Learn how Nessus can fit your remote scanning needs

If you're seeking a quality tool to scan your network, look no further than Nessus. Best of all, it's free! Mike Mullins discusses some of the key features of Nessus.

Are you tired of making the case for security
scanning to executive management and fighting for the money to
secure your network? It’s often difficult to convince these
powers-that-be of the true necessity of security.

In addition, you may be sick of explaining why
it’s necessary to go above and beyond the security measures that
come with the product. Although most vendors include some sort of
security-scanning mechanism with their products, these checks often
fail to address how remote users interact with your organization’s
specific implementation of that software system.

The ability to remotely verify the security
status of network resources is the point of collecting log data and
constantly scanning networks. However, this process doesn’t
necessarily have to be pricey.

A plethora of tools for scanning networks is
available, with a plethora of prices. However, the Nessus tool stands out above
the rest. Best of all, it’s free!

Some people consider Nessus a black hat’s tool,
and the bad guys and gals out there definitely use it. But that’s
exactly why your company should use it as well. By looking at your
network through the eyes of your enemy, you can find and patch the
holes in your defenses before potential intruders exploit them.

A hacker group or a security company typically
discovers a specific way to violate the security of a software
system and then releases the hack, in various levels of detail, to
a hacker or security community (depending on which side of the law
these folks fall).

And that’s where Nessus comes in. Designed to
automate the testing and discovery of known security problems, this
software tool can identify and solve these known problems–before a
black hat can take advantage of them.

Nessus’ most powerful feature is its
client-server technology. You can deploy Nessus servers throughout
your network to conduct tests from diverse points of view. The
client can then control multiple servers.

The server/client software runs on UNIX, MAC OS
X, IBM/AIX, and most flavors of Linux. Clients are also available
for Windows. The Nessus server performs the actual scanning, and
the client provides configuration and reporting functionality.

Nessus also offers the ability to discover all
open ports detected on a remote targeted system and then attack
these ports. Nessus not only uses common attacks against common
ports (e.g., Web servers generally use TCP port 80 for Web pages);
it also discovers Web services running on different ports through
its smart service recognition. It can then attack these Web
services ports as well.

Let’s look at some of the other key features of
Nessus.

Up-to-date security
vulnerability database: The security checks database updates on
a daily basis, and you can retrieve all the security checks using
the nessus-update-plugins
command.
Remote
and local security:
Nessus is the only security scanner with the ability to detect the
remote flaws of the hosts on your network as well as local flaws
and missing patches.
High
scalability: Nessus runs on a single computer and uses minimal
memory.
Plug-ins: Nessus writes
each security test as an external plug-in, and you can read and
modify each plug-in.
Multiple services: If a
host runs the same service twice or more, Nessus tests each
instance for all known vulnerabilities.
SSL
support: Nessus tests SSL services, including HTTPS, SMTPS, and
IMAPS. By installing a certificate, it can also integrate with a
PKI environment.
Nondestructive or thorough: You can
choose to perform a regular nondestructive security audit on a
routine basis, or you can attack a remote host to determine how it
would perform under a real-world attack.

To benefit the most from using Nessus, I
suggest installing several external programs. While the tool
doesn’t require these programs to work, they greatly augment its
scanning ability.

Nmap–an open source standard for port
scanners
THC-Hydra–a password tester
Nikto–a CGI/script checker

Final thoughts

Keep in mind that deploying and running Nessus
in your organization requires knowledge of UNIX/Linux. If you’re
serious about network security, you need to become familiar with
these operating systems.

Vendors will always issue patches, but it’s
dangerous to rely on them for your entire security strategy. You
must still take steps to make sure you’ve plugged all the holes to
prevent black hats from accessing your network.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Worried about security issues? Who isn’t? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This policy from TechRepublic Premium provides guidelines for reliable and secure backups of end user data. It outlines the responsibilities of IT departments and employees to identify tasks and action items for each group. The policy can be customized to fit the needs of your organization. From the policy: IT STAFF RESPONSIBILITIES IT staff ...

This policy from TechRepublic Premium provides guidelines for the appropriate use of electronic communications. It covers topics such as privacy, confidentiality and security; ensures electronic communications resources are used for appropriate purposes; informs employees regarding the applicability of laws and company policies to electronic communications; and prevents disruptions to and misuse of company electronic communications ...

Learn how Nessus can fit your remote scanning needs