1. VULN SCANNING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security

2. Overview Nessus –Architecture –Plugins –Reporting 2

3. Vulnerability Scanning Scans the target for potential problems that yield the target vulnerable to attacks: –Unpatched OS –Outdated applications –Unsecure accounts –Misconfigurations –Etc. Nessus is a market leader in vulnerability scanning. Major contenders include SATAN, SAINT, Retina, etc. 3

4. Nessus Architecture 4

5. Client-server architecture. –The program is in fact installed on the Nessus server. Includes a large number of plug-ins. –Each plugin is a source of vulnerability. –Well organized and tied to industry vulnerability databases. Plugins are organized into “families”. A policy controls which vulnerabilities to load (scanning for those vulnarabilities). 5

6. Nessus Server The server component receives scanning requests from the client and performs the actual scan. Runs as a service. The managed port number is 8834 (accessed with SSL). Maintains a list of user accounts. –A user account is required for scanning. –Two types of accounts: admin and regular. 6

7. Nessus Client Connects to the server to perform the scan. Typical thin-client (browser) application. SSL connection to the server. Can create its own, “private” scanning policies, or use “shared” policies” created by the administrator. 7

8. Scan Settings 8

9. Reporting Capabilities Dynamic, context-driven, tabbed views in Web browser Overview, executive summary reports Detailed reports by port numbers/vulnerability IDs Exported to HTML or rich-text formats 9

10. Reporting Capabilities 10