NESSUS
Yifeng ChenKaiqiang Tang
NESSUSA web-based, full featured vulnerability scanner
Key Features
Running the Tool
Select Policies
Starting a Scan
Analyzing the reports
NESSUSKey Features
● Identifies & analyzes Vulnerabilities
● Checks latest software patches
● Tries default or common passwords
● Configuration & mobile device audits
● Customized reporting
NESSUSRunning the Tool
● Scan individual computers, ranges of IP address, or complete subnets
● Allow you to test one individual vulnerability or a set of vulnerabilities
● Nessus will try to exploit the vulnerabilities
NESSUSRunning the Tool
Foundations:
● System
● Ports & listening services
● Operating system
NESSUSSelect Policies
NESSUSSelect Policies - Advanced Scan
Default ScanTotal controal of their policy configuration
NESSUSSelect Policies - Audit Cloud Infrastructure
Third-party cloud service
NESSUSSelect Policies - Bash Shellshock Detection
Detect shellshock bash bug
NESSUSSelect Policies - Basic Network Scan
Scanning internal/external hosts
NESSUSSelect Policies - Credentialed Patch Audit
Check missing software updates/patches
NESSUSSelect Policies - Host Discovery
Identifies live hosts & open ports
NESSUSSelect Policies - Internal PCI Network Scan
Preparing for a PCI-DSS compliance audit
NESSUSSelect Policies - Mobile Device Scan
Assess mobile devices
NESSUSSelect Policies - Offline Config Audit
Audit configuration file of a network device
NESSUSSelect Policies - PCI Quarterly External Scan
Internal PCI Scan VS. External PCI Scan
NESSUSSelect Policies - Policy Compliance Auditing
Audit system configurations
NESSUSSelect Policies - SCAP Compliance Audit
Enable automated vulnerability management,measurement, and policy compliance evaluation.
NESSUSSelect Policies - Web Application Tests
Detect vulnerabilities existing in web app
NESSUSSelect Policies - Windows Malware Scan
Search malware on Windows systems
NESSUSCreate a new Policy
Ex: "Port Scanning" Ex: "Policy Plugin"
NESSUSStart a Scan
NESSUSStart a Scan
NESSUSAnalyzing the Reports
NESSUSAnalyzing the Reports
NESSUSAnalyzing the Reports