Tip

Using Nessus with the SANS Top 20

Value-added resellers (VARs) and consultants will be able to detect and remediate vulnerabilities identified by the SANS Top 20, as well as the Nessus scans you've already run, by following the advice offered in this tip.

    Requires Free Membership to View

Using Nessus with the SANS Top 20 to identify critical vulnerabilities
As an open source tool, Nessus has been widely used since 1998 for doing vulnerability assessments. It can scan a network and find specific vulnerabilities, such as PHP, IIS and Apache buffer overflows as listed for the Windows Web server class. Nessus currently detects vulnerabilities via a range of more than 6,000 plug-ins, where each looks for a single vulnerability.

Nessus conducts its vulnerability assessment in a four or five step process (depending on whether denial-of-service tests are conducted). First it determines whether the scanned host is alive. It then conducts a port scan to determine what services are available. It scans each service to identify the software version running, then uses this information to determine what specific vulnerabilities to test -- that is, which plug-ins to call. It conducts the vulnerability test using the required plug-in set. Then if DoS testing is selected Nessus will conduct this sequence last, as it may take the host offline.

After scanning, Nessus provides a prioritized report of the SANS Top 20 vulnerabilities that were discovered. However, like many pure-play vulnerability scanning tools, Nessus doesn't offer remediation capabilities. It merely provides links to the Common Vulnerability and Exposure list entries for the potential problems it finds. You'll need to refer to the SANS Top 20 list for links to the various vendor sites for patch remediation.

Read more on how to use open source security scanners like Nessus to address the SANS Top 20 vulnerabilities.

About the author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This tip originally appeared on SearchSecurity.com.


This was first published in January 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.