To get started, open the Nessus client by choosing it from the Start -> Tenable Network Security -> Nessus menu.
The opening screen is shown below:
Click the Connect button to connect to a Nessus server. Use the default "localhost" option if the client and server are running on the same host. Otherwise, enter the appropriate server details by clicking the "+" button.
After saving the scan target, highlight the default scan policy option in the "Select a scan policy" portion of the window. This will load the Nessus default scan settings. Click on the "+" icon to edit those defaults. This will bring up the Edit Policy window shown below:
Pay careful attention to the "Safe checks" option on this tab. Checking this box ensures that Nessus only runs plugins designated by their developers as "non-dangerous." This box should always be checked when running a scan against a production system, as the unsafe plugins could cause an unintentional denial of service on the target system. (On the other hand, if you can do it, so can the bad guys!)
It's important to note that scanning a single system could take several minutes or longer, depending upon the options and network size. Scanning a large network could even take hours or days!
Navigate through this report to view the various alerts shown for each system grouped by host, port and severity.
Introduction: What is Nessus?
How to install and configure Nessus
How to run a system scan
Using Nessus Attack Scripting Language (NASL)
Vulnerability scanning in the enterprise
How to simplify security scans
How to use Nessus with the SANS Top 20
ABOUT THE AUTHOR:
|Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.|