Lead Image © Author, 123RF.com

Lead Image © Author, 123RF.com

Tested – Tenable Nessus v6

SecurityX-Ray

Article from ADMIN 27/2015
By
To ensure your servers and workstations are well protected against attacks on your network, you need a professional security scanner. In version 6, Tenable has substantially expanded its Nessus vulnerability scanner. We pointed the software at a number of test computers.

Nessus is a network and vulnerability scanner for Windows, Linux, Unix, and Mac OS X computers. The software relies on the client/server principle; one Nessus server on the network runs nessusd, and the clients either connect locally or via a remote computer to this service. Security is ensured by SSL certificates and passwords.

When the server launches, the software automatically loads additional plugins if they are installed. With the help of these plugins, Nessus analyzes the operating systems, interfaces, services, and daemons on the network and returns the results to the server. Programmers develop these modules with Nessus' own Nessus Attack Scripting Language (NASL). The result of the check is a list of identified vulnerabilities and open ports, which Nessus discovers with the help of Nmap.

Although this arrangement sounds very much like open source, Nessus became a proprietary product by Tenable Network Security 10 years ago. Up to version 3.0, the product was released under the GPL, but this stopped in October 2005. To continue providing a free scanner, the open source project OpenVAS was formed; it builds on the last free version (2.2) of the scanner and has been developed independently ever since the fork.

Focus on Mobile Devices and Virtual Environments

At the end of November 2014, Tenable presented the current version 6 of the Vulnerability Management Platform and extended the software to include security features for mobile devices, virtualized environments, and cloud environments [1]. Nessus thus now offers more than 100 different policies for system hardening. The idea is for the scanner to find more vulnerabilities and malware out of the box than other scanning products and services currently on the market. Thanks to these immediately deployable templates, administrators can implement best practices without delay and proceed to test for compliance.

The other Nessus v6 features include the new Scan Policy Editor, which allows IT professionals to adapt policies more easily that match their internal compliance standards, a brand-new History tab for storing and managing older scans, and a RESTful API that facilitates the task of integrating Nessus v6 in into various other dynamic IT landscapes.

Rapid Installation

The installation of Nessus 6.2.1 was a pleasingly uncomplicated experience [2]. This is a major advantage when you need to work with such a complex construct as a vulnerability scanner. After downloading the trial version from the vendor website [3], you need to select your target platform: Windows, Mac OS X, Linux, or FreeBSD. We decided to download and install on Windows Server 2008 R2 and thus selected the MSI installation package for x64. Table 1 lists the system requirements for the supported operating systems.

Table 1

System Requirements

Operating System Versions
Windows Windows Server 2008, 2008 R2, 2012, 2012 R2 (x86, 64), Windows 7 and 8
Linux Debian 6/7, Kali Linux, Fedora 20/21, Red Hat ES 5, CentOS 5/6/7, Oracle Linux 5/6/7, Red Hat ES 6/7, SUSE 10/11, Ubuntu 10.04 (9.10 package) through 14.04
Mac OS; FreeBSD Mac OS X 10.8/10.9/10.10 (x86-64); FreeBSD 10 (x86-64)

The Windows download was manageable, weighing in at just under 23MB and was available within a couple of seconds on the test server. After double-clicking, it was the standard procedure with an InstallShield wizard, accepting the licensing conditions and selecting a path for saving the results in the filesystem.

A few seconds later, we had the WinPcap 4.1.3 installation window on our screen; Nessus relies on the technical underpinnings of the free program library. From a practical point of view, the WinPcap driver supports low-level access to the network interface card. The program library is based on the popular Unix libpcap library, which implements the pcap interface. The packets transported over the network are grabbed by the WinPcap modules, working around the protocol stack, and then processed. Installing the program library in our lab took less time than typing this paragraph.

Web Interface-Based Management

After the install, the web browser automatically launched on the server showing us the content of the page on port 8834. This showed us a note to the effect that we needed a secure HTTPS connection. Only the developers know why the installer doesn't automatically switch to HTTPS. Clicking on the link triggered the next error message, saying that our ancient Internet Explorer 8 was not fit for the purpose, which is bad news for administrators who want to install the program on Windows Server 2003. Armed with a freshly downloaded Mozilla Firefox, we pressed on.

A wizard popped up to say hello and prompted us to create a password-protected account for accessing Nessus. This was followed by a slightly longer phase in which the software downloaded the required plugins before proceeding to initialize them. After completing the plugin installation, the login dialog for the recently defined administrative user, and access to the very clear-cut web interface were then released. In the top right-hand corner was an orange-colored alert symbol with a text message drawing our attention to the fact that the evaluation version would stop working in seven days.

If you check out the top right-hand corner of the window, you will find options for modifying your user profile, logging off, discovering new features, or modifying the software's basic settings. These settings include, for example, the path for the dump files, whether or not to install software updates automatically, or whether to perform network scans at reduced speed. The online help really is online and takes you directly to the Tenable website.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Pen Test Tips

    The powerful Metasploit framework helps you see your network as an intruder would see it. You might discover it is all too easy to get past your own defenses.

  • Security issues when dealing with Docker images
    Although developers appreciate Docker's ease of use and flexibility, many admins are worried about vulnerabilities. We look at various approaches to securing container images and the price to be paid.
  • Develop your own scripts for Nmap
    Nmap does a great job with standard penetration testing tasks, but for specific security analyses, you will want to develop your own test scripts. The Nmap Scripting Engine makes this possible.
  • How to Hide a Malicious File

    The best way to stop an attack is to think like an attacker. We’ll show you how to use the Metasploit framework to create a malicious payload that escapes antivirus detection.

  • Open Source Security Information and Event Management system
    Systems, network, and security professionals face a big problem managing disparate security data from a variety of sources. OSSIM gives IT security professionals the capacity to cut through the noise and gain wisdom and foresight in defending and managing their networks.
comments powered by Disqus