Internal Vulnerability Assessment using Nessus

Nessus

Nessus is an network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. Nessus employs the Nessus Attack Scripting Language (NASL), a simple language that describes individual threats and potential attacks.

Nessus has a modular architecture consisting of centralised servers that conduct scanning, and remote clients that allow for administrator interaction. Administrators can include NASL descriptions of all suspected vulnerabilities to develop customised scans. 

Nessus allows scans for the following types of vulnerabilities:

  • Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.
  • Misconfiguration (e.g. open mail relay, missing patches, etc.).
  • Default passwords, a few common passwords, and blank/absent passwords on some system accounts.
  • Denials of service against the TCP/IP stack by using malformed packets
  • Preparation for PCI DSS audits.The Nessus server is currently available for Unix, Linux and FreeBSD. The client is available for Unix- or Windows-based operating systems.

Installation (LINUX)

Before you begin, download the Nessus installation file that corresponds to your operating system from the Tenable Downloads Page (https://www.tenable.com/downloads).

  1. Install the Nessus installation package downloaded from the Downloads Page (https://www.tenable.com/downloads). The specific filename will vary depending on your platform and version. The following table contains some examples:

    2. Start the Nessus daemon using the following command depending on your platform:



    3. Complete the installation using your web browser (https://docs.tenable.com/cloud/Content/AdditionalResources/InstallNessusScanner.htm#BrowserPortion)

Vulnerability Assessment

  • A vulnerability assessment is the process of identifying, quantifying, and prioritising (or ranking) the vulnerabilities in a system.
  • Assessments are typically performed according to the following steps:
  • Cataloging assets and capabilities (resources) in a system.
  • Assigning quantifiable value (or at least rank order) and importance to those resources
  • Identifying the vulnerabilities or potential threats to each resource
  • Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

Vulnerability Assessment using Nessus

Once the Nessus is setup, open Nessus dashboard through web browser.













Now click on New Scan and select appropriate scan template.


Here we will choose internal PCI network scan template and proceed. Now we need to fill details like Name, Description and set all host/IP which we need to scan. It can be a IP, IP range or URL(test.com). We can also upload a target file consisting big list of host/IP.


As we need to perform an Internal Vulnerability Assessment, this requires ssh box credentials to be added in credentials tab.
Note: we need to add user with admin privileges and sudo access so that it can login to every target box and scan.


In Plugin tab, it tells what type of vulnerability scan plugin are available. This is predefined in internal PCI network scan. To customise this we need to choose Advance scan template according to the requirement.
Now Save the setting and Launch the scan. We can also schedule a scan in schedule section under settings tab.
Once the scan is completed, we can see the vulnerabilities listed. On top right there will be an option "Export" to download the report with many format(CSV, HTML, Nessus, Nessus DB).

Referrences
  • Wikipedia
  • Tenable.com

Comments

  1. alam22 February 2022 at 05:45

    thanks for this usefull article, waiting for this article like this again. Cyber Attack

    ReplyDelete
  2. James Zicrov15 April 2022 at 00:39

    I really loved reading your blog. It was very well authored and easy to understand.

    Vulnerability Scanning Tools

    ReplyDelete

Post a Comment

Popular posts from this blog

Image
OWASP The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organisation focused on improving the security of software. OWASP has been releasing the OWASP Top 10 list every three/four years. The list consists of the top biggest Application Security Risks according to OWASP. The list is compiled with the latest vulnerabilities, threats and attacks, as well as detection tactics and remediation. OWASP Top 10 project members create the list by analysing the occurrence rates and the general severity of each threat facing our rapidly evolving application world. Major Update This major update adds several new issues, including two issues selected by the community -  A8:2017-Insecure Deserialisation  and  A10:2017-Insufficient Logging and Monitoring . Two key differentiators from previous OWASP Top 10 releases are the substantial community feedback and extensive data assembled from dozens of organisations, possibly th...
Read more

Reconnaissance

Reconnaissance Reconnaissance is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system. It allows a hacker to gain information about the target system. This information can be used to carry out further attacks on the system. That is the reason by which it may be named a Pre-Attack, since all the information is reviewed in order to get a complete and successful resolution of the attack. Reconnaissance is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target. This is also a very important step for ethical hacker; he can find possible attacks, vulnerabilities and patch that. The Objective of Reconnaissance are collecting Network Informa...
Read more