nessus – a vulnerability scanning tool suny technology conference june 2003
Post on 15-Jan-2016
218 views
TRANSCRIPT
Nessus – A Vulnerability Nessus – A Vulnerability Scanning ToolScanning Tool
SUNY Technology Conference SUNY Technology Conference June 2003June 2003
Bill KrampBill Kramp
Finger Lakes Community CollegeFinger Lakes Community College
Canandaigua, NYCanandaigua, NY
[email protected]@flcc.edu
OutlineOutline
What is Nessus?What is Nessus?Why use it?Why use it?System and SoftwareSystem and SoftwareConfigurationConfigurationScanningScanningReportsReportsDemonstrationDemonstrationDiscussionDiscussion
NessusNessus
Vulnerability scanning toolVulnerability scanning tool
Open sourceOpen source
Zero software costsZero software costs
Zero annual maintenance costsZero annual maintenance costs
Minimal hardware needsMinimal hardware needs
Why scan?Why scan?
To meet your campus security policy.To meet your campus security policy.
To find out what services are running.To find out what services are running.
To double check that software patches are To double check that software patches are installed correctly.installed correctly.
If you don’t find the holes, the hackers will.If you don’t find the holes, the hackers will.
Like Martha says “It’s a good thing”.Like Martha says “It’s a good thing”.
System RequirementsSystem Requirements
Server: Server: LinuxLinux SolarisSolaris FreeBSDFreeBSD
Clients: Clients: Win32Win32 X11X11 JavaJava
Server SoftwareServer Software
Four basic parts to the Nessus server:Four basic parts to the Nessus server: Nessus-coreNessus-core Nessus-librariesNessus-libraries LibnaslLibnasl Nessus-pluginsNessus-plugins
PluginsPlugins
Plugins are the scripts that perform the Plugins are the scripts that perform the vulnerability tests.vulnerability tests.
NASL – This is the Nessus Attack Scripting NASL – This is the Nessus Attack Scripting Language which can be used to write your own Language which can be used to write your own plugins.plugins.
Nessus-update-plugins command– A script that Nessus-update-plugins command– A script that will download new, or updated Nessus plugins. will download new, or updated Nessus plugins. Can be run manually or from cron.Can be run manually or from cron.
1600 plugins available as of June 10, 20031600 plugins available as of June 10, 2003
Port ScannersPort Scanners
Port scanning will detect the ports Port scanning will detect the ports (services) available.(services) available.Port scanning types:Port scanning types: PingPing SYN scanSYN scan Tcp connect() scanTcp connect() scan Scan for LaBrea tarpitted hostsScan for LaBrea tarpitted hosts SNMP port scanSNMP port scan
Can define port ranges to scanCan define port ranges to scan
Defining TargetsDefining Targets
Hosts Hosts Server.domain.eduServer.domain.edu 172.21.1.2172.21.1.2
SubnetSubnet 192.168.100.0192.168.100.0
Address rangeAddress range 192.168.1.1-192.168.1.10192.168.1.1-192.168.1.10
Vulnerability ScanningVulnerability Scanning
Scanning methods:Scanning methods: SafeSafe DestructiveDestructive
Service recognition – Will determine what Service recognition – Will determine what service is actually running on a particular port.service is actually running on a particular port.
Handle multiple services – Will test a service if it Handle multiple services – Will test a service if it appears on more then one port.appears on more then one port.
Will test multiple systems at the same time.Will test multiple systems at the same time.
Viewing ReportsViewing Reports
Nessus will indicate the threat level for Nessus will indicate the threat level for services or vulnerabilities it detects:services or vulnerabilities it detects: Low severity – Notification of issuesLow severity – Notification of issues Medium severity – Warnings to think aboutMedium severity – Warnings to think about High severity – Issues that should be resolvedHigh severity – Issues that should be resolved
Description of vulnerabilityDescription of vulnerability
Risk factorRisk factor
CVE numberCVE number
Common Vulnerabilities and Common Vulnerabilities and Exposures Exposures
CVE created by CVE created by http://www.cve.mitre.org/http://www.cve.mitre.org/ Attempting to standardize the names for Attempting to standardize the names for
vulnerabilities.vulnerabilities.
CVE search engine at http://icat.nist.gov/CVE search engine at http://icat.nist.gov/
Report OptionsReport Options
Output types:Output types: TextText HTMLHTML PDFPDF
Filter by severityFilter by severity
Sort by host or vulnerabilitySort by host or vulnerability
Export OptionsExport Options
Comma SeparatedComma Separated
MySQLMySQL
SQLSQL
Nessus .nslNessus .nsl
User AccountsUser Accounts
Nessus supports individual accounts.Nessus supports individual accounts.
Different rules can be applied to each Different rules can be applied to each account:account: Limit access to specific host(s)Limit access to specific host(s) Limit access by subnetsLimit access by subnets Have no restrictionsHave no restrictions
Connecting to Nessus ServerConnecting to Nessus Server
Define the TargetsDefine the Targets
Selecting PluginsSelecting Plugins
Scanning…Scanning…
Testing CompletedTesting Completed
Viewing Session ResultsViewing Session Results
Nessus ResourcesNessus Resources
http://www.nessus.org/http://www.nessus.org/
Nessus PHP Interface (to MySQL): Nessus PHP Interface (to MySQL): http://enterprise.bidmc.harvard.edu/pub/nhttp://enterprise.bidmc.harvard.edu/pub/nessus-phpessus-php//
Win32 Client: Win32 Client: http://nessuswx.nessus.org/http://nessuswx.nessus.org/
Gnome Client: Gnome Client: http://sussen.sourceforge.net/http://sussen.sourceforge.net/
Commercial ProductsCommercial Products
SecureScan SecureScan http://www.vigilante.com/http://www.vigilante.com/
Retina Retina http://www.eeye.com/http://www.eeye.com/
Internet Scanner Internet Scanner http://www.iss.net/http://www.iss.net/
DiscussionDiscussion
Does any campus have policies to test?Does any campus have policies to test?
What software are other campuses using?What software are other campuses using?
Nessus – A Vulnerability Nessus – A Vulnerability Scanning ToolScanning Tool
A complete copy of the Power Point A complete copy of the Power Point presentation will be available on the presentation will be available on the
college website at college website at http://paws.flcc.edu/~krampwd/http://paws.flcc.edu/~krampwd/