If I were stranded on a desert island and I could bring along only one security tool, I would take Nessus. Why? Well, with Nessus, I could keep my network gear -- made of coconuts, of course -- safe and secure. Nessus is perhaps the most comprehensive vulnerability scanner available.
Nessus checks local and remote hosts for flaws, probes other machines' ports and services, and analyzes the responses for insecure configurations, missing patches and a host of other security issues that can lead to a really bad day for a security manager.
It is available in both free and fee-based iterations; it's free for those who don't mind seven-day-old vulnerability signatures. Otherwise, it costs $1,200 annually for fresh, daily signatures.
I like to use Nessus for black box and white box testing. For a black box test, seeing what a hacker sees when scoping out your perimeter, you can use Nessus outside on your network or from a subnet with no special trusts. When I use Nessus to white box test, I provide SSH credentials to log into the remote systems and determine which patches need to be applied. Nessus will log into the remote host, extract the list of installed software and tell you which packages require updates.
Nessus can also be used to audit how remote systems (including Windows) are configured, and report which systems are compliant (or not) with a user-definable security policy. Even without a defined security policy, you can see how well the configuration management team is performing. For instance, if hosts of an identical type (webhost01 and webhost02) show that one host has a vulnerability but its twin is vulnerability-free, it's an indication that the hosts are not being configured or maintained identically.
About the Author:
Scott Sidel is an ISSO with Lockheed Martin.
Read Sidel's previous edition: Logwatch: Taking the pain out of log analysis.
Can't wait for next month's installment? Check out SearchSecurity.com's Information Security IT Downloads section, and learn what other valuable security freeware solutions are available.
This was first published in December 2006