Home Page Icon
Home Page
Table of Contents for
Table of Contents
Close
Table of Contents
by Himanshu Kumar
Learning Nessus for Penetration Testing
Learning Nessus for Penetration Testing
Table of Contents
Learning Nessus for Penetration Testing
Credits
About the Author
About the Reviewers
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Fundamentals
Vulnerability Assessment and Penetration Testing
Need for Vulnerability Assessment
Risk prevention
Compliance requirements
The life cycles of Vulnerability Assessment and Penetration Testing
Stage 1 – scoping
Stage 2 – information gathering
Stage 3 – vulnerability scanning
Stage 4 – false positive analysis
Stage 5 – vulnerability exploitation (Penetration Testing)
Stage 6 – report generation
Introduction to Nessus
Initial Nessus setup
Scheduling scans
The Nessus plugin
Patch management using Nessus
Governance, risk, and compliance checks using Nessus
Installing Nessus on different platforms
Prerequisites
Installing Nessus on Windows 7
Installing Nessus on Linux
Definition update
Online plugin updates
Offline plugin updates
Custom plugins feed host-based updates
User management
Adding a new user
Deleting an existing user
Changing the password or role of an existing user
Nessus system configuration
General Settings
SMTP settings
Web proxy settings
Feed Settings
Mobile Settings
ActiveSync (Exchange)
Apple Profile Manager
Good For Enterprise
Result Settings
Advanced Settings
Summary
2. Scanning
Scan prerequisites
Scan-based target system admin credentials
Direct connectivity without a firewall
Scanning window to be agreed upon
Scanning approvals and related paper work
Backup of all systems including data and configuration
Updating Nessus plugins
Creating a scan policy as per target system OS and information
Configuring a scan policy to check for an organization's security policy compliance
Gathering information of target systems
Sufficient network bandwidth to run the scan
Target system support staff
Policy configuration
Default policy settings
New policy creation
General Settings
Credentialed scan
The Windows credentials option
Windows usernames, passwords, and domains
The SSH settings option
The Kerberos configuration option
The Cleartext protocols settings option
Plugins
Filtering
Preferences
Scan configuration
Configuring a new scan
General settings
E-mail settings
Scan execution and results
Summary
3. Scan Analysis
Result analysis
Report interpretation
Hosts Summary (Executive)
Vulnerabilities By Host
Vulnerabilities By Plugin
False positive analysis
Understanding an organization's environment
Target-critical vulnerabilities
Proof of concept
Port scanning tools
Effort estimation
Vulnerability analysis
False positives
Risk severity
Applicability analysis
Fix recommendations
Vulnerability exploiting
Exploit example 1
Exploit example 2
Exploit example 3
Summary
4. Reporting Options
Vulnerability Assessment report
Nessus report generation
Report filtering option
Nessus report content
Report customization
Report automation
Summary
5. Compliance Checks
Audit policies
Credentials
Compliance reporting
Auditing infrastructure
Windows compliance check
Windows File Content
Unix compliance check
Cisco IOS compliance checks
Database compliance checks
PCI DSS compliance
VMware vCenter/vSphere Compliance Check
Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Learning Nessus for Penetration Testing
Table of Contents
Learning Nessus for Penetration Testing
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Fundamentals
Vulnerability Assessment and Penetration Testing
Need for Vulnerability Assessment
Risk prevention
Compliance requirements
The life cycles of Vulnerability Assessment and Penetration Testing
Stage 1 – scoping
Stage 2 – information gathering
Stage 3 – vulnerability scanning
Stage 4 – false positive analysis
Stage 5 – vulnerability exploitation (Penetration Testing)
Stage 6 – report generation
Introduction to Nessus
Initial Nessus setup
Scheduling scans
The Nessus plugin
Patch management using Nessus
Governance, risk, and compliance checks using Nessus
Installing Nessus on different platforms
Prerequisites
Installing Nessus on Windows 7
Installing Nessus on Linux
Definition update
Online plugin updates
Offline plugin updates
Custom plugins feed host-based updates
User management
Adding a new user
Deleting an existing user
Changing the password or role of an existing user
Nessus system configuration
General Settings
SMTP settings
Web proxy settings
Feed Settings
Mobile Settings
ActiveSync (Exchange)
Apple Profile Manager
Good For Enterprise
Result Settings
Advanced Settings
Summary
2. Scanning
Scan prerequisites
Scan-based target system admin credentials
Direct connectivity without a firewall
Scanning window to be agreed upon
Scanning approvals and related paper work
Backup of all systems including data and configuration
Updating Nessus plugins
Creating a scan policy as per target system OS and information
Configuring a scan policy to check for an organization's security policy compliance
Gathering information of target systems
Sufficient network bandwidth to run the scan
Target system support staff
Policy configuration
Default policy settings
New policy creation
General Settings
Credentialed scan
The Windows credentials option
Windows usernames, passwords, and domains
The SSH settings option
The Kerberos configuration option
The Cleartext protocols settings option
Plugins
Filtering
Preferences
Scan configuration
Configuring a new scan
General settings
E-mail settings
Scan execution and results
Summary
3. Scan Analysis
Result analysis
Report interpretation
Hosts Summary (Executive)
Vulnerabilities By Host
Vulnerabilities By Plugin
False positive analysis
Understanding an organization's environment
Target-critical vulnerabilities
Proof of concept
Port scanning tools
Effort estimation
Vulnerability analysis
False positives
Risk severity
Applicability analysis
Fix recommendations
Vulnerability exploiting
Exploit example 1
Exploit example 2
Exploit example 3
Summary
4. Reporting Options
Vulnerability Assessment report
Nessus report generation
Report filtering option
Nessus report content
Report customization
Report automation
Summary
5. Compliance Checks
Audit policies
Credentials
Compliance reporting
Auditing infrastructure
Windows compliance check
Windows File Content
Unix compliance check
Cisco IOS compliance checks
Database compliance checks
PCI DSS compliance
VMware vCenter/vSphere Compliance Check
Summary
Index
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset