Task 8.1: Penetration Testing with Nessus

Nessus, owned by Tenable Network Security, Inc., was developed in 1998 and has grown to be the world’s most well-known security scanner. Its primary purpose is to alert the user to security holes and vulnerabilities in scanned systems. It can be used to scan Windows, Linux, or other operating systems. It uses a client-server technology so that Nessus servers can be placed throughout the network and then be contacted when they are needed by Nessus clients to perform scans. Nessus is an open source product, which means it is free to use without you paying a license fee.

Scenario

Your employer has asked that you scan the organization’s systems for vulnerabilities and known exploits. Your employer does not want you to run any test that might compromise the system by damaging it or by taking it offline.

Scope of Task

Duration

This task should take about 25 minutes.

Setup

For this task, you will need two or more network computers, access to the Administrator account, and an Internet connection.

Caveat

Vulnerability scanners can cause problems and have been known to crash systems or make systems hang. You will need to closely examine what types of scanner plug-ins are available to help minimize the possibility that this could happen. Additionally, vulnerability scans can cause intrusion detection system/intrusion protection system (IDS/IPS) devices/software to produce false positives, which should be taken into consideration prior to scanning.

Procedure

In this task, you will learn how to install and run Nessus.

Equipment Used

For this task, you must have:

  • Two or more networked computers, at least one running Windows XP, Windows Vista, or Windows 7
  • Internet access

Details

This task will show you how to install and run Nessus. This program will allow you to scan networked systems for known vulnerabilities and security holes.

image

Be sure to scan only your own systems or those that you have been given written permission to scan. System owners can become rather upset when individuals scan their systems without permission, since this activity is commonly performed by hackers before they launch an attack.

1. Once you have accessed your Windows computer and logged in as Administrator, open your browser and go to www.nessus.org/download/.

For this task, you will be using the Windows home version of Nessus. Once the download is completed, you will be prompted to begin the installation.

2. During the installation, you will be prompted to accept the licensing agreement. You must accept this agreement to complete the installation. Continue with the setup and accept all the other default settings to complete the installation. After the installation is completed and loaded, Nessus will update the plug-ins. Once all plug-ins are updated, click Start Nessus Server.

image
image

Plug-ins are written to address specific vulnerabilities.

3. Once you are registered, you need to create a user account. Under Windows, open the Nessus Server Manager program and click Manage Users to create accounts. After you have created your user account, log into https://localhost:8834/ to get started.

image

4. Nessus uses plug-ins to scan for specific vulnerabilities. Each plug-in performs a specific security check. For this task, you should choose Policies to save a basic scan type. Add the policy name of Basic and accept all other defaults. Click Scans to accept options.

image

5. Before the scan can begin, you will need to select the Add option to specify what systems are to be scanned. You may enter a single system or enter a range of systems to be scanned. For this task, choose your entire network range. We have chosen the 192.168.123.1–254 range.

image

6. Choose Launch. Nessus will provide you with a status screen while the scan is being performed.

image

7. Once Nessus completes its scan, you will be presented with a detailed report of its findings. The report lists each system that was scanned and provides specific details on all vulnerabilities that were found. You will need to scroll down the list to get a more in-depth listing of what was found during the scan.

image
image

Although Nessus is a great tool for performing automated vulnerability scanning, its results can sometimes provide false positives. If you are unsure of the results, you can double-check the results by running a second scan, using an alternate tool, or even performing a manual inspection of the computer.

8. Nessus provides a lot of detail about the vulnerabilities it found and makes it easy to use the information to patch or harden the system. An example follows:

Synopsis

The manufacturer can be deduced from the Ethernet OUI.

 

Description

Each ethernet MAC address starts with a 24-bit 'Organizationally

Unique Identifier'.

These OUI are registered by IEEE.

 

Solution

n/a

See Also

http://standards.ieee.org/faqs/OUI.html

http://standards.ieee.org/regauth/oui/index.shtml

 

Risk Factor

None

 

Plugin Output

The following card manufacturers were identified :

 

00:e0:11:05:fd:53 : Uniden Corporation

 

Plugin Publication Date: 2009/02/19

 

Plugin Last Modification Date: 2010/10/26

The information provided by Nessus includes the following:

Synopsis This output details item discovered.

Description This output provides the details of what was found.

Solution This output provides information on how to eliminate the problem.

Risk Factor This output indicates the severity of the risk, ranked as low, medium, or high.

CVE The Common Vulnerabilities and Exposures (CVE) is a listing that provides common names for publicly known information-security vulnerabilities.

Nessus Plugin ID This output provides the ID number that specifies the plug-in number used to discover the vulnerability.

Criteria for Completion

You have completed this task when you have downloaded, installed, and run Nessus to perform a vulnerability scan.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.93.68