In this chapter, we learned to set up Nessus for vulnerability scanning. Scan configuration in Nessus involves two major steps, namely configuration of a scan policy and launching a scan using the configured policy.

Scan prerequisites including deciding on the scope of the scan, getting approval in place, deciding on the scan window, updating plugins, making a backup, having proper network access opened, identifying the point of contact, and deciding on credential or noncredential scanning were also discussed.

Among the prerequisites, the first key step is to set up the scan policy, which will include four default policy templates (external, internal, PCI DSS, and web application). Nessus also offers an option to create a customized policy using the New Policy option.

There are four setting options available while creating a new policy, namely General Settings and Advance settings (including the name of the policy, visibility, port scanning options, scan performance, and safe checks), credentialed scan (with this option, Nessus is able to log in to the local system to find local system level vulnerabilities, such as missing patches, and operating system settings). The options available to add credentials for different infrastructures is explained under this section, Plugins (includes choosing the right family of security check based on the type of infrastructure under scope of scanning, such as Windows, Cisco, and database). The Denial of Service plugin should be avoided, unless specifically asked for, as it may cause downtime. The Preferences menu includes advance and deeper level of settings, which should be configured as per the infrastructure under scan.

Setting up of a policy is followed by actual scanning; the key activities include choosing a new scan, the General settings options that include Name, Type, and Policy for scanning, which can be default or customized, and Scan targets including the IP of the infrastructure to be scanned (a text file can be used for the same). It is also explained how scan result can be mailed post completion of a scan. Finally, an option to retrieve the scan result from the Result tab is explained in brief.

In the next chapter, we will learn about performing scan results analysis, which will cover false positive analysis, vulnerability analysis, exploiting vulnerabilities, and so on.