Stephan Bayer

INLS 187 Software Evaluation

September 23, 2004

What is Nessus?

Nessus is a free, easy to use remote security scanner that is a client-server application. The application is hosted on a server (typically a Unix server), where the software can be kept up-to-date. Nessus scans any system, whether it runs Windows, Mac OS or Unix/Linux. A client server application such as nessus makes it possible to keep one easily-updatable software on a server and makes it easily accessible by as many clients as desired. Nessus also "doesn't take anything for granted" (nessus.org). No matter how your server or workstation is set up or what operating system it uses, it will scan for security vulnerabilities. For example, say your typical webserver is serving a site on port 8080 instead of the regular port 80. Nessus will scan all open ports, regardless of common and defaulted settings.

Target Audience

The Nessus security scanner is intended for usage by a security consultant who wishes to audit computer systems for vulnerabilities. The software isn't exactly "plug and play" so the user should be fairly proficient in pc maintenance and networking. Basic understanding of Unix are required as well.

Cost

Nessus is a public domain program licensed under the GNU General Public License, so it's free~

The scanner for Windows : Newt 2.0 is available commercially

Features

Up-to-Date Security vulnerability definition database (similar to updating virus definitions)

  • Up-to-date development of patches for security holes.
  • Database updated on a daily basis.
  • Update retrieved with the command nessus-update-plugins

    • Remote and local security

    Most security scanners scan just a network. This scanner detects "remote flaws of hosts of you network, local flaws and missing patches as well - whether they are running Windows, Mac OS X or a unix like system." (nessus.org)

    Scans Vulnerabilities by Plugins

    Nessus will scan any type of vulnerabilities you wish. You can scan Microsoft server vulnerabilities, Linux vulnerabilities, or Mac vulnerabilities. There are a lot of plugins to choos from. The most popular plugins are available for viewing and download here. Say you wanted to scan for microsoft hotfixes. All you would have to do is install the plugin and scan!

    Plugins are organized by category. For example, categories include Denial of Service, Backdoors, Firewalls, Useless Services, and FTP

    Requirements

  • A Unix/Linux system for the Server Software
  • Nessus is scalable, which means it will work with the oldest of CPUs. The more power your system has, the faster it scans!
  • A GUI for the Unix/ Linux client
  • GTK - The Gimp Toolkit, version 2.2 or 1.2
  • or the native Windows Client
  • A Windows Operating System for the native Windows Client (only if you opt to use the Windows client)

    Note : If you do not want to install GTK and/or if your system lacks X11, then you can compile a command-line client by doing <
    . /configure --disable-gtk
    in nessus-core

    • Download

    Download newest, stable version here

    Read about how to install it, here. If you want to use Suse Linux like I did, I'd suggest reading this article. It took me about 4 hours just to get it installed. There are many dependencies this program needs that don't automatically come with many Linux distributions.

    Screenshot of working program:

     

     

    Effectiveness

    Criteria for testing

    Criteria 1: Scanning for security vulnerabilities on my machine (localhost).

    My machine is unique because I'm running Virtual PC software which allows me to run Windows XP and Suse Linux simultaneously. By checking only the "Windows plugin" and setting the target of scan to "localhost", I could see all of my vulnerabilities in Windows. I found that the only options I needed were these: Windows Hotfix and Windows XP Service Pack 2. I feel much better about my system running securely now.

    Criteria 2:

    I checked a couple of plugins that pertained to the Linux operating system such as the SSH plugin. There were a couple of Suse updates I needed. (I had just installed Suse about a week ago and didn't perform any updates. There were also unneeded ports open because I installed Apache with Suse and I was running a webserver for no reason. So it pointed out that I had open ports to my machine. I turned off the Apache daemon and won't turn it back on now until I need it.

    Recommendation

    This software was very difficult to install. For the average Windows user that doesn't have access to a Unix box, I wouldn't recommend this software at all. I wanted a bit of a challenge and I wanted a nifty security tool like Nessus so I decided to install it. The fact that it is split up between client and server application can make it seem confusing to some people. What is neat about the software, however, is that it has a lot of scanning options. I can scan any vulnerabilities out there, and all I have to do is update my plugins before I want to scan, select the vulnerabilities I want to search for, select my target and go! It is very easy from there and very easy to fix vulnerabilities. The best part is, now the Client Server architecture of this software allows me to access it from anywhere. I could be on UNC campus, login to my nessus daemon through a Windows client and scan any target I want for vulnerabilities. It is my own personal security tool that is accessible from anywhere with an internet connection.

    As far as recommendations go, I'd recommend this to anybody in INLS 187 and any fairly proficient computer user out there. It tells you a lot more about Windows system vulnerabilities than Windows Update does so it certainly does appeal to a large group of people who are just running strictly windows. It is also fun to fine-tune your Unix skills by getting something like this running.

    This software is very cost-effective in that it is free under the GPL. Many corporations will tend to buy security products because they believe "you get what you pay for." This is not the case with this program because it is updated on a daily basis, so you know it keeps up with all the vulnerabilities out there. If you want to spend money on it, you can pay for support from Tenable Security. As mentioned above, they offer the Newt 2.0 software that runs on the exact same daemon as Nessus. The difference is they offer complete support for a price. If you have a security administrator that knows what he's doing, Nessus is the best and most cost-effective bet!

    last updated: Friday, September 25, 2004 ; 17:45

    HOME | COURSE WEBPAGE | ASSIGNMENT DESCRIPTION | CONTACT THE AUTHOR