Google
 

Introduction to Nessus

September 2, 2005
“Nessus is a great tool designed to automate the testing and discovery
of known security problems. Typically someone, a hacker group, a
security company, or a researcher discovers a specific way to violate
the security of a software product. The discovery may be accidental or
through directed research; the vulnerability, in various levels of
detail, is then released to the security community. Nessus is designed
to help identify and solve these known problems, before a hacker takes
advantage of them. Nessus is a great tool with lots of capabilities.
However it is fairly complex and few articles exist to direct the new
user through the intricacies of how to install and use it. Thus, this
article shall endeavor to cover the basics of Nessus setup and
configuration. The features of the current versions of Nessus (Nessus
2.0.8a and NessusWX 1.4.4) will be discussed. Future articles will
cover Nessus in more depth.
Nessus is a public domain program released under the GPL. Historically,
many in the corporate world have ridiculed such public domain software
as being a waste of time, instead choosing “supported” products
developed by established companies. Typically these packages cost
hundreds or thousands of dollars, and are often purchased using the
logic that you get what you pay for. Some people are starting to
realize that public domain software, such as Nessus, isn’t always
inferior and sometimes it is actually superior. Paid technical support
for Nessus is even available from www.tenablesecurity.com. Nessus also
has a great community of developers anchored by the primary author,
Renaud Deraison. When allowed to fairly compete in reviews against
other vulnerability scanners, Nessus has equaled or outshined products
costing thousands of dollars. [ref: Information Security, Network
Computing]
One of the very powerful features of Nessus is its client server
technology. Servers can be placed at various strategic points on a
network allowing tests to be conducted from various points of view. A
central client or multiple distributed clients can control all the
servers. The server portion will run on most any flavor of Unix. It
even runs on MAC OS X and IBM/AIX, but Linux tends to make the
installation simpler. These features provide a great deal of
flexibility for the penetration tester. Clients are available for both
Windows and Unix. The Nessus server performs the actual testing while
the client provides configuration and reporting functionality.”

Introduction to Nessus

  • Technorati
  • StumbleUpon
  • Digg
  • del.icio.us
  • Simpy
  • RawSugar
  • NewsVine
  • YahooMyWeb
  • Reddit
  • Furl
  • co.mments
  • Fark
  • Haohao
  • MisterWong
  • Slashdot
  • Spurl
  • No Related Post
Categories
Tips and Tricks
Comments rss
Comments rss
Trackback
Trackback

« Honeypots: Are They Illegal? Express 3.0 - SmoothWall »

Leave a comment

You must be logged in to post a comment