Top 3 Things You Should Know About Nessus
A friend of mine, who was preparing to teach a workshop that included information about Nessus, recently asked: "What are the top three things you would tell people about Nessus?" Below is a more detailed version of my response:
1) Network Scanning - With over 28,000 plugins, Nessus has some excellent coverage in terms of vulnerability scanning for your systems and network. When running a network-based scan it is important to tune it appropriately. Look at the different plugin families and enable the ones that you think are most relevant. In addition, review the Advanced options for your scan. If you are performing web application testing, take a look at the Advanced options global variable settings. If speed is not a factor, you can get some awesome results by enabling CGI scanning, experimental plugins and thorough tests. Finally, don't just look at the high level alerts: some medium and low level alerts can lead to root access!
2) Credentialed Scanning - Local Checks - Providing Nessus with credentials enables the scanner to gather considerably more information than a network-based scan, such as information about installed patches. For example, if your target is running CentOS, it will check that it has the latest patches. Running a credentialed scan is the best way to reduce false positives. For UNIX/Linux systems, use SSH with a pre-shared key instead of a password. Then you can use the filtering feature in the Nessus client to distribute nice reports of hosts that are missing patches to your systems administrators.
3) Credentialed Scanning - Audit Files - Another useful credentialed Nessus scan is to compare your system settings to known standards. Nessus has checks for several different standards, including CIS benchmarks, PCI, FDCC and the OWASP top ten list. Nothing says security like good ole' fashioned system hardening and Nessus can help you achieve your system hardening goals with audit file checking. This is particularly useful for systems such as web servers, as Nessus can test the operating system, Apache web server and database settings against pre-determined security standards.
You can obtain a Nessus ProfessionalFeed or HomeFeed from the Nessus homepage at www.nessus.org.