12:55 PM

Nessus: A Scan Today Keeps Attackers Away

Security audits are only as good as the tools they use to find potential vulnerabilities--and this free, frequently updated open-source utility is one of tthe best.

1. Create a Nessus Server Certificate An administrator must execute additional steps for a nessusd Nessus server to communicate with a Nessus client. First, create a Nessus server certificate for secure communication between the server and client by executing the following command on the server: # nessus-mkcert.

If OpenSSL is installed, executing this command will force you to be queried for common items related to certification identification. You can use the lifetime values we used or enter your own. You'll then see a screen displaying the files that contain the public and private keys used for encryption.

2. Create a user account Once your server certificate has been created, you must create a user by executing the # nessus-adduser command on the server and entering a user name. Decide what type of authentication method to use: "pass" or "cert." If you choose "pass," as I did, the password won't appear on the screen as it is typed; if you choose "cert," you'll be asked for additional certificate-related information. Next, enter any rules that apply to this user. For example, I wanted to let the user scan only hosts between and, so I entered the appropriate accept/deny rules. Hit <CTRL> <D> when you've finished entering rules for each user created.

3. Modify the nessusd.conf file The last step to configuring your Nessus server is to modify the /etc/nessus/nessusd.conf file using the vi text editor. Many items can be modified in this configuration file, but an important one is max_ thread, which determines the total simultaneous Nessus tests to run. The default is 15, but I used 25. Test different figures to determine the performance impact on your network. Scale it back if you experience performance problems. The port_range variable sets the default range of ports to scan, and by entering 0-65535, we're ensuring a comprehensive (though long) scan. Ping_hosts tells Nessus whether it should scan only hosts that respond to ping requests. Setting this variable to "no" means it'll scan hosts that don't respond to a ping, increasing scanning time. Save the file and exit the text editor.

4. Define your scan You can download the Nessus client for Windows from www.nessus.org. Once the client is installed, double-click on your desktop's NessusWX icon. From the Communications menu, select Connect to open the corresponding dialog box. Enter the user name you created on the Nessus server in the login text box. You can use the DNS name of your server or the IP address to make a connection. The default port is 1241, but it can be modified through the server configuration file. The server will prompt you for your password, then authenticate you. You'll see how many plug-ins have been loaded for the client to use during scans.

5. Start scanning You can start a scanning session by selecting Session/New and entering a session name. Define the parameters you want for this scan in the Session Properties dialog box. You can add targets by clicking Add and entering a target type of a single host, a subnet or an address range. Next select the Options tab. Until you're familiar with Nessus, make sure the Safe Checks option is checked. This will cause Nessus to rely on version information from network service banners to determine vulnerability; however, this may result in false positives. But it's a good option to use if you need to scan a host or series of hosts whose uptime is mandatory.

6. Scanning options Nessus offers many options, but it's not possible to cover them all in this article. Here's overview of some. The Port Scan tab lets you define specific ports or ranges of ports to be scanned. Click the Configure Services button if you want to run a scan to find out whether a particular service is running or if your want to specify certain scanners. The Connection tab lets you use logins and passwords for your scan parameters and specify encryption methods. Select Plugins tab/Configure Plugins button to see the configurable options Nessus offers. Each plug-in has a default setting that can be changed.

7. Executing your scan When you're finished defining your scan, double-click it to execute. Scans are saved as part of the database Nessus creates (NessusDB). Reports can be viewed at the end of a scan or saved as text or HTML files. By default, reports are saved in the NessusWX folder. You can import scan results to a spreadsheet or as graphical presentation. The above screen displays partial results of a scan. The offending service, severity level and information about the vulnerability are reported. Web links provide more detailed information.

2 of 2
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.