Nessus is one of the most widely-used Vulnerability Assessment products. First released in the year 1998 by Renaud Deraison, this tool has been one of the most popular vulnerability scanning tools used across the industry for the past 15 years.
The official website of Nessus (http://www.tenable.com) describes it as follows:
"Nessus® is the industry's most widely-deployed vulnerability and configuration assessment product. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture. Fueled by Nessus ProfessionalFeed®, a continuously-updated library with more than 50,000 individual vulnerability and configuration checks, and supported by an expert vulnerability research team, Nessus delivers accuracy to the marketplace. Nessus scales to serve the largest organizations and is quick-and-easy to deploy."
Over the years, Nessus has evolved from a pure play vulnerability scanner to include added assessment and auditing features such as configuration auditing, compliance auditing, patch auditing, control system auditing, and mobile device auditing. It is best known for the ease and flexibility offered by its Vulnerability Assessment feature.
The key infrastructure that is covered under Nessus Vulnerability Scanner includes the following:
- Network devices: These include Juniper, Cisco, firewalls, and printers
- Virtual hosts: These include VMware ESX, ESXi, vSphere, and vCenter
- Operating systems: These include Windows, Mac, Linux, Solaris, BSD, Cisco iOS, and IBM iSeries
- Databases: These include Oracle, MS SQL Server, MySQL, DB2, Informix/DRDA, and PostgreSQL
- Web applications: These include web servers, web services, and OWASP vulnerabilities
Nessus Vulnerability Scanner is an easy-to-use tool. Someone new to the tool can learn it easily.
The detailed steps on how to install Nessus have been given later in this chapter. Once you install Nessus, you can do one-time setups for your Nessus scanner such as setting up user accounts to access the scanner; general settings, such as configuring SMTP or a web proxy, feed settings, mobile settings, and result settings; and configuring advanced configuration settings. These settings have been detailed later in this chapter. They are very unique to your scanning environment, which depends on your organization's security policies and preferences. You may also want to create some generic policies before you go for the scan, depending on the requirements.
Nessus provides the flexibility to schedule scans on target hosts for future scanning. This is as good as job scheduling. You can configure and schedule in advance with a predefined time and policy. Nessus will automatically initiate the scan at the defined time and e-mail the results to predefined e-mail IDs. This doesn't need any manual trigger to invoke scans. You can also schedule repeat scans such as "my scan target IPs should be scanned every Thursday at 3 AM CET". Most of the time, large enterprise organizations face a lot of challenges to identifying a scanning window. A scanning window is a time frame for the scan that defines at what time the scan should take place and the time by when the scan should be completed. Usually, the scanning window is decided based on the production load on the scanning machines. It is recommended that production machines be scanned only in nonpeak hours. Nonpeak hours is the time when the target or scanning machine is least used during a day/week.
To enable a comprehensive coverage of security checks, Nessus provides a large variety of plugins grouped together to provide similar security checks. Grouping allows disabling or enabling a large quantity of plugins based on target machines in one go. Examples of the major plugin family include Windows, Linux, Solaris, Cisco, and Database. For details about plugins and the difference between the home feed and professional feed families, please refer to the Nessus official website at https://plugins.nessus.org.
Nessus, being one of the most widely-used tools, has an active online support community at https://discussions.nessus.org.
Nessus is one of the most cost-efficient scanning tools available with features such as low total cost of ownership (TCO) and scan unlimited number of IPs. Nessus subscriptions include software updates, access to Tenable's compliance and audit files, and support. Additionally, it also includes the daily update of vulnerability and configuration checks with automated installation.
Nessus is very successful in patch management; this is achieved by integrating Nessus with a variety of patch management solutions. The good part here is that you need not supply credentials to Nessus for scanning the target machines; instead, you need to supply the credentials for the patch management system. This is because the patch management system will already have the credentials to reach the target host.