Learn how Nessus can fit your remote scanning needs

If you're seeking a quality tool to scan your network, look no further than Nessus. Best of all, it's free! Mike Mullins discusses some of the key features of Nessus.

Are you tired of making the case for security scanning to executive management and fighting for the money to secure your network? It's often difficult to convince these powers-that-be of the true necessity of security.

In addition, you may be sick of explaining why it's necessary to go above and beyond the security measures that come with the product. Although most vendors include some sort of security-scanning mechanism with their products, these checks often fail to address how remote users interact with your organization's specific implementation of that software system.

The ability to remotely verify the security status of network resources is the point of collecting log data and constantly scanning networks. However, this process doesn't necessarily have to be pricey.

A plethora of tools for scanning networks is available, with a plethora of prices. However, the Nessus tool stands out above the rest. Best of all, it's free!

Some people consider Nessus a black hat's tool, and the bad guys and gals out there definitely use it. But that's exactly why your company should use it as well. By looking at your network through the eyes of your enemy, you can find and patch the holes in your defenses before potential intruders exploit them.

A hacker group or a security company typically discovers a specific way to violate the security of a software system and then releases the hack, in various levels of detail, to a hacker or security community (depending on which side of the law these folks fall).

And that's where Nessus comes in. Designed to automate the testing and discovery of known security problems, this software tool can identify and solve these known problems—before a black hat can take advantage of them.

Nessus' most powerful feature is its client-server technology. You can deploy Nessus servers throughout your network to conduct tests from diverse points of view. The client can then control multiple servers.

The server/client software runs on UNIX, MAC OS X, IBM/AIX, and most flavors of Linux. Clients are also available for Windows. The Nessus server performs the actual scanning, and the client provides configuration and reporting functionality.

Nessus also offers the ability to discover all open ports detected on a remote targeted system and then attack these ports. Nessus not only uses common attacks against common ports (e.g., Web servers generally use TCP port 80 for Web pages); it also discovers Web services running on different ports through its smart service recognition. It can then attack these Web services ports as well.

Let's look at some of the other key features of Nessus.

  • Up-to-date security vulnerability database: The security checks database updates on a daily basis, and you can retrieve all the security checks using the nessus-update-plugins command.
  • Remote and local security: Nessus is the only security scanner with the ability to detect the remote flaws of the hosts on your network as well as local flaws and missing patches.
  • High scalability: Nessus runs on a single computer and uses minimal memory.
  • Plug-ins: Nessus writes each security test as an external plug-in, and you can read and modify each plug-in.
  • Multiple services: If a host runs the same service twice or more, Nessus tests each instance for all known vulnerabilities.
  • SSL support: Nessus tests SSL services, including HTTPS, SMTPS, and IMAPS. By installing a certificate, it can also integrate with a PKI environment.
  • Nondestructive or thorough: You can choose to perform a regular nondestructive security audit on a routine basis, or you can attack a remote host to determine how it would perform under a real-world attack.

To benefit the most from using Nessus, I suggest installing several external programs. While the tool doesn't require these programs to work, they greatly augment its scanning ability.

  • Nmap—an open source standard for port scanners
  • THC-Hydra—a password tester
  • Nikto—a CGI/script checker

Final thoughts

Keep in mind that deploying and running Nessus in your organization requires knowledge of UNIX/Linux. If you're serious about network security, you need to become familiar with these operating systems.

Vendors will always issue patches, but it's dangerous to rely on them for your entire security strategy. You must still take steps to make sure you've plugged all the holes to prevent black hats from accessing your network.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Editor's Picks

Free Newsletters, In your Inbox