Tuesday, November 24, 2009

Nessus - Quick step by step to do a vulnerability scan

Nessus, in the network security realm is a comprehensive vulnerabilty scanner thats free for non commercial users. The entire goal of such a program is to aid a Systems Admin in identify vulnerabilities on his tested systems.

A few examples taking from http://en.wikipedia.org/wiki/Nessus_(software) :

  • Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
  • Misconfiguration (e.g. open mail relay, missing patches, etc).
  • Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
  • Denials of service against the TCP/IP stack by using mangled packets
Nessus can run on both Windows and Linux systems. On the linux system, It consists of the nessus server, nessusd, which does the scanning, and the nessus client NessusClient (or nessus on some systems i believe) that which controls scans and presents the vulnerability results to the user .

Demo:
I had a task in getting Nessus installed on bactrack 4 but im not gonna get into that. Refer to the following link for instructions and don't ever forget your new best friend google.com
http://www.itsolutionskb.com/2009/04/how-to-install-nessus-on-backtrack-4/

BT4, 10.0.01:
# /etc/init.d/nessusd start # cd /opt/nessus/bin # ./NessusClient

On the 'Scan' tab click on the '+' button and enter in the host or range of hosts that you would like to scan by their respective IP addresses. Click on Save.

Click on the 'Connect' button to the bottom left of the screen. Click on the '+' button then Enter in the required information (remember the host is gonna be 127.0.0.1 and port should remain 1241. The username and password would have been created in your nessus setup stages). Click on Save. Click on Connect. NessusClient is gonna attmep to connect to the nessus server at this point. Upon succestful connectivity, you should have the right hand '+' button enabled (would be disabled initially). Click on that '+' button. The next window should present you with a ton of options and settings at your disposal. I'd leave that up to you to determine whats right for you but the defaults should be fine for now to get things up and running. Click on Save. Then Click the Scan now button. You have now just performed a somewhat professional vulnerability audit of a system. When the scan is finished you would be presented with a report of nessus's findings. What you do from here onwards is up to you and you little imagination.

Resources/Good reading:
http://www.nessus.org/ http://en.wikipedia.org/wiki/Nessus_(software) http://www.itsolutionskb.com/2009/04/how-to-install-nessus-on-backtrack-4/

No comments:

Post a Comment