Home > Security Tips > Network Security Tactics > How to run a Nessus system scan
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

NETWORK SECURITY TACTICS

How to run a Nessus system scan


Mike Chapple, CISSP
06.06.2008
Rating: -4.10- (out of 5)


Network Security Tactics
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


In our previous tip in this series on using Nessus in the enterprise, we detailed the process of downloading and installing Nessus. Now we'll examine how to use this powerful, open source vulnerability scanner to monitor systems for security issues.

To get started, open the Nessus client by choosing it from the Start -> Tenable Network Security -> Nessus menu. The opening screen is shown below:


See larger image

Click the Connect button to connect to a Nessus server. Use the default "localhost" option if the client and server are running on the same host. Otherwise, enter the appropriate server details by clicking the "+" button.

Next, click the "+" icon underneath the "Networks to Scan" section of the screen. Specify a scan target by identifying a single host (by DNS name or IP address), an IP address range, a subnet with mask or a file containing a list of hosts. Provide the appropriate information for the scan target as shown in the example below:


See larger image

After saving the scan target, highlight the default scan policy option in the "Select a scan policy" portion of the window. This will load the Nessus default scan settings. Click on the "+" icon to edit those defaults. This will bring up the Edit Policy window shown below:


See larger image

Pay careful attention to the "Safe checks" option on this tab. Checking this box ensures that Nessus only runs plugins designated by their developers as "non-dangerous." This box should always be checked when running a scan against a production system, as the unsafe plugins could cause an unintentional denial of service on the target system. (On the other hand, if you can do it, so can the bad guys!)

After setting the appropriate options for the scan, click the "Save" button. Then initiate the scan by clicking the "Scan now" button on the main Nessus screen.

It's important to note that scanning a single system could take several minutes or longer, depending upon the options and network size. Scanning a large network could even take hours or days!

Nessus presents scan results in report format, such as the example shown below:


See larger image

Navigate through this report to view the various alerts shown for each system grouped by host, port and severity.

That's all there is to it! You now have the basic information you need to conduct vulnerability scans with Nessus.


NESSUS TUTORIAL

  Introduction: What is Nessus?
  How to install and configure Nessus
  How to run a system scan
  Using Nessus Attack Scripting Language (NASL)
  Vulnerability scanning in the enterprise
  How to simplify security scans
  How to use Nessus with the SANS Top 20

ABOUT THE AUTHOR:
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.


Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Network Security Tactics
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
Screencast: Recovering lost data with WinHex
How to build security into a virtualized server environment
How to install and configure Nessus
Nessus: Vulnerability scanning in the enterprise
Screencast: An introduction to the Open Source Security Testing Methodology Manual (OSSTMM)
Understanding multifactor authentication features in IAM suites
Network intrusion prevention systems: Should enterprises deploy now?
Webmail security: Best practices for data protection
Vista WIL: How to take control of data integrity levels

Network Scanning
What are the best ways to hide system information from network scanning software?
Nessus: Vulnerability scanning in the enterprise
Nessus 3 Tutorial
Screencast: Using Nessus to scan for vulnerabilities
Web scanning and reporting best practices
Can a firewall alone effectively block port-scanning activity?
PING: Fyodor
Getting the best bargain on network vulnerability scanning
Juniper UAC to deliver Shavlik patch management technology
Sourcefire, Nmap deal to open vulnerability scanning

Open Source Security Tools
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
What are best practices for creating an IDS and maintaining a signature database?
How to install and configure Nessus
Nessus: Vulnerability scanning in the enterprise
Nessus 3 Tutorial
Screencasts: On-screen demonstrations of today's IT tools
Screencast: An introduction to the Open Source Security Testing Methodology Manual (OSSTMM)
Ophcrack: Password cracking made easy
Will Cisco's plan to open access to the IOS improve network security?
How secure is a mobile phone platform that has an open source framework?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
inverse mapping  (SearchSecurity.com)
network behavior analysis  (SearchSecurity.com)
network scanning  (SearchSecurity.com)
port scan  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts