Nessus 3 Tutorial

It's time that you learn how to use Nessus! This free tool offers a surprisingly robust feature-set and is widely supported by the information security community. It doesn't take long between the discovery of a new vulnerability and the posting of an updated script for Nessus to detect it. In fact, Nessus takes advantage of the Common Vulnerabilities and Exposures (CVE) architecture that facilitates easy cross-linking between compliant security tools.

The Nessus tool works a little differently than other scanners. Rather than purporting to offer a single, all-encompassing vulnerability database that gets updated regularly, Nessus supports the Nessus Attack Scripting Language (NASL), which allows security professionals to use a simple language to describe individual attacks. Nessus administrators then simply include the NASL descriptions of all desired vulnerabilities to develop their own customized scans.

With the release of Nessus 3 in December 2005, Tenable Network Security Inc., the company behind Nessus, introduced a complete overhaul of the product. The most current version at the time of this writing, Nessus 3.2, was released in March 2008. N...

• Nessus is now closed-source. The base product is still available for free. With the introduction of Nessus 3, however, Tenable moved Nessus from an open source to a commercial licensing model. In other words, while the software itself remains free, updated vulnerability information will come with a fee, at least for enterprises (home users may download updates for free). Tenable cites the need to invest in the future of Nessus as the motivation for moving to a proprietary license scheme.
• Significant speed enhancements. In benchmarking tests performed by Tenable, Nessus 3 scans systems at about twice the speed of Nessus 2. This is due to optimizations in the scan engine and a complete overhaul of NASL.
• Dramatic reduction in resource requirements. Nessus 3 uses significantly less memory and CPU cycles than Nessus 2, allowing simultaneous scanning of a larger number of hosts.

Nessus uses a modular architecture consisting of centralized servers that conduct scanning and remote clients that allow for administrator interaction. You may deploy Nessus scanning servers at various points within your enterprise and control them from a single client. This allows you to effectively scan segmented networks from multiple vantage points and conduct scans of large networks that require multiple servers running simultaneously.

If you're looking for a robust, inexpensive vulnerability scanning product, definitely take Nessus out for a test drive! The tips in this tutorial will guide you along the way.

BROWSE BY TAG Application and Platform Security,   Open Source Security Tools and Applications,   Enterprise Vulnerability Management,   Vulnerability Risk Assessment,   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Monitoring Network Traffic and Network Forensics,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Open Source Security Tools and Applications H.D. Moore on future of Metasploit attack platform H.D. Moore speaks about Metasploit Project deal, Release 3.3 Screencast: How to launch an OpenVAS scan Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 SSH key compromise shuts down Apache website Screencast: Smoothwall offers firewall defense in lean times Screencast: Samurai offers pen-testing nirvana Rootkit Hunter demo: Detect and remove Linux rootkits When to use open source security tools over commercial products Vulnerability Risk Assessment Screencast: How to launch an OpenVAS scan Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat Newest malware threats Are Web application penetration tests still important? PCI compliance requirement 6: Systems and applications Cybercrime and threat management McAfee to acquire Solidcore Systems for whitelisting Vulnerability Risk Assessment Research Monitoring Network Traffic and Network Forensics Botnet masters turn to Google, social networks to avoid detection Preventing SQL injection attacks: A network admin's perspective Breach prevention: How to keep track of data and applications Researchers find thousands of flawed embedded devices Network traffic collection, analysis helps prevent data breaches Lifecycle of a network security vulnerability Port scan attack prevention best practices How to prevent network sniffing and eavesdropping DoD urges less network anonymity, more PKI use Chained Exploits: How to prevent phishing attacks from corporate spies

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Blowfish  (SearchSecurity.com) Kermit  (SearchSecurity.com) Open Source Hardening Project  (SearchSecurity.com) SnortSnarf  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary