In this lesson, we show how to use Nessus to scan the vulnerabilities of machines in a subnet and interpret the report generated. I have presented free network scanners such as Nmap for scanning port open for machine on a subnet. Here we present Nessus, a commercial integrated vulnerability scanning tool. It provides much richer features and reporting functions. It was originally designed by Renaud Deraison. It automates the vulnerability scanning process and saves the administrator a lot of time and effort. It performs compliance checks, including those from PCI, Payment Card Industry, Center of Internet Security CIS, Federal Desktop Core Configuration FDCC standard, and those from NIST. It can schedule the scanning regularly according to the schedule. It can perform sensitive data search, such as credit card number, social security numbers that are not encrypted in the file system on the target machines. Of course, the required system admin to provide route privilege kind of credential in those target of machines in order to log in and scan. It can perform Payment Card Industry Data Security Standard, PCIDSS for short. There configuration, compliance, audits, and then generate a comprehensive report. That save administrations and security preparations a lot of time and effort. It can receive, also, real-time vulnerability updates from tenable.com, for timely patches, or allowing the system admin to take prevention protection measure. You also include a script language for user to add plug-ins. For example, it's currently available detection additional scalar system kind of plugin for detecting additional attacks. There is a seven day Nessus evaluation versions available for you to download from tennable.com. The single user license is very expensive, it costs $2,190 per year. Nessus can be accessed through a web interface. So you can access that from anywhere, so long as you have network connections. You can enter the URL with specific port number, you will be asked with login and password credential. Here we show once we login, the web page will show a list of scans still being conducted or those already being completed. Here we have one core csnet ongoing. To create a new scan just click on the plus New Scan button on the upper left corner. You will be guided through a sequence of dial up window to select different mobility scanning features you'd like the system to perform. The system admin can set up accounts, which limit specific subnets for scanning and related search and auditing functionalities. We then pick and choose the rich set of scanning functions perform, some of these scanners only perform scanning and probing from outside. Others such as malware scan, credential, patch audit, configuration audit, requires users to enter the credentials of the. Let us say we choose a basic network scan. You will be presented a general input dialog window, where we first provide the scan name for record, which is saved as the file name. Enter the list of subnets or individual machines to be scanned in this window. Click Save, or choose Launch to do immediate scanning. If we save it, then we can later on click on the second tab on the left panel to schedule the scan. Here we show the scanning results of basic network scanning on one of our subnets. It lists the scanning result of the machine within 128.198.60.128/25 subnet. For each active machine listed here it plots a bar chart showing the vulnerability detected in colors with different severities. Red for critical severity, orange for high severity, yellow for medium one, green for the lower one, blue just for information. Know that bandwidth from the scanning server to the subnet plays an important factors in the performance, because it typically launching the scans simultaneously. All the results will come back summary and therefore you need a fast connection. Here we have 10 gigabit connections from the scanned server to the 128.198.60 subnet. It takes only 13 minutes, which is considered to be pretty quick with many machines, to finish the scanning of 12 machines with a collection of a lot of interactions.
