Nessus

1
Nessus A Vulnerability Scanning Tool

• SUNY Technology Conference June 2003

2
Bill Kramp

• Finger Lakes Community College
• Canandaigua, NY
• krampwd_at_flcc.edu

3
Outline

• What is Nessus?
• Why use it?
• System and Software
• Configuration
• Scanning
• Reports
• Demonstration
• Discussion

4
Nessus

• Vulnerability scanning tool
• Open source
• Zero software costs
• Zero annual maintenance costs
• Minimal hardware needs

5
Why scan?

• To meet your campus security policy.
• To find out what services are running.
• To double check that software patches are
  installed correctly.
• If you dont find the holes, the hackers will.
• Like Martha says Its a good thing.

6
System Requirements

• Server
• Linux
• Solaris
• FreeBSD
• Clients
• Win32
• X11
• Java

7
Server Software

• Four basic parts to the Nessus server
• Nessus-core
• Nessus-libraries
• Libnasl
• Nessus-plugins

8
Plugins

• Plugins are the scripts that perform the
  vulnerability tests.
• NASL This is the Nessus Attack Scripting
  Language which can be used to write your own
  plugins.
• Nessus-update-plugins command A script that will
  download new, or updated Nessus plugins. Can be
  run manually or from cron.
• 1600 plugins available as of June 10, 2003

9
Port Scanners

• Port scanning will detect the ports (services)
  available.
• Port scanning types
• Ping
• SYN scan
• Tcp connect() scan
• Scan for LaBrea tarpitted hosts
• SNMP port scan
• Can define port ranges to scan

10
Defining Targets

• Hosts
• Server.domain.edu
• 172.21.1.2
• Subnet
• 192.168.100.0
• Address range
• 192.168.1.1-192.168.1.10

11
Vulnerability Scanning

• Scanning methods
• Safe
• Destructive
• Service recognition Will determine what service
  is actually running on a particular port.
• Handle multiple services Will test a service
  if it appears on more then one port.
• Will test multiple systems at the same time.

12
Viewing Reports

• Nessus will indicate the threat level for
  services or vulnerabilities it detects
• Low severity Notification of issues
• Medium severity Warnings to think about
• High severity Issues that should be resolved
• Description of vulnerability
• Risk factor
• CVE number

13
Common Vulnerabilities and Exposures

• CVE created by http//www.cve.mitre.org/
• Attempting to standardize the names for
  vulnerabilities.
• CVE search engine at http//icat.nist.gov/

14
Report Options

• Output types
• Text
• HTML
• PDF
• Filter by severity
• Sort by host or vulnerability

15
Export Options

• Comma Separated
• MySQL
• SQL
• Nessus .nsl

16
User Accounts

• Nessus supports individual accounts.
• Different rules can be applied to each account
• Limit access to specific host(s)
• Limit access by subnets
• Have no restrictions

17
Connecting to Nessus Server
18
Define the Targets
19
Selecting Plugins
20
Scanning
21
Testing Completed
22
Viewing Session Results
23
Nessus Resources

• http//www.nessus.org/
• Nessus PHP Interface (to MySQL)
  http//enterprise.bidmc.harvard.edu/pub/nessus-php
  /
• Win32 Client http//nessuswx.nessus.org/
• Gnome Client http//sussen.sourceforge.net/

24
Commercial Products

• SecureScan http//www.vigilante.com/
• Retina http//www.eeye.com/
• Internet Scanner http//www.iss.net/

25
Discussion

• Does any campus have policies to test?
• What software are other campuses using?

26
Nessus A Vulnerability Scanning Tool

• A complete copy of the Power Point presentation
  will be available on the college website at
  http//paws.flcc.edu/krampwd/