Network security scanning tool Nessus

Source: Internet
Author: User
Article Title: Nessus, a network security scanning tool. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
   Summary
  
Nessus is a powerful and easy-to-use remote security scanner that is free and extremely fast to update. The security scanner performs security checks on a specified network to identify whether the network has a security vulnerability that causes attacks by the opponent. The system is designed as the client/sever mode. The server is responsible for security checks and the client is used to configure and manage the server. The server also adopts the plug-in system, allowing users to add plug-ins that execute specific functions. This plug-in can perform faster and more complex security checks. In Nessus, a shared information interface is also used, called the knowledge base, which stores the results of the previous check. Check results can be saved in HTML, plain text, LaTeX (a text file format), and other formats. (13:09:47)
  
   1. About Nessus
  
Nessus is a powerful and easy-to-use remote security scanner that is free and extremely fast to update. The security scanner performs security checks on a specified network to identify whether the network has a security vulnerability that causes attacks by the opponent. The system is designed as the client/sever mode. The server is responsible for security checks and the client is used to configure and manage the server. The server also adopts the plug-in system, allowing users to add plug-ins that execute specific functions. This plug-in can perform faster and more complex security checks. In Nessus, a shared information interface is also used, called the knowledge base, which stores the results of the previous check. Check results can be saved in HTML, plain text, LaTeX (a text file format), and other formats.
  
In future new versions, Nessus will support fast and faster security checks, and this check will consume less bandwidth, which may use the cluster technology to improve the system running efficiency.
  
Nessus has the following advantages:
  
It uses scanning based on multiple security vulnerabilities to avoid incomplete scanning.
It is free and offers a price advantage over commercial security scanning tools such as ISS.
In a questionnaire survey on the most popular security tools that Nmap users participate in, Nessus topped the list in competition with many commercial systems and open-source systems. The eyes of the masses are bright :).
Nessus features high scalability, ease of use, and powerful functions. It can scan multiple security vulnerabilities.
The Nessus security check is completely completed by the plug-ins plug-in. By the time of this article, the number of security check plug-ins provided by Nessus has reached 705 in 18 categories, and this number will increase in the future. For example, in the "useless services" class, the "Echo port open" and "Chargen" plug-ins are used to test whether the host is vulnerable to known echo-chargen attacks. In the "backdoors" class, the "pc anywhere" plug-in is used to check whether the host runs background programs such as BO and PcAnywhere, fortunately, this includes the recently raging CodeRed and its variants.
  
On the Nessus homepage, we not only detail the functions of various plug-ins, but also provide solutions to the problems. For more information about plug-in, see the http://cgi.nessus.org/plugins/dump.php3? Viewby = family
  
In addition to these plug-ins, Nessus also provides you with a scripting language that describes attack types for additional security tests. This language is called Nessus attack scripting language (NSSL ), use it to compile the plug-in.
  
On the client, you can specify the machine running the Nessus service, the port scanner used, the content of the test, and the IP address range of the test. Nessus is based on multiple threads, so you can set the number of threads that the system is working at the same time. In this way, you can set the Nessus working configuration at the remote end. After the security detection is completed, the server returns the detection results to the client, which generates an intuitive report. In this process, because the content transmitted by the server to the client is a security weakness of the system, in order to prevent communication content from being monitored, you can also choose encryption during the transmission process.
  
   2. Install Nessus
  
As mentioned above, Nessus consists of two parts: client and server. Let's first look at the Server installation.
  
2.1 Download and install
  
You can go to http://www.nessus.org/download.htmlto download the nessus的latest example. Nessus is divided into two parts: the server side and the client side, and the server side is divided into two versions: the stable version and the experimental version. We recommend that you download the stable version, if you are not too eager to see the new features in the experiment version.
  
Similarly, the nessus client has two versions: JAVA and C. The JAVA version can be run on multiple platforms. The C version supports Windows, with these two Client versions, you can perform security checks on any machine on the LAN.
  
Next let's take a look at the Server installation. The server has four installation packages:
  
Nessus-libraries-x.x.tar.gz
Libnasl-x.x.tar.gz
Nessus-core.x.x.tar.gz
Nessus-plugins.x.x.tar.gz
Install each software package in the above sequence. First use tar? Xzvf nessus-* unbind these four software packages. First, install the nessus lib Library:
  
Cd nessus-libaries
./Configure
Make
  
Run make install as root.
  
Install the other three software packages in the same order.
  
After installation, confirm to add the path of the installed library file to the/etc/ld. so. conf file:/usr/local/lib. If no, you only need to add this path to the file and execute ldconfig, so that you can find the Runtime Library when running nessus.
  
2.2 create a user
  
The Nessus server has its own user database, which imposes constraints on each user. Users can perform security scanning through the nessusd server throughout the network.
  
To create a user, follow these steps:
  
$ Nessus-adduser
Addition of a new nessusd user
------------------------------
  
Login: admin // enter the user name
Password: secret // User Password
Authentification type (cipher or plaintext) [cipher]: cipher // select whether the authentication process is encrypted,
Now enter the rules for this user, and hit ctrl-D once you are done:
(The user can have an empty rule set)
^ D
  
Login: admin
Pssword: secret
Authentification: cipher
Rules:
  
Is that OK (y/n )? [Y] y
  
User added.
  
Nessus-adduser is a tool attached to Nessusd. After installation, this program is generated in the installation directory.
  
2.3 configure the Nessus server program Nessusd
  
Its configuration file is nessusd. conf, which is located in the/usr/local/etc/nessus/directory. In general, it is not recommended that you change the content unless you do need it.
  
2.4 start nessusd
  
After completing the preceding preparations, run the following command as the root user to start the server: nessusd? D
  
   3. Perform Security Scanning
  
After starting the Nessus service process according to the above method, You can execute the client program for security scanning.
    
The above is the startup interface. First, you are prompted to log on to the nessus server. After the Nessus Host, enter the IP address of the Linux server where the Nessus server is located. You do not need to change the port number and encryption method. Enter the user name and click Log in to Log on. Once the logon succeeds, the Log in button changes to Log out, and a connected prompt appears next to the dialog box.
  
Now, we can select the Plug-in to perform the corresponding security scan:
    
As shown in, the upper part is the plug-in selection. The following shows the attack methods that can be checked by the plug-in. Click each attack method and a dialog box will pop up to introduce its harmfulness and solution, as shown in:
    
We recommend that you select all the plug-ins to increase the security scan integrity.
  
Next, select the target host to be scanned and click "target selection"
    
Enter the target address in the window, as shown in 192.168.6.26 above. Here, the author uses an internal address, you can also use 192.168.6.26/24 to scan the entire network segment of 192.168.6.1-192.168.6.255, or use x. y. z and select the following Perform a DNS zone transfer option to search for the target IP address through the domain name system,
  
Finally, there is a user rule that can be used to restrict the user's scan operations. For example, I want to scan all hosts in 192.168.6 CIDR blocks except 192.168.6.4, then, you can enter:
  
Reject 192.168.6.4
Default accept
  
After all this is OK, click start to start scanning.
  
4. scan results
  
After the scan is completed, the following report is generated:
    
All scanned hosts are listed on the left of the window. You only need to click the host name and the security vulnerabilities of the host discovered by scanning are listed on the right of the window. Click the Security Vulnerability icon to list the severity of the vulnerability and the cause and solution.
  
Finally, you can save scan results in multiple formats as references for future use.
  
Summary
Because Nessusd is a security scan program with some attack-type security scans, and users can remotely start Nessusd for operations, you need to set it correctly, prevent malicious use. (13:09:58)
  
Because Nessusd is a security scan program with some attack-type security scans, and users can remotely start Nessusd for operations, you need to set it correctly, prevent malicious use.
  
1. Encryption
  
As mentioned above, if you use Nessusd over the network, that is, the client program and the server program Nessusd are not on the same host, the final scan result of Nessusd will be returned to the client through the network, considering that the content is sensitive data related to network security, we recommend that you encrypt the communication content between the two.
  
Run the following command when configuring and installing nessus:
  
./Configure? Enable-cipher
./Make
./Make install
  
In this way, the encryption mode is enabled. When starting nessusd, you must specify
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.