Vulnerability Assessments
with Nessus 3
Columbia Area LUG
January 10 2007
Module Objectives
Learn how to Install and Configure
Nessus3
Learn how to run a “vanilla” scan
Learn how to customize your scan for
more effective results
Learn how to interpret and save the
reports.
© 2007 Chuck Fullerton
2
Introduction to Nessus
Created by Renaud Deraison
Currently Maintained by Tenable Network
Security
Uses the NASL Scripting language for it’s
plugins (currently over 13,000 plugins!)
Price is still Free!
Register to obtain many plugins (7 day delay).
Or Purchase a Direct Feed for the Latest and
greatest and Compliance Checks!
© 2007 Chuck Fullerton
3
Nessus Features
Client/Server Architecture
SSL/PKI supported
Smart Service Recognition

(i.e. FTP on 31337)
Non-Destructive or Thorough Tests
Vulnerability Mapping to CVE, Bugtraq, and
others
Vulnerability Scoring using CVSS from NIST.
© 2007 Chuck Fullerton
4
Nessus Features
Tons of Plugins







Port Scanning
Vulnerability Checks
Patch Audit Checks
Local Server Checks
Compliance Checks
SCADA Checks
Custom Checks (Write your own)
© 2007 Chuck Fullerton
5
Nessus Architecture
Nessus uses a Client/Server Architecture



Server runs on Linux
Clients available for Linux and Windows
Nessus3 for Windows now available!
Clients connect to the Server using ports
TCP/UDP 1241 by default
© 2007 Chuck Fullerton
6
Ported Operating Systems
Nessus has been ported to the Following
OS’s







Red Hat ES 3 & 4 **
Fedora 5 & 6
Debian 3
FreeBSD 4, 5, & 6
SUSE 9 & 10
Solaris 9 & 10
Windows 2003, XP (and soon Vista)**
**Officially supported by Tenable Network Security
© 2007 Chuck Fullerton
7
Install Process
Uninstall any old versions of Nessus
Download RPM’s, Deb’s or whatever your
system uses. (Current GA version is 3.0.4)
Prepare system for install
Install Nessus3
Make the crypto certificate
Add users
Scan away!
© 2007 Chuck Fullerton
8
Preparing the System
Ensure your Host firewall allows for
connection to TCP/UDP port 1241
Ensure you have updated versions of GTK
and OpenSSL
Ensure your system date is accurate
Ensure your Internet Connection is
available (For updates)
© 2007 Chuck Fullerton
9
Installing Nessus
rpm –ivh <nessusfilename>
/opt/nessus/sbin/add-first-user

Used mainly with other Tenable Products.
service nessusd start
© 2007 Chuck Fullerton
10
Updating to the Latest Plugins
/opt/nessus/sbin/nessus-update-plugins
Licensing



Non-Registered (Only GNU Plugins that come
with the program)
Registered (Delayed 7 Days) Will give you
newer Plugins made available by Tenable
Direct Feed (Fee) ($1200/year) Will give you
advanced plugins, including Compliance
Checks, SCADA checks and others.
© 2007 Chuck Fullerton
11
The Nessus Clients
Linux Client
Windows Client
© 2007 Chuck Fullerton
12
Logging in to the Server
© 2007 Chuck Fullerton
13
Linux Client
© 2007 Chuck Fullerton
14
Client Plugins Tab
© 2007 Chuck Fullerton
15
Client Scan Preferences
© 2007 Chuck Fullerton
16
Preparing for your First Scan
Nessus can cause problems in the target
network. Ensure your client provides
explicit permission before the start of
scanning.
Risks



DoS
Missing Information
Printer issues if not configured correctly.
© 2007 Chuck Fullerton
17
Creating a new Scan
© 2007 Chuck Fullerton
18
Reviewing the Data
© 2007 Chuck Fullerton
19
Saving the Report
© 2007 Chuck Fullerton
20
Reporting Options
Many different Reporting Options

NBE
Standard Nessus Format





HTML
XML
HTML with Pies and Graphs
PDF
SQL (windows client only)
© 2007 Chuck Fullerton
21
Interpreting Nessus Reports
© 2007 Chuck Fullerton
22
Tenable Compliance Checks
Can check settings within Windows, Unix,
Solaris, and Linux.




File permissions, File presence
User/Domain Settings
Registry Settings
Others.
User Configurable audit files.
There is even an audit file creation tool for
Windows.
© 2007 Chuck Fullerton
23
Other Tenable Products
Log Correlation Engine (LCE)

Correlate and alert on specific logs
Passive Vulnerability Scanner (PVS)

Now you can scan servers without the risk.
Security Center 3.2 (SC3)

Manages Nessus3, LCE and PVS from one console.
SC3 3DTool

3D Graphical tool to get your points across to
management.
© 2007 Chuck Fullerton
24
For More Information
www.nessus.org
www.tenablesecurity.com
http://blog.tenablesecurity.com/
http://www.tenablesecurity.com/news/webinars.shtml
http://mail.nessus.org/mailman/listinfo/
© 2007 Chuck Fullerton
25