You are previewing Nessus Network Auditing, 2nd Edition.
O'Reilly logo
Nessus Network Auditing, 2nd Edition

Book Description

The Updated Version of the Bestselling Nessus Book.

This is the ONLY Book to Read if You Run Nessus Across the Enterprise
Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, vendor, and practitioner alike, many of whom rely on Nessus as the foundation to their security practices. Now, a team of leading developers have created the definitive book for the Nessus community.

* Perform a Vulnerability Assessment
Use Nessus to find programming errors that allow intruders to gain unauthorized access.

* Obtain and Install Nessus
Install from source or binary, set up up clients and user accounts, and update your plug-ins.

* Modify the Preferences Tab
Specify the options for Nmap and other complex, configurable components of Nessus.

* Understand Scanner Logic and Determine Actual Risk
Plan your scanning strategy and learn what variables can be changed.

* Prioritize Vulnerabilities
Prioritize and manage critical vulnerabilities, information leaks, and denial of service errors.

* Deal with False Positives
Learn the different types of false positives and the differences between intrusive and nonintrusive tests.

* Get Under the Hood of Nessus
Understand the architecture and design of Nessus and master the Nessus Attack Scripting Language (NASL).

* Scan the Entire Enterprise Network
Plan for enterprise deployment by gauging network bandwith and topology issues.

* Nessus is the premier Open Source vulnerability assessment tool, and has been voted the "most popular" Open Source security tool several times.
* The first edition is still the only book available on the product.
* Written by the world's premier Nessus developers and featuring a foreword by the creator of Nessus, Renaud Deraison.

Table of Contents

  1. Copyright
  2. Technical Editor
  3. Contributing Authors
  4. 1. Vulnerability Assessment
    1. Introduction
    2. What Is a Vulnerability Assessment?
      1. Why a Vulnerability Assessment?
      2. Assessment Types
        1. Host Assessments
        2. Network Assessments
    3. Automated Assessments
      1. Stand-Alone vs. Subscription
      2. The Assessment Process
        1. Detecting Live Systems
        2. Identifying Live Systems
        3. Enumerating Services
        4. Identifying Services
        5. Identifying Applications
        6. Identifying Vulnerabilities
        7. Reporting Vulnerabilities
    4. Two Approaches
      1. Administrative Approach
      2. The Outsider Approach
      3. The Hybrid Approach
    5. Realistic Expectations
    6. Summary
    7. Solutions Fast Track
      1. What Is a Vulnerability Assessment?
      2. Automated Assessments
      3. Two Approaches
      4. Realistic Expectations
    8. Frequently Asked Questions
  5. 2. Introducing Nessus
    1. Introduction
    2. What Is It?
    3. The De Facto Standard
    4. History
    5. Basic Components
      1. Client and Server
      2. The Plugins
      3. The Knowledge Base
    6. Summary
    7. Solutions Fast Track
      1. What Is It?
      2. The De Facto Standard
      3. History
      4. Basic Components
    8. Frequently Asked Questions
  6. 3. Installing Nessus
    1. Introduction
    2. Nessus Version Comparison
    3. Picking a Server
      1. Supported Operating Systems
      2. Minimal Hardware Specifications
      3. Network Location
    4. Nessus 2.2.x Install Guide
      1. Nessus Install Script
      2. Installation from Source
      3. ./configure
    5. Nessus 3 Install Guide
      1. Mac OS X Install Process
      2. UNIX Install Process
      3. Fresh Installation
        1. Red Hat and SUSE
        2. Debian
        3. Solaris
        4. FreeBSD
      4. Upgrading from Nessus 2
    6. Configuring Nessus for UNIX
      1. Creating a User Account
      2. Windows Install Process
    7. Final Steps
    8. Installing a Client
    9. Summary
    10. Solutions Fast Track
      1. Nessus Version Comparison
      2. Picking a Server
      3. Installation
      4. Configuring Nessus
      5. Installing a Client
    11. Frequently Asked Questions
  7. 4. Running Your First Scan
    1. Introduction
    2. Preparing for Your First Scan
      1. Authorization
      2. Risk vs. Benefit
        1. Denial of Service
        2. Missing Information
        3. Providing Authentication Information
        4. Plugin Selection
    3. Starting the Nessus Client
    4. Policies
      1. Policy Tab
      2. Options Tab
      3. Credentials Tab
      4. Plugin Selection Tab
      5. Network Tab
      6. Advanced Tab
    5. Target Selection
    6. Starting the Scan
    7. Nessus Command Line
    8. Summary
    9. Solutions Fast Track
      1. Preparing for Your First Scan
      2. Starting the Nessus Client
      3. Policy Options
      4. Policy Credentials
      5. Policy Plugins
      6. Policy Advanced Options
      7. Target Selections
      8. Starting the Scan
    10. Frequently Asked Questions
  8. 5. Interpreting Results
    1. Introduction
    2. The Nessus UI Basics
      1. Viewing Results Using the Nessus 3 Client for Linux/UNIX and Windows
        1. Using the Basic Report Viewer
        2. Saving and Exporting to Other Formats
        3. Loading and Importing Reports
    3. Reading a Nessus Report
      1. Understanding Vulnerabilities
      2. Understanding Risk
      3. Understanding Scanner Logic
      4. Key Report Elements
        1. Asking the Right Questions
      5. Factors that Can Affect Scanner Output
        1. Plugin Selection
        2. The Role of Dependencies
        3. Safe Checks
        4. no404.nasl
        5. Ping the Remote Host
        6. Portscanner Settings
        7. Proxies, Firewalls, and TCP Wrappers
        8. Valid Credentials
        9. KB Reuse and Differential Scanning
        10. And Many More...
        11. Scanning Web Servers and Web Sites
        12. Web Servers and Load Balancing
        13. Bugs in the Plugins
        14. Additional Reading
        15. Configuration Files
        16. NASL
        17. The Nessus KB
        18. The Nessus Logs
      6. Forums and Mailing Lists
    4. Summary
    5. Solutions Fast Track
      1. The Nessus UI Basics
      2. Reading a Nessus Report
    6. Frequently Asked Questions
  9. 6. Vulnerability Types
    1. Introduction
    2. Critical Vulnerabilities
      1. Buffer Overflows
      2. Directory Traversal
      3. Format String Attacks
      4. Default Passwords
      5. Misconfigurations
      6. Known Backdoors
    3. Information Leaks
      1. Memory Disclosure
      2. Network Information
      3. Version Information
      4. Path Disclosure
      5. User Enumeration
    4. Denial of Service
    5. Best Practices
    6. Summary
    7. Solutions Fast Track
      1. Critical Vulnerabilities
      2. Information Leaks
      3. Denial of Service
      4. Best Practices
    8. Frequently Asked Questions
  10. 7. False Positives
    1. Introduction
    2. What Are False Positives?
      1. A Working Definition of False Positives
    3. Why False Positives Matter
      1. False Positives Waste Your Time
      2. False Positives Waste Others’ Time
      3. False Positives Cost Credibility
      4. Generic Approaches to Testing
        1. An Overview of Intrusive Scanning
        2. An Overview of Nonintrusive Scanning
      5. The Nessus Approach to Testing
    4. Dealing with False Positives
      1. Dealing with Noise
      2. Analyzing the Report
      3. False Positives, and Your Part in Their Downfall
    5. Dealing with a False Positive
      1. Disabling a Nessus Plugin
        1. Disabling a Plugin with Nessus 3
        2. Disabling a Plugin Under Unix
        3. Marking a Result as a False Positive with NessusWX
      2. False Positives and Web Servers—Dealing with Friendly 404s
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  11. 8. Under the Hood
    1. Introduction
    2. Nessus Architecture and Design
    3. Host Detection
    4. Service Detection
    5. Information Gathering
    6. Vulnerability Fingerprinting
    7. Denial-of-Service Testing
    8. Putting It All Together
    9. Summary
    10. Solutions Fast Track
      1. Nessus Architecture and Design
      2. Host Detection
      3. Service Detection
      4. Information Gathering
      5. Vulnerability Fingerprinting
      6. Denial-of-Service Testing
      7. Putting It All Together
    11. Frequently Asked Questions
  12. 9. The Nessus Knowledge Base
    1. Introduction
    2. Knowledge Base Basics
      1. What Is the Knowledge Base?
        1. A word about the “Policy.xml” file
      2. Where the Knowledge Base Is Stored
      3. Using the Knowledge Base
    3. Information Exchange
      1. How Plugins Use the Knowledge Base to Share Data
      2. The Type of Data that Is Stored
      3. Dependency Trees
    4. Limitations
      1. Using get_kb_item and fork
    5. Summary
    6. Solutions Fast Track
      1. Knowledge Base Basics
      2. Information Exchange
      3. Limitations
    7. Frequently Asked Questions
  13. 10. Enterprise Scanning
    1. Introduction
    2. Planning a Deployment
      1. Define Your Needs
        1. Planning
        2. Preparation
        3. Segmentation
      2. Network Topology
      3. Bandwidth Requirements
        1. Portscanning Phase
        2. Testing Phase
      4. Automating the Procedure
    3. Configuring Scanners
      1. Assigning the Tasks
      2. System Requirements
      3. Scanning for a Specific Threat
      4. Best Practices
        1. Divide and Conquer
        2. Segregate and Limit
        3. Certificates for the Forgetful
        4. Speed Is Not Your Enemy
        5. Keep a Watchful Eye
    4. Data Correlation
      1. Combining Reports
        1. Preparing Your Database
      2. Differential Reporting
      3. Filtering Reports
      4. Third-Party Tools
        1. Extracting Information from a Saved Session Prior to Version 2.2.0 of Nessusd Using sd2nbe
        2. Nessus Integration with Perl and Net::Nessus::ScanLite Prior to Version 3.0.0
        3. Nessus NBE Report Parsing Using Parse::Nessus::NBE
    5. Common Problems
      1. Aggressive Scanning
      2. Volatile Applications
      3. Printer Problems
      4. Scanning Workstations
    6. Summary
    7. Solutions Fast Track
      1. Planning a Deployment
      2. Configuring Scanners
      3. Data Correlation
      4. Common Problems
    8. Frequently Asked Questions
  14. 11. NASL
    1. Introduction
    2. Why NASL?
      1. Why Do You Want to Write (and Publish) Your Own NASL Scripts?
    3. Structure of a NASL Script
      1. The Description Section
    4. An Introduction to the NASL Language
      1. Writing Your First Script
        1. Assuming that the FTP Server Is Listening on Port 21
        2. Establishing a Connection to the Port Directly
        3. Respecting the FTP Protocol
        4. Wrapping It Up
      2. More Advanced Scripting
        1. String Manipulation
          1. How Strings Are Defined in NASL
          2. String Addition and Subtraction
          3. String Search and Replace
        2. Regular Expressions in NASL
      3. The NASL Protocol APIs
        1. HTTP
        2. FTP
        3. NFS
        4. Other Protocol API Libraries
    5. The Nessus Knowledge Base
    6. Summary
    7. Solutions Fast Track
      1. Why NASL?
      2. Structure of a NASL Script
      3. An Introduction to the NASL Language
      4. The Nessus Knowledge Base
    8. Frequently Asked Questions
  15. 12. The Nessus User Community
    1. Introduction
    2. The Nessus Mailing Lists
      1. Subscribing to a Mailing List
      2. Sending a Message to a Mailing List
      3. Accessing a List’s Archives
    3. The Online Plug-In Database
      1. Staying Abreast of New Plug-Ins
    4. Reporting Bugs via Bugzilla
      1. Querying Existing Bug Reports
      2. Creating and Logging In to a Bugzilla Account
      3. Submitting a Bug Report
    5. Submitting Patches and Plug-Ins
      1. Submitting Patches
      2. Submitting Plug-Ins
    6. Where to Get More Information and Help
    7. Summary
    8. Solutions Fast Track
      1. The Nessus Mailing Lists
      2. The Online Plug-In Database
      3. Reporting Bugs via Bugzilla
      4. Submitting Patches and Plug-Ins
      5. Where to Get More Information and Help
    9. Frequently Asked Questions
  16. 13. Compliance Monitoring with Nessus 3
    1. Introduction
    2. Understanding Compliance
      1. HIPAA
      2. Payment Card Industry (PCI)
      3. FERPA
      4. NERC
      5. ISO/IEC 27002:2005
      6. NIST 800 Series
    3. The Nessus Compliance Engine
      1. Compliance with Nessus
      2. Types of audits
      3. .audit Files
        1. How .audit Files Work
        2. Examples
    4. Using Nessus 3 Auditing
      1. Updating Nessus 3 Plugins
      2. Creating a New Policy
      3. Starting Your Audit
    5. Nessus 3 Reporting
    6. Summary
    7. Solutions Fast Track
      1. What is Compliance?
      2. The Nessus 3 Compliance Engine
      3. Using Nessus 3 Compliance
      4. Nessus 3 Reporting
    8. Frequently Asked Questions