Tip

Nessus can spot some monster security problems

    Requires Free Membership to View

More security tools

Visit our resource center for news, tips and expert advice on the latest open source tools.

Check out our Information Security IT Downloads section and review other freeware tools.
Each month, the editor of our downloads section recommends the security freeware that he finds most valuable. This week, Scott Sidel reviews the benefits of Nessus.
If I were stranded on a desert island and I could bring along only one security tool, I would take Nessus. Why? Well, with Nessus, I could keep my network gear -- made of coconuts, of course -- safe and secure. Nessus is perhaps the most comprehensive vulnerability scanner available.

Nessus' features
Nessus checks local and remote hosts for flaws, probes other machines' ports and services, and analyzes the responses for insecure configurations, missing patches and a host of other security issues that can lead to a really bad day for a security manager.

It is available in both free and fee-based iterations; it's free for those who don't mind seven-day-old vulnerability signatures. Otherwise, it costs $1,200 annually for fresh, daily signatures.

I like to use Nessus for black box and white box testing. For a black box test, seeing what a hacker sees when scoping out your perimeter, you can use Nessus outside on your network or from a subnet with no special trusts. When I use Nessus to white box test, I provide SSH credentials to log into the remote systems and determine which patches need to be applied. Nessus will log into the remote host, extract the list of installed software and tell you which packages require updates.

Nessus can also be used to audit how remote systems (including Windows) are configured, and report which systems are compliant (or not) with a user-definable security policy. Even without a defined security policy, you can see how well the configuration management team is performing. For instance, if hosts of an identical type (webhost01 and webhost02) show that one host has a vulnerability but its twin is vulnerability-free, it's an indication that the hosts are not being configured or maintained identically.

About the Author:
Scott Sidel is an ISSO with Lockheed Martin.

Read Sidel's previous edition: Logwatch: Taking the pain out of log analysis.

Can't wait for next month's installment? Check out SearchSecurity.com's Information Security IT Downloads section, and learn what other valuable security freeware solutions are available.


This was first published in December 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.