Installing and Configuring Nessus by Nitesh Dhanjani



Similar documents
Introduction to Nessus by Harry Anderson last updated October 28, 2003

Vulnerability analysis

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

IDS and Penetration Testing Lab ISA656 (Attacker)

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Running a Default Vulnerability Scan SAINTcorporation.com

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Web Application Vulnerability Testing with Nessus

Lab 3: Recon and Firewalls

Running a Default Vulnerability Scan

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Vulnerability Assessment Lab

inside: THEME ISSUE: SECURITY edited by Rik Farrow THE MAGAZINE OF USENIX & SAGE November 2000 volume 25 number 7

1.0 Introduction. 2.0 Data Gathering

Penetration Testing Report Client: Business Solutions June 15 th 2015

inside: Focus Issue: Security Guest Editor: Rik Farrow THE USENIX MAGAZINE December 2003 volume 28 number 6 SECURITY BOOK REVIEWS AND HISTORY

Vulnerability Detection

Host Discovery with nmap

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

AN OVERVIEW OF VULNERABILITY SCANNERS

The Nexpose Expert System

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Cisco IPS Tuning Overview

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

CIT 380: Securing Computer Systems

SNI Vulnerability Assessment Report

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

DDos. Distributed Denial of Service Attacks. by Mark Schuchter

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Running head: USING NESSUS AND NMAP TOOLS 1

Payment Card Industry (PCI) Executive Report. Pukka Software

Penetration Testing. What Is a Penetration Testing?

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Introduction to Network Security Lab 2 - NMap

Nessus scanning on Windows Domain

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Medical Device Security Health Group Digital Output

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

My FreeScan Vulnerabilities Report

NETWORK SECURITY WITH OPENSOURCE FIREWALL

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Management, Logging and Troubleshooting

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Firewalls and Software Updates

Thick Client Application Security

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

A Decision Maker s Guide to Securing an IT Infrastructure

Contents.

Penetration: from Application down to OS

Open Source Security: Opportunity or Oxymoron?

Attacks and Defense. Phase 1: Reconnaissance

4. Getting started: Performing an audit

Firewalls and Intrusion Detection

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

Windows Remote Access

STABLE & SECURE BANK lab writeup. Page 1 of 21

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

Learning Nessus for Penetration Testing

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Vulnerability Scan External Internet Assessment

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

FortiGate IPS Guide. Intrusion Prevention System Guide. Version November

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Nessus and Antivirus. January 31, 2014 (Revision 4)

Shellshock Security Patch for X86

IDS and Penetration Testing Lab II

An Introduction to Network Vulnerability Testing

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Payment Card Industry (PCI) Executive Report 08/04/2014

CRYPTUS DIPLOMA IN IT SECURITY

How To - Implement Clientless Single Sign On Authentication with Active Directory

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

Abstract. Introduction. Section I. What is Denial of Service Attack?

Need for Database Security. Whitepaper

FREQUENTLY ASKED QUESTIONS

Directory and File Transfer Services. Chapter 7

Divide and Conquer Real World Distributed Port Scanning

Information Security Training. Assignment 1 Networking

Print Audit Facilities Manager Technical Overview

AVG 8.5 Anti-Virus Network Edition

NeWT 2.1 User Guide. (December 2004)

Cisco QuickVPN Installation Tips for Windows Operating Systems

Attack and Defense Techniques

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Transcription:

Unless you've been living under a rock for the past few years, it is quite evident that software vulnerabilities are being found and announced quicker than ever before. Every time a security advisory goes public, organizations that use the affected software must rush to install vendor-issued patches before their networks are compromised. The ease of finding exploits on the Internet today has enabled a casual user with little skills to launch attacks and compromise the networks of major corporations. It is therefore vital for anyone who has any hosts connected to the Internet to perform routine audits to detect unpatched remote vulnerabilities. Network security assessment tools such as Nessus can perform automated detection of vulnerabilities. A vulnerability detection assessment usually involves three distinct phases. Scanning In this phase, the software probes a range of addresses on a network to determine which hosts are alive. One type of probing sends ICMP echo requests to find active hosts, but does not discount hosts that do not respond -- they might be behind a firewall. Port-scanning can determine which hosts are alive and what ports they have open. This creates a target set of hosts for use in the next step. Enumeration In this phase, the software probes network services on each host to obtain banners that contain software and OS version information. Depending on what is being enumerated, username and password brute-forcing can also take place here. Vulnerability Detection The software probes remote services according a list of known vulnerabilities such as input validation, buffer-overflows, improper configuration, and so on. Why Nessus? You just can't beat free. There are commercial vulnerability scanners available and they may be useful in their own right, but consider that Nessus is comparable to some commercial scanners that can cost hundreds of thousands of dollars. In addition Nessus is open source, and its source is published under the GPL. As we will see in Part 2 of this article, you can write custom plugins for Nessus with NASL or C. Nessus uses a client-server architecture. The Nessus server, nessusd, listens for incoming connections from the clients that can configure the server to launch specific attacks. In addition, nessusd authenticates the clients, allowing for each user to have individual access to specific functionality. Also, the communication between the client and the server is encrypted. Therefore, the Nessus architecture and its free and open source nature are good reasons to award it high points. If you haven't already, give Nessus a try. Here's now to install it. Installing Nessus Brave users may attempt the following method that performs an automated installation: [notroot]$ lynx -source http://install.nessus.org sh The rest of us need to download the latest version of Nessus. First, install nessus-libraries: [notroot]$ tar zxvf nessus-libraries-x.y.z.tar.gz [notroot]$ cd nessus-libraries [notroot]$./configure Revised April 22, 2004 Page 1 of 7

[notroot] make [root]# make install Next, install libnasl: [notroot]$ tar zxvf libnasl-x.y.z.tar.gz [notroot]$ cd libnasl [notroot]$./configure [notroot]$ make [root]# make install [root]# ldconfig Then, install nessus-core: [notroot]$ tar zxvf nessus-core.x.y.z.tar.gz [notroot]$ cd nessus-core [notroot]$./configure [notroot]$ make [root]# make install If you are installing nessus-core on a server that does not have the GTK libraries and you don't need the Nessus GUI client, run./configure with the --disable-gtk option. If all went well, you are all set with the installation! Note: if you want to update your Nessus installation with the latest plugins, run nessus-update-plugins as root. Running Nessus Start the Nessus server: [root]# nessusd -D Before you can connect to the server, you must first add a Nessus user, using the nessus-adduser command. Now, run nessus to launch the Nessus client and login as the user you just created. Next, take a look at the different plugins you can select from the Plugins tab. Revised April 22, 2004 Page 2 of 7

Figure 1 Selecting Nessus plugins The Enable all but dangerous plugins button will disable plugins that are known to crash the remote services being scanned. Also take a look at the scans listed under the Denial of Service category. It is a good idea to disable these checks when scanning hosts that provide critical services. Use the Filter button to search for specific plugin scripts. For example, it is possible to search for vulnerability checks that have a certain word in their description or by the CVE name of a specific vulnerability. It is up to the author of each specific vulnerability check to make sure he provides all appropriate information and places his script under the proper category. As you will note by looking at Revised April 22, 2004 Page 3 of 7

the descriptions of some of the vulnerability checks, some authors do not do a good job of filling in this information, so be careful. Figure 2 Nessus preferences Next, click on the Preferences tab. Under this section, you can set various options that will affect the way Nessus will perform its scans. Most of the options are self-explanatory. One important preference is that of Nmap options. Nmap is one of the best port-scanners available today, and Nessus can use it to port scan target hosts (make sure to select Nmap in the Scan Options tab). The connection() technique completes the 3-way TCP handshake in order to identify open ports. This means that Revised April 22, 2004 Page 4 of 7

services running on the remote host will likely log your connection attempts. The SYN scan does not complete the TCP handshake. It merely sends a TCP packet with the SYN flag set and waits for a response. Receiving a RST packet in response indicates that the host is alive and the port is closed. Receiving a TCP packet with the SYN+ACK flags set that the target is listening on the port. Since this method does not complete the TCP handshake, it is usually stealthier, so services that listen on that port will not detect it. An IDS may detect this. See the nmap man page for more information on other Nmap scanning options and techniques. Figure 3 Nessus scan options Revised April 22, 2004 Page 5 of 7

The Scan options tab allows you to specify the port range that you want Nessus to port-scan. TCP and UDP ports range from 1 to 65535. Use default for the port range to scan the ports listed in the nessus-services text file. Although Nessus is smart enough to recognize services running on nonstandard ports, it will not target ports that it does not know are open. So make sure you configure your port ranges appropriately. The Safe checks option will cause Nessus to rely on version information from network service banners to determine if they are vulnerable. This may cause false positives, but it may be useful to scan hosts whose uptime is critical. The Port scanner section in this tab allows you to select the type of port scan you want Nessus to perform. If most of your hosts are behind firewalls or do not respond to ICMP echo requests, you might want to disable the Ping the remote host option. In the Target Selection tab, enter the IP addresses of hosts you want to scan. Enter more than one IP address by separating each with a comma. You can also enter a range of IP addresses using a hyphen, for example, 192.168.1.1-10. Tell Nessus to read target host IPs from a text file by choosing the Read file... button. Once you are done entering the target IP addresses, and are sure that you are ready to go, click on the Start the scan button to have Nessus begin scanning. Figure 4 A Nessus report When Nessus finishes its scan, it will present you with a report. You can save it in a variety of formats: HTML (with or without graphics), XML, LaTeX, ASCII, and NBE (Nessus BackEnd). The items with a light bulb next to them are mere notes or tips that provide information about a service or suggest best practices to help you better secure your hosts. The items with an exclamation next to them are findings that suggest a security warning when a mild flaw is detected. Items that have the no-entry symbol next to them suggest a severe security hole. In case you are wondering, the authors of the individual scripts used by the Nessus plugins decide how to categorize the findings. Conclusion Although Nessus is a great tool to perform automated vulnerability scanning, its results can and often do provide false positives. To see how a particular vulnerability scan works, take a look at its Revised April 22, 2004 Page 6 of 7

corresponding.nasl script file located in /usr/local/lib/nessus/plugins. Part 2 of this article will cover NASL and that will help you better understand how these work, and this will allow you to manually ensure if a finding is a false positive or not. It is highly recommended that you do not solely rely on automated vulnerability scanning tools, but also perform manual attack and penetration reviews for a better understanding of your organization's network security posture. Revised April 22, 2004 Page 7 of 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information