Nessus (software)
Encyclopedia
In computer security
, Nessus is a proprietary
comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities
on the tested systems. For example:
On UNIX
(including Mac OS X), it consists of nessusd, the Nessus daemon
, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user.
According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey. Tenable estimates that it is used by over 75,000 organizations worldwide.
with one of its four internal portscanners (or it can optionally use Amap http://freeworld.thc.org/thc-amap/ or Nmap
http://www.nessus.org/documentation/index.php?doc=nmap-usage) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.
Tenable Network Security
produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests...).
Optionally, the results of the scan can be reported in various formats, such as plain text
, XML
, HTML
and LaTeX
. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.
If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash
. This lets a user test the resistance of a device before putting it in production.
Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows
credentials to examine patch levels on computers running the Windows operating system, and can perform password
auditing using dictionary
and brute force
methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.
community a free remote security scanner. On October 5, 2005, Tenable Network Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license. The Nessus 3 engine is still free of charge, though Tenable charges $100/month per scanner for the ability to perform configuration audits for PCI, CIS, FDCC and other configuration standards, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations and the ability for Nessus to perform sensitive data searches to look for credit card, social security number and many other types of corporate data.
In July of 2008, Tenable sent out a revision of the feed license which will allow home users full access to plugin feeds. A professional license is available for commercial use.
The Nessus 2 engine and a minority of the plugins are still GPL, leading to fork
ed open source projects based on Nessus like OpenVAS
and Porz-Wahn. Tenable Network Security has still maintained the Nessus 2 engine and has updated it several times since the release of Nessus 3.
Nessus 3 is available for many different Unix-like and Windows systems, offers patch auditing of UNIX and Windows hosts without the need for an agent and is 2-5 times faster than Nessus 2.
On April 9, 2009, Tenable released Nessus 4.0.0.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, Nessus is a proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...
comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
on the tested systems. For example:
- Vulnerabilities that allow a remote crackerBlack hatA black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat, especially in black and white movies....
to control or access sensitive data on a system. - Misconfiguration (e.g. open mail relayOpen mail relayAn open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users...
, missing patches, etc). - Default passwordDefault passwordWhere a device needs a username and/or password to login, a default password is usually provided that allows the device to be accessed during its initial setup...
s, a few common passwordPasswordA password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attackDictionary attackIn cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
. - Denials of serviceDenial-of-service attackA denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
against the TCP/IP stack by using mangled packetMangled packetIn computer networking, a mangled or invalid packet is a packet — especially IP packet — that either lacks order or self-coherence, or contains code aimed to confuse or disrupt computers, firewalls, routers, or any service present on the network....
s - Preparation for PCI DSS audits
On UNIX
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
(including Mac OS X), it consists of nessusd, the Nessus daemon
Daemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user.
According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey. Tenable estimates that it is used by over 75,000 organizations worldwide.
Operation
In typical operation, Nessus begins by doing a port scanPort scanner
A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.A port scan or portscan is "An attack...
with one of its four internal portscanners (or it can optionally use Amap http://freeworld.thc.org/thc-amap/ or Nmap
Nmap
Nmap is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" ofthe network...
http://www.nessus.org/documentation/index.php?doc=nmap-usage) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.
Tenable Network Security
Tenable Network Security
Tenable Network Security is a company specializing in enterprise-class software and hardware products for gathering, evaluating, communicating and reporting IT security and compliance information. The company, established in 2002, is privately owned and headquartered in Columbia, Maryland. The...
produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests...).
Optionally, the results of the scan can be reported in various formats, such as plain text
Plain text
In computing, plain text is the contents of an ordinary sequential file readable as textual material without much processing, usually opposed to formatted text....
, XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
, HTML
HTML
HyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
and LaTeX
LaTeX
LaTeX is a document markup language and document preparation system for the TeX typesetting program. Within the typesetting system, its name is styled as . The term LaTeX refers only to the language in which documents are written, not to the editor used to write those documents. In order to...
. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.
If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash
Crash (computing)
A crash in computing is a condition where a computer or a program, either an application or part of the operating system, ceases to function properly, often exiting after encountering errors. Often the offending program may appear to freeze or hang until a crash reporting service documents...
. This lets a user test the resistance of a device before putting it in production.
Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
credentials to examine patch levels on computers running the Windows operating system, and can perform password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
auditing using dictionary
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
and brute force
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.
History
The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the InternetInternet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
community a free remote security scanner. On October 5, 2005, Tenable Network Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license. The Nessus 3 engine is still free of charge, though Tenable charges $100/month per scanner for the ability to perform configuration audits for PCI, CIS, FDCC and other configuration standards, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations and the ability for Nessus to perform sensitive data searches to look for credit card, social security number and many other types of corporate data.
In July of 2008, Tenable sent out a revision of the feed license which will allow home users full access to plugin feeds. A professional license is available for commercial use.
The Nessus 2 engine and a minority of the plugins are still GPL, leading to fork
Fork
As a piece of cutlery or kitchenware, a fork is a tool consisting of a handle with several narrow tines on one end. The fork, as an eating utensil, has been a feature primarily of the West, whereas in East Asia chopsticks have been more prevalent...
ed open source projects based on Nessus like OpenVAS
OpenVAS
OpenVAS is a framework of several services and tools offering avulnerability scanning and vulnerability management solution.The actual security scanner is accompanied with a daily updated feed...
and Porz-Wahn. Tenable Network Security has still maintained the Nessus 2 engine and has updated it several times since the release of Nessus 3.
Nessus 3 is available for many different Unix-like and Windows systems, offers patch auditing of UNIX and Windows hosts without the need for an agent and is 2-5 times faster than Nessus 2.
On April 9, 2009, Tenable released Nessus 4.0.0.
See also
- Penetration testPenetration testA penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders...
- Metasploit ProjectMetasploit ProjectThe Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
- NmapNmapNmap is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" ofthe network...
- OpenVASOpenVASOpenVAS is a framework of several services and tools offering avulnerability scanning and vulnerability management solution.The actual security scanner is accompanied with a daily updated feed...
- SATANSatanSatan , "the opposer", is the title of various entities, both human and divine, who challenge the faith of humans in the Hebrew Bible...
- SAINT (software)SAINT (software)SAINT is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.-SAINT Network Vulnerability Scanner:...
- Snort (software)Snort (software)Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...
- WiresharkWiresharkWireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education...