Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nessus.

Published byAnthony Tucker Modified over 9 years ago

Similar presentations

Presentation on theme: "Nessus."— Presentation transcript:

1 Nessus

2 Who, What, Why piis8@yahoo.com Tenable Nessus 4.2.x Seccubus Inprotect
isac “piss” Tenable Nessus 4.2.x Seccubus Inprotect Improving the use of the tools Lots of new features and changes **Some statements contained herein are my own poorly validated conclusions and may be utter rubbish.

3 Objective Nessus Seccubus Inprotect Data Quick overview
Version 4.x , What is new Seccubus Why Bulk scanning Inprotect Data The bane of my existance Nessus License Agreement Seccubus Inprotect Data

4 Nessus The Nessus® vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks. -- Tenable In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. --wilipedia Nessus License Agreement

5 Nessus Apr 04 1998 first alpha version released on bugtraq
May released Feb released Dec released Foreshadowing of a future Jan Feed Model Changes Dec released Closed Source, proprietary license Oct released Last open source build Announcements Website Discussions Announcements Site

6 Nessus Mar 12 2008 3.2 released Jul 31 2008 Feed Model Changes
Registered / Direct  Home/Professional Feb Mail Lists Disabled Web based ‘Discussion Forums’ / nessus-announce stays Apr released Nov released Web based interface Apr released

7 Shiny Web Interface, no more stand-alone client
Flash / XMLRPC communications Keep a copy of the client Web Interface is still unique to each scan engine NTP 1241 disabled for Home Feed Other limitations on Home Feed, ie. 15 max hosts NTP 1241 enabled for Professional Feed …but for how long? Shared Policies New xml output format, .nessus v2 Still no easy way to share reports

8 Flash Why, Why, Why, Why Renaud states
<insert paranoia here> Renaud states “In the (not-so-distant) future, yes, HTML5 will probably be the way to go and our backend is ready for that.” … “However, today, we use Flash because it's the most efficient technology to take us where we need to be.” Adobe Flash Decompilers Why Flash Decompile General Adobe bashing Symantec Threat Report Adobe Security

9 XMLRPC ??? Future scripting / integration with 3rd party tools?
It's remote procedure calling using HTTP as the transport and XML as the encoding. XML-RPC is designed to be as simple as possible, while allowing complex data structures to be transmitted, processed and returned. -- xmlrpc.com Future scripting / integration with 3rd party tools? libs available for perl / ruby / C / .net / php / etc. 3rd party catch-up Kost on Freshmeat Net::Nessus::XMLRPC (perl) nessus-xmlrpc (ruby) Port ?

10 Home vs. Professional Home Free Max 15 hosts (simultaneous)
No Credential Scanning No Compliance checks No SCADA checks No NTP / port 1241 Professional $1200 / year Unlimited hosts Credential Scanning Compliance Checks SCADA checks NTP /port 1241 support Kost on Freshmeat

11 Compliance (ProFeed only)
As of May 4th , 68 audit files. Windows best practices *nix (linux, bsd, solaris, hpux) best pratices Antivirus Confidential data PCI / Banking data SSN Copyright / P2P Govt Keywords And more Bypass Home 4.0.2 on new linux cp libssl.so.0.9.8n /usr/lib/. ln –s /libssl.so.0.9.8n /usr/lib/libssl.so.8 cp libcrypto.so.0.9.8n /usr/lib/. ln –s /libcrypto.so.0.9.8n /usr/lib/libcrypto.so.8

12 Hacks Bypass Home restrictions (unconfirmed)
Did not get this to work. Seems like it works as long as you are offline. Shared Reports (scriptable) Drop reports to local user space 4.0.2 on new linux Tenable only gives you an .rpm ( Fedora - libssl / libcrypto dependency) Copy old n and symlink it to .8 Bypass Home Feed Does not appear to work, definitely don’t let the server talk to nessus.org 4.0.2 on new linux cp libssl.so.0.9.8n /usr/lib/. ln –s /libssl.so.0.9.8n /usr/lib/libssl.so.8 cp libcrypto.so.0.9.8n /usr/lib/. ln –s /libcrypto.so.0.9.8n /usr/lib/libcrypto.so.8

13 Hacks Report Sharing Files have “cryptic” names
Files stored in /opt/nessus/var/nessus/users/<username>/reports 5ef4e ac-8ef1-78e85fe6d0165b65e004c8e3ead4 5ef4e ac-8ef1-78e85fe6d0165b65e004c8e3ead4.name 5ef4e ac-8ef1-78e85fe6d0165b65e004c8e3ead4.nessus 5ef4e ac-8ef1-78e85fe6d0165b65e004c8e3ead4.nessus.v1 Script a cp job to move files to alternate user space Bypass Home 4.0.2 on new linux cp libssl.so.0.9.8n /usr/lib/. ln –s /libssl.so.0.9.8n /usr/lib/libssl.so.8 cp libcrypto.so.0.9.8n /usr/lib/. ln –s /libcrypto.so.0.9.8n /usr/lib/libcrypto.so.8

14 Lightweight web based front end, perl and php with a flat file db
written by Frank Breedijk, Security Engineer at Schuberg Philis Lightweight web based front end, perl and php with a flat file db User authentication is dependent on the web server Good for a small team does not scale well to a large user base

15 scanmonitor.pl Not a fan of cron Not a fan of “empty” scans
Needed a more flexible scheduler scanmonitor.pl allows for a continuous scan loop of the entire enterprise with minimal empty cycles between scan jobs initial scans 60K IPs in 16 hours on 4 scan engines **Can quickly eat hard drive space and memory

16 mrtg / resources

17 mrtg / resources

18

19 Inprotect written by Greg Kuhnert and team Web based front end, perl and php with a sql db Nice system, should scale nicely to a large user base Installation is improving but still a bit rough

20 DATA DATA DATA

21 What’s next Automated parsing of critical findings Trend exposure time
Compare known postures

22 Demo

23 ‘The Making of Horror’ Joshua Hoffine

Download ppt "Nessus."

Similar presentations

Navigating the New SAQs (Helping the 99% validate PCI compliance)

Navigating the New SAQs (Helping the 99% validate PCI compliance)
Lucas Schill Brent Grover Ed Schilla Advisor: Danny Miller.

Lucas Schill Brent Grover Ed Schilla Advisor: Danny Miller.
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.

| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
Random Password Manager Centralized scalable password management security and recovery Joe Vachon Sales Engineer.

Random Password Manager Centralized scalable password management security and recovery Joe Vachon Sales Engineer.
NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.

NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.
Office of the Vice President Copyright Notice Copyright Greg Hedrick, Matthew Wirges 2004. This work is the intellectual property of the author. Permission.

Office of the Vice President Copyright Notice Copyright Greg Hedrick, Matthew Wirges This work is the intellectual property of the author. Permission.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Vulnerability Assessments with Nessus 3 Columbia Area LUG January 10 2007.

Vulnerability Assessments with Nessus 3 Columbia Area LUG January
ManageEngine TM Applications Manager 8 Monitoring Custom Applications.

ManageEngine TM Applications Manager 8 Monitoring Custom Applications.
XenMobile 10 MDM and MAM Unified Architecture Adolfo Montoya

XenMobile 10 MDM and MAM Unified Architecture Adolfo Montoya
OPC Systems.NET. Open Automation Software Based in Lakewood, Colorado USA Founded in 1994 OPC Systems.NET released in 2004 Over 100k+ server licenses.

OPC Systems.NET. Open Automation Software Based in Lakewood, Colorado USA Founded in 1994 OPC Systems.NET released in 2004 Over 100k+ server licenses.
OPC WPFHMI.NET.

OPC WPFHMI.NET.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.

Similar presentations

Ads by Google