1 / 26

Nessus – A Vulnerability Scanning Tool

Nessus – A Vulnerability Scanning Tool. SUNY Technology Conference June 2003. Bill Kramp. Finger Lakes Community College Canandaigua, NY krampwd@flcc.edu. Outline. What is Nessus? Why use it? System and Software Configuration Scanning Reports Demonstration Discussion. Nessus.

miyoko
Download Presentation

Nessus – A Vulnerability Scanning Tool

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nessus – A Vulnerability Scanning Tool SUNY Technology Conference June 2003

  2. Bill Kramp Finger Lakes Community College Canandaigua, NY krampwd@flcc.edu

  3. Outline • What is Nessus? • Why use it? • System and Software • Configuration • Scanning • Reports • Demonstration • Discussion

  4. Nessus • Vulnerability scanning tool • Open source • Zero software costs • Zero annual maintenance costs • Minimal hardware needs

  5. Why scan? • To meet your campus security policy. • To find out what services are running. • To double check that software patches are installed correctly. • If you don’t find the holes, the hackers will. • Like Martha says “It’s a good thing”.

  6. System Requirements • Server: • Linux • Solaris • FreeBSD • Clients: • Win32 • X11 • Java

  7. Server Software • Four basic parts to the Nessus server: • Nessus-core • Nessus-libraries • Libnasl • Nessus-plugins

  8. Plugins • Plugins are the scripts that perform the vulnerability tests. • NASL – This is the Nessus Attack Scripting Language which can be used to write your own plugins. • Nessus-update-plugins command– A script that will download new, or updated Nessus plugins. Can be run manually or from cron. • 1600 plugins available as of June 10, 2003

  9. Port Scanners • Port scanning will detect the ports (services) available. • Port scanning types: • Ping • SYN scan • Tcp connect() scan • Scan for LaBrea tarpitted hosts • SNMP port scan • Can define port ranges to scan

  10. Defining Targets • Hosts • Server.domain.edu • 172.21.1.2 • Subnet • 192.168.100.0 • Address range • 192.168.1.1-192.168.1.10

  11. Vulnerability Scanning • Scanning methods: • Safe • Destructive • Service recognition – Will determine what service is actually running on a particular port. • Handle multiple services – Will test a service if it appears on more then one port. • Will test multiple systems at the same time.

  12. Viewing Reports • Nessus will indicate the threat level for services or vulnerabilities it detects: • Low severity – Notification of issues • Medium severity – Warnings to think about • High severity – Issues that should be resolved • Description of vulnerability • Risk factor • CVE number

  13. Common Vulnerabilities and Exposures • CVE created by http://www.cve.mitre.org/ • Attempting to standardize the names for vulnerabilities. • CVE search engine at http://icat.nist.gov/

  14. Report Options • Output types: • Text • HTML • PDF • Filter by severity • Sort by host or vulnerability

  15. Export Options • Comma Separated • MySQL • SQL • Nessus .nsl

  16. User Accounts • Nessus supports individual accounts. • Different rules can be applied to each account: • Limit access to specific host(s) • Limit access by subnets • Have no restrictions

  17. Connecting to Nessus Server

  18. Define the Targets

  19. Selecting Plugins

  20. Scanning…

  21. Testing Completed

  22. Viewing Session Results

  23. Nessus Resources • http://www.nessus.org/ • Nessus PHP Interface (to MySQL): http://enterprise.bidmc.harvard.edu/pub/nessus-php/ • Win32 Client: http://nessuswx.nessus.org/ • Gnome Client: http://sussen.sourceforge.net/

  24. Commercial Products • SecureScan http://www.vigilante.com/ • Retina http://www.eeye.com/ • Internet Scanner http://www.iss.net/

  25. Discussion • Does any campus have policies to test? • What software are other campuses using?

  26. Nessus – A Vulnerability Scanning Tool A complete copy of the Power Point presentation will be available on the college website at http://paws.flcc.edu/~krampwd/

More Related