Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it.

Similar presentations


Presentation on theme: "Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it."— Presentation transcript:

1

2 Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it in some way. Nessus does not take anything for granted. Nessus is very fast, reliable and has a modular architecture that allows you to fit it to your needs.

3 Introduction continues……… The Nessus program consist of two parts,a server(it does the work of finding the holes, and reporting back to the client) and a client (it does the work of displaying the results found by the server counterpart).

4

5 Introduction continues……… The sever can be runned on a variety of UNIX boxes(including: Linux,BSD, and Solaris) and on windows NT. There Exits a verity of clients flavors that can be runned on a variety of machiens types. The client can be a Java based program –can be run on a Windows machiene and on an UNIX machiene) Win32 based Program-Possible to run off any Windows NT/95/98

6 Features Plug-in architecture. Each security test is written as an external plugin. This way, you can easily add your own tests without having to read the code of the nessusd engine. NASL. The Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security test easily and quickly. (security checks can also be written in C) Up-to-date security vulnerability database. We mostly focus on the developement of security checks for recent security holes. Our security checks database is updated on a daily basis, and all the newest security checks are available here and on your FTP servers and mirrors.here Client-server architecture. The Nessus Security Scanner is made up of two parts : a server, which performs the attacks, and a client which is the frontend. You can run the server and the client on different systems. That is, you can audit your whole network from your personnal computer, whereas the server performs its attacks from the main frame which is upstairs. There are several clients : one for X11, one for Win32 and one written in Java

7 Can test an unlimited amount of hosts at the same time. Depending of the power of the station you run the Nessus server onto, you can test two, ten or forty hosts at the same time Tests cooperation. The security tests performed by Nessus cooperate so that nothing useless is made. If your FTP server does not offer anonymous logins, then anonymous- related security checks will not be performed. Complete reports : Nessus will not only tell you what's wrong on your network, but will, most of the time, tell you how to prevent crackers from exploiting the security holes found and will give you the risk level of each problem found (from Low to Very High) Exportable reports : The Unix client can export Nessus reports as ASCII text, LaTeX, HTML, "spiffy" HTML (with pies and graphs) and an easy-to-parse file format. Smart plugins (optional) : Nessus will determine which plugins should or should not be launched against the remote host (for instance, this prevents the testing of Sendmail vulnerabilities against Postfix). (this option is called "optimizations")

8 Non-destructive (optional) : If you don't want to take the risk to bring down services on your network, you can enable the "safe checks" option of Nessus, which will make Nessus rely on banners rather than exploiting real flaws to determine if a vulnerability is present. Independent developers. The Nessus developers are independent from the rest of the world, so we will not hide a security vulnerability in the program XYZ because we have a contract with them.

9 Nessus Installation Download the Nessus source distribution from web site http://www.nessus.org under the topic Download its free. http://www.nessus.org Install Nessus using the script called nessus-installer.sh which is located under the directory nessus-installer/. Use the following command: #sh nessus-installer.sh Download the compilation software package consisting of: –nessus-libraries-x.x.tar.gz –libnasl-x.x.tar.gz –nessus-core.x.x.tar.gz –nessus-plugins.x.x.tar.gz (x represents the version of the software at the time.)

10 Untar and unzip all the files above using the command. # tar xvfz nessus-libraries-x.x.tar.gz # tar xvfz libnasl-x.x.tar.gz # tar xvfz nessus-core.x.x.tar.gz # tar xvfz nessus-plugins.x.x.tar.gz Compile each file starting from nessus-libraries as follows: # cd nessus-libraries #./configure # make # make install (For the last command, make install, you must be root to do so.) Compile libnasl: # cd libnasl #./configure # make # make install

11 Compile nessus-core: #cd nessus-core #./configure #make #make install Compile nessus-plugins: #cd nessus-plugins #./configure #make #make install After all compilation has been done, there are two mportant files created, i.e., nessusd which is Nessus' server and nessus which is its client.

12 Nessus Usage To use Nessus, there are two things one has to do. The first is to create a new user account, together with specifying his/her access privilege. The second is configuring Nessus' client. 1. New user account creation and access privilege Use the script nessus-adduser located in /usr/local/sbin to generate a new account for a user. The user will login to use Nessus via this account.

13 New user account creation

14 Selecting the method to keep a password

15 Connection privilege

16 Specifying one-time password

17 Network scan privilege allowed to joey

18 Confirmation for data item correctness

19 Add-user process completed

20 Configuration values for server nessusd

21 Starting server

22 Checking the operation of nessusd server

23 2. Nessus client configuration The clent program client nessus is located in /usr/local/bin/nessus.Use the following command to start the client. The symbol & in the figure is starting the program in backgroung mode.Note that the user who starts the client program uses ‘user-name’ snort on Linux

24 Specifying a passpharase

25 Nessus login window

26 On time password window

27 Plugin selection window

28 Further details for the vulnerability: Anonymous FTP Enabled

29 Plugin preference window

30 Scan options window

31 Target selection window

32 User window

33 Credits Window

34 Simultaneous scan status

35 A single machine scan status

36 Scan result

37 Security risk piechart

38 Plugins Plugins are the heart of Nessus because they contain a set of scripts to check vulnerabilities in a network, e.g., backdoors, DoS, wide-open ports, etc. These scripts are written in the language called NASL (Nessus Attack Scripting Language) and can be found in /usr/local/lib/nessus/plugin. The user can also develop their own scripts by studying this language from http://www.nessus.org/doc/nasl.html. Furthermore, more new scripts to test our network can be found in http://cgi.nessus.org/plugins/ http://www.nessus.org/doc/nasl.html http://cgi.nessus.org/plugins/

39 END


Download ppt "Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it."

Similar presentations


Ads by Google