Nessus Network Scanner !NEW! Download
Roseanna Diomede
Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for Tenable Nessus deployments include raw network speed, the size of the network, and the configuration of Tenable Nessus.
Tenable Nessus only supports storage area networks (SANs) or network-attached storage (NAS) configurations when installed on a virtual machine managed by an enterprise class hypervisor. Tenable Nessus Manager requires higher disk throughput and may not be appropriate for remote storage. If you install Tenable Nessus on a non-virtualized host, you must do so on direct-attached storage (DAS) devices.
Tenable Nessus can be installed on a virtual machine that meets the same requirements. If your virtual machine is using Network Address Translation (NAT) to reach the network, many of the Tenable Nessus vulnerability checks, host enumeration, and operating system identification are negatively affected.
When you first create a scan or policy, the Scan Templates section or Policy Templates section appears, respectively. Tenable Nessus provides separate templates for scanners and agents, depending on which sensor you want to use for scanning:
Launch this scan to see what hosts are on your network and associated information such as IP address, FQDN, operating systems, and open ports, if available. After you have a list of hosts, you can choose what hosts you want to target in a specific vulnerability scan.
Offline configuration audits allow Tenable Nessus to scan hosts without the need to scan over the network or use credentials. Organizational policies may not allow you to scan devices or know credentials for devices on the network for security reasons. Offline configuration audits use host configuration files from hosts to scan instead. Through scanning these files, you can ensure that devices' settings comply with audits without the need to scan the host directly.
If you create a scan using the Scan template, Tenable Nessus analyzes your web application for all plugins that the scanner checks for when you create a scan using the Config Audit, Overview, or SSL TLS templates, as well as additional plugins to detect specific vulnerabilities.
When you create a scan using the SSL TLS template, Tenable Nessus analyzes your web application only for plugins related to SSL/TLS implementation. The scanner does not crawl URLs or assess individual pages for vulnerabilities.
Originally launched as an open source tool in 1998, its enterprise edition became a commercial product in 2005. Nessus now encompasses several products that automate point-in-time vulnerability assessments of a network's attack surface, with the goal of enabling enterprise IT teams to stay ahead of cyber attackers by proactively identifying and fixing vulnerabilities as the tool discovers them, rather than after attackers exploit them.
Finally, Nessus is a highly portable vulnerability scanner, making it a useful tool for security professionals who are required to move between locations. Examples include penetration testers and security consultants.
Compare the top five vulnerability scanning tools for security teams, and learn five steps to follow in a network security audit checklist. See how to build an enterprise penetration testing plan, and check out this complete guide to penetration testing best practices.
Nessus is a powerful tool to diagnose weak points in your organization's networks, systems and apps. It highlights any misconfigurations of the network or systems that may lead to potential security gaps. For this, the Nessus Vulnerability Scanner relies on a vast database of vulnerability scan templates and security plugins.
Once Nessus gathers data after a scan, the data is exported and organized into a tailored database. RedLegg's expert testers study it to assess the network and its vulnerabilities and strategize intrusion tactics.
We have seen Nessus report every port as open, usually when scanning a target list that is for a web application. These results can be caused by a firewall or content delivery network (CDN) accepting connections on all ports and then forwarding that traffic based on access control rules. When using this against an external target list, the issue is usually caused by a CDN or another web-based target. However, when used against an internal target set, this issue can arise from scanning a VMWare-based client.
Sensitive networks can also prove to be troublesome during vulnerability scanning. While many issues do not progress beyond simple IP whitelisting and access control, some can cause network congestion.
Heading to the URL listed in the output of the install script, starts the web based install wizard. Registering for a feed is required here whether that is for Home use or Professional use. Enter the feed key, the plugins are downloaded, and the scanner is initialised.
In a previous work environment where I was monitoring 1800 devices on a globally distributed network accessing the network was reasonably restricted. If accessing from home I would use a VPN and then a Remote desktop jumpbox to access the Nessus Console on HTTPS 8834. When using the flash based console in this manner the refresh times are horrible. My connection was 20mb, the Nessus host was a grunty box, but still the slow refresh on the flash carried across the RDP redraw to make it a painful experience.
The test scan did a good of detecting missing updates on my test Ubuntu host. For those unfamiliar with vulnerability scanners, I recommend you take a look at the options to customise the scan policies. Even if you are adverse to tinkering too much the most important configuration options for Internal Network Scans is to ensure you are performing credentialed scans. This allows the Nessus scanner to login to the target host machine and collect information on the host locally. Giving valuable information to the scan engine such as patch levels of the system whether it is a Windows or Linux based host.
Anti-virus is generally a requirement on all your Windows based desktops but it is far from fool proof. In fact slight modifications to malware can make them virtually undetectable to many AV scanners until signatures become available for that particular variant. The security industry is creating all manner of network based anomaly detection products to discover unknown malware. Tenable has added an interesting feature to Nessus that seems quite simple and one I suspect will be beneficial to many organisations.
As the Nessus scanner performs a credential based scan of a system it can collect hashes of all the running processes and compare these to an online database that is effectively a clone of a system such as VirusTotal. The system uses the Reversing Labs database of known bad hashes that can come from 25 different AV vendors. So it immediately adds a new layer of defense to your Anti-virus capability. If your primary AV client misses a piece of malware; when you run your regular Nessus scan you may still catch the unknown malware. Understand however that like any AV detection it will also not find everything. For an addon that comes free with your $1500 USD Nessus subscription I believe this is a nice bonus feature.
Overall the latest Nessus 5 seems to be light on resource usage and easy to configure. You can literally be up and running within 10 minutes. Of course this has been a very quick review, further testing would be required to see how it scales on a large network and how comprehensive the vulnerability detection plugins are.
As was mentioned in the Nexpose install review, I like to have multiple vulnerability scanner options available. It definitely helps in correlation and also provides assurance that a vulnerability that was missed by one scanner may be picked up by the second option. We feel our online OpenVAS scan and other options provide an effective second assessment option particularly when reviewing Internet facing systems.
Here, you have to decide the scope of your scan. As there are 65535 ports on any network, it is only sometimes feasible to scan them all as most need to be operational. However, this is a required setting that varies from scan to scan.
This section provides more advanced options, such as slowing the scan requests when congestion is detected on the network. This is useful when you scan on an active network that could crash under over congestion.
Can someone clearly state the difference between running a nessus scan with/out credentials? What would happen if i scan a unix based system with no credentials and about the same time using ssh account?
Credentialed scanning is preferred to non-credentialed scanning as it is able to run scripts that are executed on the host machine in order to directly identify versions or software that might be vulnerable as well as to check for vulnerabilities that might me present. A non credentialed scan basically makes educated guesses based on network banner grabs and TCP/IP stack information that it observes, in order to find out what vulnerabilities are present.
Unlike Invicti, which is a dedicated application security testing platform, Tenable Nessus focuses on network vulnerability assessment. Network vulnerability scanners like Nessus serve an important purpose in a security testing program but do not provide a complete picture because they mostly focus on network security. Network-level testing will not tell you whether your applications are vulnerable to common web attacks such as SQL injection. Invicti, on the other hand, provides a mature solution for dynamic application security testing (DAST) that lets you perform automated web vulnerability scanning with a full embedded browser engine.
Network scanners like Tenable Nessus can perform a few high-level checks related to your web presence, such as identifying vulnerable versions of web servers or known open-source platforms, but this is only scratching the surface of your web security posture. To check if your websites and applications could be compromised by attackers, a web application scanner is specifically equipped to map out all web pages and user inputs. Unlike a network scanner, it offers thorough vulnerability tests for security vulnerabilities such as cross-site scripting (XSS), SQL injection, remote file inclusion (RFI), and more.
df19127ead