Nessus is a vulnerability scanning platform designed by Tenable, Inc. Nessus Cloud was originally part of Tenable’s Software-as-a-Service solution until they switched it to what we know today as Nessus 10—Tenable’s cloud-managed vulnerability management product.
Nessus’ open-source architecture consists of 14 modules that scan networks for common vulnerabilities found in 32 platforms. It seeks out and hunts down potential weaknesses that would allow someone access to data or functionality if exploited (among other features). The idea behind the program is much like a medical checkup – where results are produced within minutes with little experience needed from the user.
This comprehensive heart health system helps identify whether systems need protection against cyberattacks when employees may unknowingly put them at risk due to outdated installations or lack of process for patching identified gaps in perimeter defenses.
Nessus can analyze and test these vulnerabilities:
Vulnerabilities that might allow unauthorized access or control over sensitive data stored on a computer.
Configuration issues (such as an open mail relay)
Denial of Service vulnerabilities.
Default passwords, certain common passwords, and absent usernames for certain computer accounts.
Software flaws, missing fixes, malware, and configuration errors affecting many operating systems, devices, and apps are all handled by Nessus. The Nessus server is now available for:
Unix-based operating systems.
Also, the client is available for:
Windows operating systems Significant features of Nessus includes:
Scheduled security audits.
Detection of security holes in local or remote host computers.
The results of the scan can be reported in various formats, such as plain text, XML, and HTML.
You cannot use Nessus on a system with a Host-based Intrusion Prevention System (HIPS) installed.
Because during the process of scanning a remote target, Nessus must forge TCP/UDP packets and send probes that are often considered malicious by HIPS software. If the HIPS system is configured to block malicious traffic, it will interfere with Nessus and cause the scan results to be incomplete or unreliable.
Highlights of Nessus
What does it mean to be an agent of issues?
A great many organizations choose to deploy Nessus Agents to meet the needs of specific environments. These agents enable scans to be carried out in an offline environment, providing a subset of what one would expect from typical network scanning.
Agents provide flexibility when it comes to certain aspects of scanning (i.e., disconnected devices) and allow scans on non-credentialed assets which may prove difficult otherwise. They also improve scan times by reducing them significantly – only checking remote networks rather than local ones as well.
The current list includes:
Windows Server 2008/2012 and Windows 7/8; Amazon Linux; CentOS; Debian Linux; OS X; Red Hat Enterprise Linux; Ubuntu Linux.
Versions and Licenses
Nessus includes two versions:
Nessus Pro: This version is ideal for Consultants, Pen Testers, and Security Practitioners. With the ability to scan unlimited IPs, a use anywhere, and advanced features such as configuration assessment, Live Results, and custom reporting. Nessus® Essentials: This version is free to use to scan any environment, but is limited to 16 IP addresses per scanner.
Advanced Detection Means More Protection.
Plugins Provide Timely Protection.
Accommodate Growth and Scale Safely.
Cost Effective for Companies of All Sizes.
Accurate Visibility into Your Networks.
Analysing for Vulnerabilities
Nessus performs its scans by leveraging plugins, which run against each host on the network to identify vulnerabilities. For example, a plugin could be launched and targeted at a host to:
Identify which operating systems and services are running on what ports.
Identify what software components are vulnerable to attack.
The steps that follow during scanning are:
Define scan parameters.
Analyze scan results.
Once all the necessary steps are completed, Nessus checks each host for vulnerabilities by running scans against a database of known flaws. Ports can be specified in ranges or individually, with valid ports ranging from 1 to 65535.
Within the Scan Policy settings, various templates make up the overall scan settings. These different templates will determine what kind of settings would be found within these policies – Basic: provides scanning configurations about security-related items; Discovery: defines what types of ports need to be scanned as well as which methods should be used when conducting this process; Assessment: determines what type of vulnerability scans need to take place and how they’re executed; Report: defines how scan reports are generated (and includes which specific details) and Advanced: specifies at what rate these scans need to execute themselves.