Problem solve Get help with specific problems with your technologies, process and projects.

Nessus can spot some monster security problems

If given the choice of only one vulnerability scanner, Contributing Editor Scott Sidel would use Nessus. Find out why in this Guest Commentary Tip.

More security tools

Visit our resource center for news, tips and expert advice on the latest open source tools.

Check out our Information Security IT Downloads section and review other freeware tools.
Each month, the editor of our downloads section recommends the security freeware that he finds most valuable. This week, Scott Sidel reviews the benefits of Nessus.
If I were stranded on a desert island and I could bring along only one security tool, I would take Nessus. Why? Well, with Nessus, I could keep my network gear -- made of coconuts, of course -- safe and secure. Nessus is perhaps the most comprehensive vulnerability scanner available.

Nessus' features
Nessus checks local and remote hosts for flaws, probes other machines' ports and services, and analyzes the responses for insecure configurations, missing patches and a host of other security issues that can lead to a really bad day for a security manager.

It is available in both free and fee-based iterations; it's free for those who don't mind seven-day-old vulnerability signatures. Otherwise, it costs $1,200 annually for fresh, daily signatures.

I like to use Nessus for black box and white box testing. For a black box test, seeing what a hacker sees when scoping out your perimeter, you can use Nessus outside on your network or from a subnet with no special trusts. When I use Nessus to white box test, I provide SSH credentials to log into the remote systems and determine which patches need to be applied. Nessus will log into the remote host, extract the list of installed software and tell you which packages require updates.

Nessus can also be used to audit how remote systems (including Windows) are configured, and report which systems are compliant (or not) with a user-definable security policy. Even without a defined security policy, you can see how well the configuration management team is performing. For instance, if hosts of an identical type (webhost01 and webhost02) show that one host has a vulnerability but its twin is vulnerability-free, it's an indication that the hosts are not being configured or maintained identically.

About the Author:
Scott Sidel is an ISSO with Lockheed Martin.

Read Sidel's previous edition: Logwatch: Taking the pain out of log analysis.

Can't wait for next month's installment? Check out's Information Security IT Downloads section, and learn what other valuable security freeware solutions are available.

This was last published in December 2006

Dig Deeper on Open source security tools and software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.