Value-added resellers (VARs) and consultants will be able to detect and remediate vulnerabilities identified by the SANS Top 20, as well as the Nessus scans you've already run, by following the advice offered in this tip.
As an open source tool, Nessus has been widely used since 1998 for doing vulnerability assessments. It can scan a network and find specific vulnerabilities, such as PHP, IIS and Apache buffer overflows as listed for the Windows Web server class. Nessus currently detects vulnerabilities via a range of more than 6,000 plug-ins, where each looks for a single vulnerability.
Nessus conducts its vulnerability assessment in a four or five step process (depending on whether denial-of-service tests are conducted). First it determines whether the scanned host is alive. It then conducts a port scan to determine what services are available. It scans each service to identify the software version running, then uses this information to determine what specific vulnerabilities to test -- that is, which plug-ins to call. It conducts the vulnerability test using the required plug-in set. Then if DoS testing is selected Nessus will conduct this sequence last, as it may take the host offline.
After scanning, Nessus provides a prioritized report of the SANS Top 20 vulnerabilities that were discovered. However, like many pure-play vulnerability scanning tools, Nessus doesn't offer remediation capabilities. It merely provides links to the Common Vulnerability and Exposure list entries for the potential problems it finds. You'll need to refer to the SANS Top 20 list for links to the various vendor sites for patch remediation.
About the author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.
This tip originally appeared on SearchSecurity.com.
This was first published in January 2007