Top 3 Things You Should Know About Nessus
A friend of mine, who was preparing to teach a workshop that included information about Nessus, recently asked: "What are the top three things you would tell people about Nessus?" Below is a more detailed version of my response:
1) Network Scanning - With over 28,000 plugins, Nessus has some excellent coverage in terms of vulnerability scanning for your systems and network. When running a network-based scan it is important to tune it appropriately. Look at the different plugin families and enable the ones that you think are most relevant. In addition, review the Advanced options for your scan. If you are performing web application testing, take a look at the Advanced options global variable settings. If speed is not a factor, you can get some awesome results by enabling CGI scanning, experimental plugins and thorough tests. Finally, don't just look at the high level alerts: some medium and low level alerts can lead to root access!
2) Credentialed Scanning - Local Checks - Providing Nessus with credentials enables the scanner to gather considerably more information than a network-based scan, such as information about installed patches. For example, if your target is running CentOS, it will check that it has the latest patches. Running a credentialed scan is the best way to reduce false positives. For UNIX/Linux systems, use SSH with a pre-shared key instead of a password. Then you can use the filtering feature in the Nessus client to distribute nice reports of hosts that are missing patches to your systems administrators.
3) Credentialed Scanning - Audit Files - Another useful credentialed Nessus scan is to compare your system settings to known standards. Nessus has checks for several different standards, including CIS benchmarks, PCI, FDCC and the OWASP top ten list. Nothing says security like good ole' fashioned system hardening and Nessus can help you achieve your system hardening goals with audit file checking. This is particularly useful for systems such as web servers, as Nessus can test the operating system, Apache web server and database settings against pre-determined security standards.
You can obtain a Nessus ProfessionalFeed or HomeFeed from the Nessus homepage at www.nessus.org.
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Nessus