Are you tired of making the case for security
scanning to executive management and fighting for the money to
secure your network? It’s often difficult to convince these
powers-that-be of the true necessity of security.

In addition, you may be sick of explaining why
it’s necessary to go above and beyond the security measures that
come with the product. Although most vendors include some sort of
security-scanning mechanism with their products, these checks often
fail to address how remote users interact with your organization’s
specific implementation of that software system.

The ability to remotely verify the security
status of network resources is the point of collecting log data and
constantly scanning networks. However, this process doesn’t
necessarily have to be pricey.

A plethora of tools for scanning networks is
available, with a plethora of prices. However, the Nessus tool stands out above
the rest. Best of all, it’s free!

Some people consider Nessus a black hat’s tool,
and the bad guys and gals out there definitely use it. But that’s
exactly why your company should use it as well. By looking at your
network through the eyes of your enemy, you can find and patch the
holes in your defenses before potential intruders exploit them.

A hacker group or a security company typically
discovers a specific way to violate the security of a software
system and then releases the hack, in various levels of detail, to
a hacker or security community (depending on which side of the law
these folks fall).

And that’s where Nessus comes in. Designed to
automate the testing and discovery of known security problems, this
software tool can identify and solve these known problems–before a
black hat can take advantage of them.

Nessus’ most powerful feature is its
client-server technology. You can deploy Nessus servers throughout
your network to conduct tests from diverse points of view. The
client can then control multiple servers.

The server/client software runs on UNIX, MAC OS
X, IBM/AIX, and most flavors of Linux. Clients are also available
for Windows. The Nessus server performs the actual scanning, and
the client provides configuration and reporting functionality.

Nessus also offers the ability to discover all
open ports detected on a remote targeted system and then attack
these ports. Nessus not only uses common attacks against common
ports (e.g., Web servers generally use TCP port 80 for Web pages);
it also discovers Web services running on different ports through
its smart service recognition. It can then attack these Web
services ports as well.

Let’s look at some of the other key features of

  • Up-to-date security
    vulnerability database:
    The security checks database updates on
    a daily basis, and you can retrieve all the security checks using
    the nessus-update-plugins
  • Remote
    and local security:

    Nessus is the only security scanner with the ability to detect the
    remote flaws of the hosts on your network as well as local flaws
    and missing patches.
  • High
    Nessus runs on a single computer and uses minimal
  • Plug-ins: Nessus writes
    each security test as an external plug-in, and you can read and
    modify each plug-in.
  • Multiple services: If a
    host runs the same service twice or more, Nessus tests each
    instance for all known vulnerabilities.
  • SSL
    Nessus tests SSL services, including HTTPS, SMTPS, and
    IMAPS. By installing a certificate, it can also integrate with a
    PKI environment.
  • Nondestructive or thorough: You can
    choose to perform a regular nondestructive security audit on a
    routine basis, or you can attack a remote host to determine how it
    would perform under a real-world attack.

To benefit the most from using Nessus, I
suggest installing several external programs. While the tool
doesn’t require these programs to work, they greatly augment its
scanning ability.

  • Nmap–an open source standard for port
  • THC-Hydra–a password tester
  • Nikto–a CGI/script checker

Final thoughts

Keep in mind that deploying and running Nessus
in your organization requires knowledge of UNIX/Linux. If you’re
serious about network security, you need to become familiar with
these operating systems.

Vendors will always issue patches, but it’s
dangerous to rely on them for your entire security strategy. You
must still take steps to make sure you’ve plugged all the holes to
prevent black hats from accessing your network.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Worried about security issues? Who isn’t? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.