2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University
Outline Description & Feature Operation mode Installation Example 1 (Unix-base) Example 2 (Windows-base) Summary Information Networking Security and Assurance Lab National Chung Cheng University
Outline Description & Feature Operation mode Installation Example 1 (Unix-base) Example 2 (Windows-base) Summary Information Networking Security and Assurance Lab National Chung Cheng University
Description The “Nessus” security scanner is a software which will audit remotely a given network and determine whether someone (or something - like a worm) may break into it, or misuse it in some way Information Networking Security and Assurance Lab National Chung Cheng University
Feature Free Powerful Fast Modular architecture Reliable Up-to-date (#nessus-update-plugins) Information Networking Security and Assurance Lab National Chung Cheng University
Outline Description & Feature Operation mode Installation Example 1 (Unix-base) Example 2 (Windows-base) Summary Information Networking Security and Assurance Lab National Chung Cheng University
Information Networking Security and Assurance Lab National Chung Cheng University WWW FTP Mail Proxy Nessus Server-nessusd Nessus Client
Outline Description & Feature Operation mode Installation Example 1 (Unix-base) Example 2 (Windows-base) Summary Information Networking Security and Assurance Lab National Chung Cheng University
Environment Version Platform Intel X86 OS Debian GNU/Linux Compiler gcc-2.95 Information Networking Security and Assurance Lab National Chung Cheng University
Three Choices!! The easy and dangerous way!! The easy and less dangerous way!! Information Networking Security and Assurance Lab National Chung Cheng University The Debian fast way!!
Start Information Networking Security and Assurance Lab National Chung Cheng University
Add User The command User name The way of auth Type the password The rule set for the user
Start nessusd Information Networking Security and Assurance Lab National Chung Cheng University Run the nessusd as daemon!! Loading the plugins
Outline Description & Feature Operation mode Installation Example 1 (Unix-base) Example 2 (Windows-base) Summary Information Networking Security and Assurance Lab National Chung Cheng University
Internet The router of EE The router of CCU The router of ISU WJL.ee.ccu linux.ee.isu Environment
Configuration of nessus client
Start the scan Information Networking Security and Assurance Lab National Chung Cheng University
Report Information Networking Security and Assurance Lab National Chung Cheng University
Report with HTML Format Information Networking Security and Assurance Lab National Chung Cheng University
Outline Description & Feature Operation mode Installation Example 1 (Unix-base) Example 2 (Windows-base) Summary Information Networking Security and Assurance Lab National Chung Cheng University
Internet The router of EE The router of CCU The router of ISU WJL.ee.ccu linux.ee.isu Environment
Description NessusWX is a client program for Nessus security scanner which is designed specially for Windows platform Version Download zip Information Networking Security and Assurance Lab National Chung Cheng University
Setting
Connect to nessus server Information Networking Security and Assurance Lab National Chung Cheng University
Create a session
Execute
View the result
Report with HTML Format
Export to the MySQL Database (1/4) First Let the user can access database from the location Information Networking Security and Assurance Lab National Chung Cheng University The SQL command
Export to the MySQL Database (2/4) Second Create the database and the tables (create_tables.txt) Information Networking Security and Assurance Lab National Chung Cheng University
Export to the MySQL Database (3/4) Information Networking Security and Assurance Lab National Chung Cheng University
Export to the MySQL Database (4/4)
Outline Description & Feature Operation mode Installation Example 1 (Unix-base) Example 2 (Windows-base) Summary Information Networking Security and Assurance Lab National Chung Cheng University
An ounce of prevention is better than a pound of cure Information Networking Security and Assurance Lab National Chung Cheng University