Screen shots and supporting explanations for the following four items: Introduction: Cost-savings and Nessus go hand in hand. A large number of world’s top organizations have found the utility of this system as it has reduced their expenditure significantly. Nessus is used to audit business-critical enterprise applications and devices.
“Nessus 2.2.9 is security software developed by Tenable Network Security. This project is the world’s most popular open-source vulnerability scanner used in over 75,000 organizations world-wide.”(Nessus 2.2.9…) The internet community must thank Renaud Deraison who initiated the Nessus Project a decade ago, as they get a powerful, free, up-to-date and the easy to use remote security scanner. This system is ranked amongst one of the top, by world standards and has earned the coveted place in the security industry and accepted by professional information security organizations like SANS Institute. The current client-strength of Nessus should be around 75,000 organizations.
1. Starting the nessusd server and adding a nessus user. Screenshot 1 of Nessus Nessusd Host: local host. “Type “nessus” Enter login Enter password Click “Log in” button “SSL Setup” window will appear, click ;ok; “Nessus” windows asking to accept this certificate, click ;yes; “Warning” message about plugins crashing remote systems will appear, click ;ok; Close “Konsole” window KAlarm Click “Start Applications” on task bar and select “Utilities”, “Time”, and then “KAlarm” In the KAlarm window click “Actions”, then New Check “Command” and enter “nessus-update-plugins” as the command line Check “Any time” check box Check “Recur” for Repetition, and then select the “Recurrence” Tab Enter “01:00” for “Recur every” field Select ;Try; button, then ;ok; Close “Kalarm” window (Kalarm by default is automatically stated upon boot.) KDE provides built-in firewall protection.
Vulnerability scanners such as Nessus do not normally function well with software firewalls in place. To remove the firewall: Click “Control Center” on task bar Click “YaST2 modules” Click “Security and Users” Click “Firewall” Check “Stop Firewall and Remove from Boot Process” ;next; “Firewall configuration – deactivate firewall”, click ;next; “The firewall is now turned off” ;ok; You now have a fully functioning Nessus server daemon and client installed on SuSE using the KDE desktop environment. Kalarm is setup to automatically update Nessus plugins once per hour to insure you have the latest vulnerability tests. Nessus is now fully operational to help with your security needs.” (Installing….) 2. Starting the nessus client, configuring the server to scan (since you will be scanning the system, using localhost is appropriate), and logging in.
Screenshot 2 of Nessus; Port range Consider un-scanned posts as closed Number of hosts to test at the same time: 20 Number of checks to perform at the same time: 4 Installing Nessus 2.0 on SuSE 9.0 Pro with KDE 3.1 The installation process should be conducted using the “root” account. It is strongly suggested that your install take place on a safe non-routable network that does not have hostile traffic. Your system will be vulnerable and could easily become infected with a virus, worm, bomb, or hacked. Install SuSE 9.0 Professional Insert Disk 1 and boot system Press F2 – select screen resolution Use up/down arrows to select “Installation” ;enter; Select Language ;accept; Select “New Installation” ;ok; (Screen may not appear depending on installation) “Installation Settings” change anything needed then ;accept; YaST2 “Start installation” ;Yes, install; (Screen may not appear depending on installation) System Reboots… Insert Disk 2 as requested, select ;ok; Click “Expert Options” button and change Encryption type to MD5 ;ok; Enter root user password ;next; “Network Configuration” – change as needed ;next; “Test Internet Connection” ;next; “User Authentication Method” ;next; “Add a New Local User” – uncheck “Auto Login, enter data as desired <next> “Release Notes” <next> “Hardware Configuration” <next> “Installation Completed” <finish> System boots to KDE interface Login as root <go!> “Welcome to SuSE Linux 9.0” <close> Click “Control Center” on task bar Click “Desktop” Click “Size ; Orientation” Select desired screen resolution, check “Apply settings on KDE startup” <apply> Click “Accept Configuration” Close “Size ; Orientation” window SuSE Watcher Click “SuSE Watcher” on task bar (round green or red icon on right) Click <yes> Click “Start online update” “Welcome to YaST Online Update” <next> <accept> Take desired actions when prompted. When completed, check “Remove Source Packages after Update”, click <finish> You now have a fully functioning and patched installation of SuSE and are ready to install the applications required for Nessus.”(Tenable Network …) 3.
Setting the nessus Scan Options—be sure to disable the options that might disable your system by checking Safe Options. Screenshot 3 of Nessus: Targets: Perform a DNS Zone transfer. Download Nessus now! Documentation Documentation about Nessus ProfessionalFeed Scan at your workplace and improve your policy compliance scanning abilities Plugins The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. The Nessus Vulnerability Scanner is free to download and subscriptions for vulnerability updates from Tenable are available for two types of users: Home users and Professional /Commercial organizations which use the Nessus vulnerability scanner must purchase a ProfessionalFeed subscription to obtain support, updates to their database of vulnerability checks and compliance auditing.
Each Professional Feed costs $1200 per year per Nessus scanner and can be purchased from Tenable’s Professional Feed Partners or directly from Tenable’s E-commerce site.When Nessus is managed with Tenable’s Security Center, an enterprise can perform full life-cycle vulnerability and configuration management. Organizations can communicate recommendations to the responsible parties, track remediation, and verify security patches and required configuration.(Tenable Network…) 4. Viewing the scan results—how safe is your system? “Nessus 2.1 is the only security scanner out there which has the ability to detect the remote flaws of the hosts on your network, but their local flaws and missing patches as well – whether they are running Windows, Mac OS X or a Unix-like system. Nessus has been built so that it can easily scale down to a single CPU computer with low memory to a quad-CPUs monster with gigabytes of RAM. The more power you give to Nessus, the quicker it will scan your network. ” (Nessus 2.2.9…) Each security test is written as an external plugin, written in NASL.
This means that updating Nessus does not involve downloading untrusted binaries from the internet. Each NASL plugin can be read and modified, to better understand the results of a Nessus report.The Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security test easily and quickly. NASL plugins run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner. Nessus does not believe that the target hosts will respect the IANA assigned port numbers. This means that it will recognize a FTP server running on a non-standard port (ie: 31337), or a web server running on port 8080. Nessus is the first scanner on the market to have implemented this feature for all the security checks (and has been copied by many since then).If a host runs the same service twice or more, Nessus will test all of them.
Believe it or not, several scanners on the market still consider that a host can only run one server type at once Nessus has the ability to test SSLized services such as https, smtps, imaps, and more. You can even supply Nessus with a certificate so that it can integrate into a PKI-fied environment. Once again, Nessus was one of the first security scanners on the market to provide this feature. Nessus gives you the choice between performing a regular non-destructive security audit on a routinely basis, or to throw everything you can at a remote host to see how will it withstands attacks from intruders. Many scanners consider their users to be too inexperienced to make that kind of choice, and only offer them to perform “safe” checks.”(Nessus 2.2.9….) ============== References Cited: Installing Nessus 2.0 on SuSE 9.0 Pro with KDE 3.1 <www.theukwebdesigncompany.com/articles/article.php?article=349> Retrieved on October 12, 2008.
Tenable Network …Security <www.nessus.org/plugins/index.php?view=single&id=25238 >Retrieved on October 12, 2008 Nessus 2.2.9… linux review and download…. <rbytes.net/linux/nessus-review> Retrieved on October 12, 2008
