Introduction A security scanner is a software which will audit remotely a given network and...

Introduction

• A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it ,or misuse it in some way.

• Nessus does not take anything for granted.

• Nessus is very fast, reliable and has a modular architecture that allows you to fit it to your needs.

Introduction continues………

• The Nessus program consist of two parts,a server(it does the work of finding the holes , and reporting back to the client)

and a client (it does the work of displaying the results found by the server counterpart).

Introduction continues………

• The sever can be runned on a variety of UNIX boxes(including: Linux,BSD, and Solaris) and on windows NT.

• There Exits a verity of clients flavors that can be runned on a variety of machiens types.

The client can be a Java based program –can be run on a Windows machiene and on an UNIX machiene)

Win32 based Program-Possible to run off any Windows NT/95/98

Features• Plug-in architecture. Each security test is written as an external plugin. This

way, you can easily add your own tests without having to read the code of the nessusd engine.

• NASL. The Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security test easily and quickly. (security checks can also be written in C)

• Up-to-date security vulnerability database. We mostly focus on the developement of security checks for recent security holes. Our security checks database is updated on a daily basis, and all the newest security checks are available here and on your FTP servers and mirrors.

• Client-server architecture. The Nessus Security Scanner is made up of two parts : a server, which performs the attacks, and a client which is the frontend. You can run the server and the client on different systems. That is, you can audit your whole network from your personnal computer, whereas the server performs its attacks from the main frame which is upstairs. There are several clients : one for X11, one for Win32 and one written in Java

Can test an unlimited amount of hosts at the same time. Depending of the power of the station you run the Nessus server onto, you can test two, ten or forty hosts at the

same time

Tests cooperation. The security tests performed by Nessus cooperate so that nothing useless is made. If your FTP server does not offer anonymous logins, then anonymous-related security checks will not be performed.

Complete reports : Nessus will not only tell you what's wrong on your network, but will, most of the time, tell you how to prevent crackers from exploiting the security holes found and will give you the risk level of each problem found (from Low to Very High)

Exportable reports : The Unix client can export Nessus reports as ASCII text, LaTeX, HTML, "spiffy" HTML (with pies and graphs) and an easy-to-parse file format.

Smart plugins (optional) : Nessus will determine which plugins should or should not be launched against the remote host (for instance, this prevents the testing of Sendmail vulnerabilities against Postfix). (this option is called "optimizations")

Non-destructive (optional) : If you don't want to take the risk to bring down services on your network, you can enable the "safe checks" option of Nessus, which will make

Nessus rely on banners rather than exploiting real flaws to determine if a vulnerability is present .

Independent developers. The Nessus developers are independent from the rest of the world, so we will not hide a security vulnerability in the program XYZ because we have a contract with them.

Nessus Installation

• Download the Nessus source distribution from web site http://www.nessus.org under the topic Download its free.

• Install Nessus using the script called nessus-installer.sh which is located under the directory nessus-installer/. Use the following command:

• #sh nessus-installer.sh• Download the compilation software package consisting

of: – nessus-libraries-x.x.tar.gz – libnasl-x.x.tar.gz – nessus-core.x.x.tar.gz – nessus-plugins.x.x.tar.gz

• (x represents the version of the software at the time.)

•Untar and unzip all the files above using the command. # tar xvfz nessus-libraries-x.x.tar.gz # tar xvfz libnasl-x.x.tar.gz # tar xvfz nessus-core.x.x.tar.gz # tar xvfz nessus-plugins.x.x.tar.gz

•Compile each file starting from nessus-libraries as follows: # cd nessus-libraries # ./configure # make # make install(For the last command, make install, you must be root to do so.) •Compile libnasl: # cd libnasl # ./configure # make # make install

•Compile nessus-core: #cd nessus-core #./configure #make #make install

•Compile nessus-plugins: #cd nessus-plugins #./configure #make #make install

After all compilation has been done, there are two mportant files created, i.e., nessusd which is Nessus' server and nessus which is its client.

Nessus Usage

To use Nessus, there are two things one has to do. The first is to create a new user account, together with specifying his/her access privilege. The second is configuring Nessus' client.

1. New user account creation and access privilege

Use the script nessus-adduser located in /usr/local/sbin to generate a new account for a user. The user will login to use Nessus via this account.

New user account creation

Selecting the method to keep a password

Connection privilege

Specifying one-time password

Network scan privilege allowed to joey

Confirmation for data item correctness

Add-user process completed

Configuration values for server nessusd

Starting server

Checking the operation of nessusd server

2. Nessus client configuration

• The clent program client nessus is located in /usr/local/bin/nessus.Use the following command to start the client.

• The symbol & in the figure is starting the program in backgroung mode.Note that the user who starts the client program uses ‘user-name’ snort on Linux

Specifying a passpharase

Nessus login window

On time password window

Plugin selection window

Further details for the vulnerability: Anonymous FTP

Enabled

Plugin preference window

Scan options window

Target selection window

User window

Credits Window

Simultaneous scan status

A single machine scan status

Scan result

Security risk piechart

Plugins

Plugins are the heart of Nessus because they contain a set of scripts to check vulnerabilities in a network, e.g., backdoors, DoS, wide-open ports, etc. These scripts are written in the language called NASL (Nessus Attack Scripting Language) and can be found in /usr/local/lib/nessus/plugin. The user can also develop their own scripts by studying this language from http://www.nessus.org/doc/nasl.html. Furthermore, more new scripts to test our network can be found in http://cgi.nessus.org/plugins/  

END