Nessus – A Vulnerability Nessus – A Vulnerability Scanning ToolScanning Tool

SUNY Technology Conference SUNY Technology Conference June 2003June 2003

Bill KrampBill Kramp

Finger Lakes Community CollegeFinger Lakes Community College

Canandaigua, NYCanandaigua, NY

krampwd@flcc.edukrampwd@flcc.edu

OutlineOutline

What is Nessus?What is Nessus?Why use it?Why use it?System and SoftwareSystem and SoftwareConfigurationConfigurationScanningScanningReportsReportsDemonstrationDemonstrationDiscussionDiscussion

NessusNessus

Vulnerability scanning toolVulnerability scanning tool

Open sourceOpen source

Zero software costsZero software costs

Zero annual maintenance costsZero annual maintenance costs

Minimal hardware needsMinimal hardware needs

Why scan?Why scan?

To meet your campus security policy.To meet your campus security policy.

To find out what services are running.To find out what services are running.

To double check that software patches are To double check that software patches are installed correctly.installed correctly.

If you don’t find the holes, the hackers will.If you don’t find the holes, the hackers will.

Like Martha says “It’s a good thing”.Like Martha says “It’s a good thing”.

System RequirementsSystem Requirements

Server: Server: LinuxLinux SolarisSolaris FreeBSDFreeBSD

Clients: Clients: Win32Win32 X11X11 JavaJava

Server SoftwareServer Software

Four basic parts to the Nessus server:Four basic parts to the Nessus server: Nessus-coreNessus-core Nessus-librariesNessus-libraries LibnaslLibnasl Nessus-pluginsNessus-plugins

PluginsPlugins

Plugins are the scripts that perform the Plugins are the scripts that perform the vulnerability tests.vulnerability tests.

NASL – This is the Nessus Attack Scripting NASL – This is the Nessus Attack Scripting Language which can be used to write your own Language which can be used to write your own plugins.plugins.

Nessus-update-plugins command– A script that Nessus-update-plugins command– A script that will download new, or updated Nessus plugins. will download new, or updated Nessus plugins. Can be run manually or from cron.Can be run manually or from cron.

1600 plugins available as of June 10, 20031600 plugins available as of June 10, 2003

Port ScannersPort Scanners

Port scanning will detect the ports Port scanning will detect the ports (services) available.(services) available.Port scanning types:Port scanning types: PingPing SYN scanSYN scan Tcp connect() scanTcp connect() scan Scan for LaBrea tarpitted hostsScan for LaBrea tarpitted hosts SNMP port scanSNMP port scan

Can define port ranges to scanCan define port ranges to scan

Defining TargetsDefining Targets

Hosts Hosts Server.domain.eduServer.domain.edu 172.21.1.2172.21.1.2

SubnetSubnet 192.168.100.0192.168.100.0

Address rangeAddress range 192.168.1.1-192.168.1.10192.168.1.1-192.168.1.10

Vulnerability ScanningVulnerability Scanning

Scanning methods:Scanning methods: SafeSafe DestructiveDestructive

Service recognition – Will determine what Service recognition – Will determine what service is actually running on a particular port.service is actually running on a particular port.

Handle multiple services – Will test a service if it Handle multiple services – Will test a service if it appears on more then one port.appears on more then one port.

Will test multiple systems at the same time.Will test multiple systems at the same time.

Viewing ReportsViewing Reports

Nessus will indicate the threat level for Nessus will indicate the threat level for services or vulnerabilities it detects:services or vulnerabilities it detects: Low severity – Notification of issuesLow severity – Notification of issues Medium severity – Warnings to think aboutMedium severity – Warnings to think about High severity – Issues that should be resolvedHigh severity – Issues that should be resolved

Description of vulnerabilityDescription of vulnerability

Risk factorRisk factor

CVE numberCVE number

Common Vulnerabilities and Common Vulnerabilities and Exposures Exposures

CVE created by CVE created by http://www.cve.mitre.org/http://www.cve.mitre.org/ Attempting to standardize the names for Attempting to standardize the names for

vulnerabilities.vulnerabilities.

CVE search engine at http://icat.nist.gov/CVE search engine at http://icat.nist.gov/

Report OptionsReport Options

Output types:Output types: TextText HTMLHTML PDFPDF

Filter by severityFilter by severity

Sort by host or vulnerabilitySort by host or vulnerability

Export OptionsExport Options

Comma SeparatedComma Separated

MySQLMySQL

SQLSQL

Nessus .nslNessus .nsl

User AccountsUser Accounts

Nessus supports individual accounts.Nessus supports individual accounts.

Different rules can be applied to each Different rules can be applied to each account:account: Limit access to specific host(s)Limit access to specific host(s) Limit access by subnetsLimit access by subnets Have no restrictionsHave no restrictions

Connecting to Nessus ServerConnecting to Nessus Server

Define the TargetsDefine the Targets

Selecting PluginsSelecting Plugins

Scanning…Scanning…

Testing CompletedTesting Completed

Viewing Session ResultsViewing Session Results

Nessus ResourcesNessus Resources

http://www.nessus.org/http://www.nessus.org/

Nessus PHP Interface (to MySQL): Nessus PHP Interface (to MySQL): http://enterprise.bidmc.harvard.edu/pub/nhttp://enterprise.bidmc.harvard.edu/pub/nessus-phpessus-php//

Win32 Client: Win32 Client: http://nessuswx.nessus.org/http://nessuswx.nessus.org/

Gnome Client: Gnome Client: http://sussen.sourceforge.net/http://sussen.sourceforge.net/

Commercial ProductsCommercial Products

SecureScan SecureScan http://www.vigilante.com/http://www.vigilante.com/

Retina Retina http://www.eeye.com/http://www.eeye.com/

Internet Scanner Internet Scanner http://www.iss.net/http://www.iss.net/

DiscussionDiscussion

Does any campus have policies to test?Does any campus have policies to test?

What software are other campuses using?What software are other campuses using?

Nessus – A Vulnerability Nessus – A Vulnerability Scanning ToolScanning Tool

A complete copy of the Power Point A complete copy of the Power Point presentation will be available on the presentation will be available on the

college website at college website at http://paws.flcc.edu/~krampwd/http://paws.flcc.edu/~krampwd/