job you’re using it for. If we feature the product in The Right Tool for the Job? blog, you’ll earn a little cash and be featured across the TechRepublic Web site and in our newsletters.
- Highly
-
