Nessus 3 Tutorial |
 |
| 06 Jun 2008 | SearchSecurity.com |
|
|
If you're looking for a vulnerability scanner, chances are you've come across a number of expensive commercial products and tools with long lists of features and benefits. Unfortunately, if you're in the same situation as most of us, you simply don't have the budget to implement fancy high-priced systems. You might have considered compromising by turning to free tools like nmap. However, you probably saw these tools as a compromise, as their feature sets didn't quite match the commercial offerings.
It's time that you learn how to use Nessus! This free tool offers a surprisingly robust feature-set and is widely supported by the information security community. It doesn't take long between the discovery of a new vulnerability and the posting of an updated script for Nessus to detect it. In fact, Nessus takes advantage of the Common Vulnerabilities and Exposures (CVE) architecture that facilitates easy cross-linking between compliant security tools.
The Nessus tool works a little differently than other scanners. Rather than purporting to offer a single, all-encompassing vulnerability database that gets updated regularly, Nessus supports the Nessus Attack Scripting Language (NASL), which allows security professionals to use a simple l
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
anguage to describe individual attacks. Nessus administrators then simply include the NASL descriptions of all desired vulnerabilities to develop their own customized scans.
With the release of Nessus 3 in December 2005, Tenable Network Security Inc., the company behind Nessus, introduced a complete overhaul of the product. The most current version at the time of this writing, Nessus 3.2, was released in March 2008. Nessus is now available for a wide variety of platforms, including Windows, various flavors of Linux, FreeBSD, Solaris and Mac OS X. Here's an overview of the significant changes in Nessus 3:
Nessus uses a modular architecture consisting of centralized servers that conduct scanning and remote clients that allow for administrator interaction. You may deploy Nessus scanning servers at various points within your enterprise and control them from a single client. This allows you to effectively scan segmented networks from multiple vantage points and conduct scans of large networks that require multiple servers running simultaneously.
If you're looking for a robust, inexpensive vulnerability scanning product, definitely take Nessus out for a test drive! The tips in this tutorial will guide you along the way.
|
|
|
|
