Nessus - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Nessus

Description:

To meet your campus security policy. To find out what services are running. ... SecureScan http://www.vigilante.com/ Retina http://www.eeye.com ... – PowerPoint PPT presentation

Number of Views:1417
Avg rating:3.0/5.0
Slides: 27
Provided by: paws8
Category:
Tags: nessus | vigilante

less

Transcript and Presenter's Notes

Title: Nessus


1
Nessus A Vulnerability Scanning Tool
  • SUNY Technology Conference June 2003

2
Bill Kramp
  • Finger Lakes Community College
  • Canandaigua, NY
  • krampwd_at_flcc.edu

3
Outline
  • What is Nessus?
  • Why use it?
  • System and Software
  • Configuration
  • Scanning
  • Reports
  • Demonstration
  • Discussion

4
Nessus
  • Vulnerability scanning tool
  • Open source
  • Zero software costs
  • Zero annual maintenance costs
  • Minimal hardware needs

5
Why scan?
  • To meet your campus security policy.
  • To find out what services are running.
  • To double check that software patches are
    installed correctly.
  • If you dont find the holes, the hackers will.
  • Like Martha says Its a good thing.

6
System Requirements
  • Server
  • Linux
  • Solaris
  • FreeBSD
  • Clients
  • Win32
  • X11
  • Java

7
Server Software
  • Four basic parts to the Nessus server
  • Nessus-core
  • Nessus-libraries
  • Libnasl
  • Nessus-plugins

8
Plugins
  • Plugins are the scripts that perform the
    vulnerability tests.
  • NASL This is the Nessus Attack Scripting
    Language which can be used to write your own
    plugins.
  • Nessus-update-plugins command A script that will
    download new, or updated Nessus plugins. Can be
    run manually or from cron.
  • 1600 plugins available as of June 10, 2003

9
Port Scanners
  • Port scanning will detect the ports (services)
    available.
  • Port scanning types
  • Ping
  • SYN scan
  • Tcp connect() scan
  • Scan for LaBrea tarpitted hosts
  • SNMP port scan
  • Can define port ranges to scan

10
Defining Targets
  • Hosts
  • Server.domain.edu
  • 172.21.1.2
  • Subnet
  • 192.168.100.0
  • Address range
  • 192.168.1.1-192.168.1.10

11
Vulnerability Scanning
  • Scanning methods
  • Safe
  • Destructive
  • Service recognition Will determine what service
    is actually running on a particular port.
  • Handle multiple services Will test a service
    if it appears on more then one port.
  • Will test multiple systems at the same time.

12
Viewing Reports
  • Nessus will indicate the threat level for
    services or vulnerabilities it detects
  • Low severity Notification of issues
  • Medium severity Warnings to think about
  • High severity Issues that should be resolved
  • Description of vulnerability
  • Risk factor
  • CVE number

13
Common Vulnerabilities and Exposures
  • CVE created by http//www.cve.mitre.org/
  • Attempting to standardize the names for
    vulnerabilities.
  • CVE search engine at http//icat.nist.gov/

14
Report Options
  • Output types
  • Text
  • HTML
  • PDF
  • Filter by severity
  • Sort by host or vulnerability

15
Export Options
  • Comma Separated
  • MySQL
  • SQL
  • Nessus .nsl

16
User Accounts
  • Nessus supports individual accounts.
  • Different rules can be applied to each account
  • Limit access to specific host(s)
  • Limit access by subnets
  • Have no restrictions

17
Connecting to Nessus Server
18
Define the Targets
19
Selecting Plugins
20
Scanning
21
Testing Completed
22
Viewing Session Results
23
Nessus Resources
  • http//www.nessus.org/
  • Nessus PHP Interface (to MySQL)
    http//enterprise.bidmc.harvard.edu/pub/nessus-php
    /
  • Win32 Client http//nessuswx.nessus.org/
  • Gnome Client http//sussen.sourceforge.net/

24
Commercial Products
  • SecureScan http//www.vigilante.com/
  • Retina http//www.eeye.com/
  • Internet Scanner http//www.iss.net/

25
Discussion
  • Does any campus have policies to test?
  • What software are other campuses using?

26
Nessus A Vulnerability Scanning Tool
  • A complete copy of the Power Point presentation
    will be available on the college website at
    http//paws.flcc.edu/krampwd/
Write a Comment
User Comments (0)
About PowerShow.com