1 / 19

Nessus Vulnerability Scanner

Nessus Vulnerability Scanner. Irina Grosu Ana-Teodora Petrea. History. The “Nessus” Project was started by Renaud Deraison in 1998 as a free and open source remote security scanner.

mahlah
Télécharger la présentation

Nessus Vulnerability Scanner

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nessus Vulnerability Scanner Irina Grosu Ana-Teodora Petrea

  2. History The “Nessus” Project was started by Renaud Deraison in 1998 as a free and open source remote security scanner. 5th October 2005 – Tenable Network Security changes Nessus 3 to a proprietary license and makes it closed source. July 2008 – home users get full access to plugin feeds with a non commercial license. Nessus 4 released on April 9, 2009. Nessus 5 released on February 15, 2012. The Nessus 2 engine and some of the plugins are still under GPL license which lead to forked open source projects based on Nessus: OpenVAS, Porz-Wahn.

  3. Background Network security scanner with an extensive plugin database that is updated on a daily basis. Rated among the top products of its type throughout the security industry. Endorsed by professional information security organizations such as the SANS Institute. Provides the ability to locally audit a specific machine for vulnerabilities, compliance specifications, content policy violations, etc. Provides the possibility to remotely audit networks and determine whether they have been compromised in some way.

  4. Architecture Modular Architecture – provides the flexibility to deploy the scanner (server) and connect to the GUI (client) from any machine with a web browser Plugin Architecture – each security test is written as an external plugin and grouped into one of 42 families. This way, users can easily add their own tests by selecting specific plugins, or choose an entire family

  5. Features NASL – the Nessus Attack Scripting Language, a language designed specifically to write security tests easily and quickly Up-to-date Security Vulnerability Database – focuses on the development of security checks for newly disclosed vulnerabilities Tests Multiple Hosts Simultaneously Smart Service Recognition – Nessus does not expect the target hosts to respect IANA assigned port numbers

  6. Features Multiple Services – if two or more web servers run on the same host, on different ports, Nessus will identify and test all of them. Plugin Cooperation – no unnecessary checks are performed. If a FTP server does not offer anonymous logins, then anonymous login related security checks will not be performed. Complete Reports – detects security vulnerabilities and the risk level of each (Info, Low, Medium, High, and Critical), and also offers solutions. Full SSL Support – tests services offered over SSL such as HTTPS, SMTPS, IMAPS.

  7. Features Smart Plugins (optional) – ”optimization” option that will determine which plugins should or should not be launched against the remote host.  Non-Destructive (optional) – Certain checks can be detrimental to specific network services. For avoiding a service failure, enable the ”safe checks” option, which will tell Nessus not to exploit real flaws to determine if a vulnerability is present.

  8. Scanning a simple website • Scanned our website for the WADE course: http://soma.azurewebsites.net • Identified 10 Vulnerabilities (1 medium, 9 Info): • [Medium] Backup Files Disclosure – files that may contain sensitive information can be accessed. • [Info] HTTP Methods Allowed (per directory) – the attacker can execute HTTP methods on resource directories like: images, content, scripts.

  9. The Nessus Port Scanning Engine Determining if a port is open or closed is a critical step in the discovery process associated with successful attacking systems The Nessus port scanner system has three network-based port scanners: TCP Scanner – sends sequence of packets to initiate a full TCP connect to the target hosts, completing the TCP three-way handshake each time. The TCP scanner will dynamically estimate the RTT (Round Trip Time) and make multiple passes on unresponsive ports. It does not operate on Windows and Mac OS due to operating system limitations

  10. The Nessus Port Scanning Engine SYN Scanner -The Nessus SYN scanner is fully supported on Linux, Mac OS X and Windows. Simplifies the process by sending packets and waiting for a response, but not initiating the full three-way handshake. It does not open sockets, but generates raw packets using low-level libraries tends to be slower, but more reliable.

  11. The Nessus Port Scanning Engine Netstat Port Scanner- a more reliable way to enumerate open ports on a given host is to login to the system and execute a command that shows all open TCP and UDP ports this method is typically more reliable useful to compare the Netstat results with what is being reported to be open/closed across the network.

  12. Windows Malware scan • Nessus reports if the scanned host is on a known botnet list or communicating with a known botnet IP. It audits  antivirus agent by reporting if it’s misconfigured or has out-of-date rules. It detects known malware running on the PC. Here's how: • Nessus authenticates to the Windows system. • It enumerates the list of running processes on the system. • For each process, a cryptographic hash is generated and looked up against Tenable's cloud-based database. • If the process is found to be malicious, the plugin logs the results with information about the malware found.

  13. Case study – Clemson University The Clemson Clemson University is recognized as the 25th best college in the U.S. The IT security team is responsible for the compliance, policy setting and information protection of more than 80.000 registered devices connected to its network. In order to to improve their security and auditing process,they chose  Tenable’s software solutions: SecurityCenter, Nessus and Log Correlation Engine.

  14. Case study – Clemson University • Part of the new system is the Nessus Vulnerability Scanner, which automatically scans the systems every 30 days for: • Vulnerabilities; • Identification of unpatched systems; • After the scans are finished, it sends a report to the system administrators and to the security team, highlighting which systems are missing critical patches, and the progress made after applying the missing patches identified in the previous months.

  15. Vulnerability Analysis Scanners

  16. Integration of other tools with Nessus Nmap - security scanner that provides features like: host discovery, port scanning, OS detection. It can be integrated with Nessus and it can be used to get the maximum performance with effective scans. The system can be scanned with Nmap and the output can be used as input for Nessus in order to perform an Internal Network Scan. Nikto - web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. By integrating it with Nessus the scan can be automatically started from the Nessus interface and the result will be displayed in Nessus. Besides the new scanning capabilities, this also allows users to take advantage of the filtering and reporting system of Nessus.

  17. Conclusions - Advantages Free for non-commercial use. Available on multiple operating systems (Windows, Mac OS, various distributions of Linux). Advanced scans for networks, websites, operating systems, mobile devices. By default Nessus does “Safe Checks” which ensure that there won't be any adverse effects on the system or network. Aggressive and in-deep checks (e.g. DoS attacks) can be enabled at user’s will. Good for Security Audits. Scanning multiple hosts on the same scan.

  18. Conclusions - Disadvantages Hard to configure for beginners. The free non-commercial license is limited to up to 16 IP addresses that must be within the same household. Limited support for Ubuntu, Fedora Core, FreeBSD, Debian.

  19. Bibliography http://www.tenable.com/products/nessus http://www.tenable.com/blog/integrating-nessus-with-backtrack-5s-tools http://en.wikipedia.org/wiki/Nessus_(software) http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/case-studies/Clemson_CS_(EN)_v3_web.pdfhttp:/www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/case-studies/Clemson_CS_(EN)_v3_web.pdf http://en.wikipedia.org/wiki/Nmap

More Related