Proactive Vulnerability Assessment w/ Nessus
- Nessus is an open-sourced free vulnerability scanner tool, it can be configured to auto-update when new vulnerabilities are discovered (900+ at the moment), beating even proprietary scanners. Plug-ins can be used to not only scan for existing vulnerabilities but also provide descriptions and instructions on how to fix it. ->can be seen as a “hacker tool”, finds vulnerabilities by exploiting them, and may crash the system.
- Nessus may also run into false positives if the target system is behind a firewall/packet filter device. A port scan can be changed to run against 65535 ports, not just the first 15000. It works as an initial scanner, showing POSSIBLE vulnerabilities. Further analysis should be done to see if they’re false positives or actual vulnerabilities(and what remediation needs to be done).
Discussion Questions:
- Has anyone worked with using Nessus before? If so, what was your experience like?
- Nessus can be used by both the “good guys”/”bad guys” to test the system. Using the reports, the “bad guys” can also find what to exploit. Are there any ideas about what can be done to get around that?
Anthony Messina says
The company I work for does Nessus scans quite frequently but I have not had the opportunity to be trained on it myself. As far as your second question, to my knowledge the only way to prevent a port or vulnerability scan is if you are using a next gen firewall. Some next gen firewalls such as palo alto’s may be able to pick up on the scan and drop the connection to the server. Chances are the firewall will not be able to block all the connections originating from the Nessus scan so the attacker may still get some information back before the connection is reset. That is the only thing I can think off that COULD POSSIBLY stop an external scan on an environment.