If you've been around the information security profession for any length of time, you probably have at least a...
passing familiarity with the Nessus vulnerability scanner. In this, the first of a series of three Nessus tips, we'll provide an introduction to this popular security tool and offer the information necessary to install and configure an enterprise Nessus deployment.
Nessus is a member of the family of security tools known as vulnerability scanners. As the name implies, these products scan the network for potential security risks and provide detailed reporting that enables the remediation of gaps in an enterprise's security posture. These scans run using a client/server architecture and the installer allows one or both to be configured on an individual system.
Installing Nessus 3 is much easier than getting up and running with earlier versions of the product; it now uses a standard InstallShield installer. (Previous Linux/Unix only versions required users to manually download and execute an installation script.) Visit the Nessus download page and walk through the registration process to obtain a copy of the installer. (Note: it is important to follow the registration process; registered users receive an activation code via e-mail that is required to use the product.)
See larger image
After downloading the installer, run it to begin the wizard-guided installation process. (Windows Vista users must right click on the file and choose "Run as administrator" to bypass User Account Control.) After accepting the terms of the license agreement, choose whether to install the Nessus Client and/or the Nessus Server. Choose the appropriate components for your installation. Those planning to build a typical stand-alone Nessus installation should install both components.
When the installation completes, Nessus will ask for a product registration code. If you provided your contact information before downloading Nessus, the code should be sitting in your email inbox. It's a 20-digit alphanumeric code that arrived in an email bearing the subject "Nessus Plugin Feed".
One last word of wisdom: the Nessus plugins (the scripts that provide the scanning functionality of Nessus) change frequently. Get updated plugins from the official site on a regular basis. After completing the Nessus installation wizard, you'll be asked if you'd like to update the plugins immediately. If you didn't choose this option or you wish to update the plugins at a later date, choose Tenable Network Security -> Nessus -> Plugin Update from the Windows Start menu. By default, Nessus will automatically update itself every 24 hours.
See larger image
Simply click the Update button to download and install the latest Nessus plugins. One important note: as of July 31, 2008, Nessus is free only for home users. Commercial users must purchase a $1,200 annual subscription to the Nessus "Professional Feed" from Tenable.
Our next tip will explore using Nessus to conduct vulnerability scans, and we'll wrap up the series with a look at deploying Nessus as part of an enterprise vulnerability scanning program.
Introduction: What is Nessus?
How to install and configure Nessus
How to run a system scan
Using Nessus Attack Scripting Language (NASL)
Vulnerability scanning in the enterprise
How to simplify security scans
How to use Nessus with the SANS Top 20
ABOUT THE AUTHOR: Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide andInformation Security Illuminated.