A first use for this feature is to scan your network in background, quit the client, then come back a few hours later and download the results. This usage requires that you enable the session saving feature.
In the target selection tab of the client, activate the option Save this session.
Then start your scan, and quit the client. Restart it a few hours later, connect to nessusd, and you should see your session appear in the Previous sessions list in the tab Target selection (if you do not, then it probably means the test has not been completed yet, come back later). You can alternatively fill the email address field so that nessusd sends you the reports by mail when they are done (in .txt format).
Using the Nessus Client
Running the Nessus Client program from Tenable is the same as with any other Windows executable. When launched, an untitled Nessus screen will come up (see
Figure 9.2). Note that the
Select a scan policy pane is disabled until a connection to a server is established.
Since Nessus is based on a client-server model, you need to tell which server the scan will be running on. Clicking the
Connect button at the lower left corner of the window will launch the
Connection Manager (
Figure 9.3).
In the default Windows installation, the local computer can also act as the default Nessus server. This allows the Nessus scans to be performed by the computer that launched the Nessus client. In the Connection Manager window, localhost is displayed as the default Server. Clicking the + or − buttons will add or remove servers. Selecting a server and then clicking on the Edit button will bring up the connection details. Clicking on the Connect button at the lower right corner of the Connection Manager window logs the local computer on to the server and, once connection is
established, enables the selected computer (or if localhost is selected, the local computer) to perform Nessus scanning on a target computer or network.
After connection has been established, the user will be returned to the original Nessus Client interface. Notice that the Scan policy pane is now enabled, and shows the default scan policies for the machine. Selecting any of the policies and then clicking the Edit button brings up the Edit Policy window. Clicking on the + or – will buttons add or remove the policies.
For instance, to remotely scan one of the workstations in a network for common Windows operating system vulnerabilities, missing security updates/patches/hotfixes, and Windows local security misconfigurations is would be necessary to add a new policy and then select the appropriate plug-ins (It is also possible to modify an existing policy to include the plug-ins). We shall only focus on the settings that need to be changed and leave the rest to their default settings. Please make sure that you have been given permission to scan the target computer.
On the main Nessus client console, we click on the + button at the bottom of the
Select a scan policy pane. This will bring up the Edit Policy window. Go to the
Policy tab (
Figure 9.4). Type the new policy name. Leave the
Share this policy across multiple sessions.
Next, select the
Options tab to select the options that match the requirements of the test (
Figure 9.5).
Clicking the
Plug-in Selection tab (
Figure 9.6) displays the available vulnerability test included in Nessus. These are grouped according to “family”. When you are configuring a new policy, by default all families and their individual plug-ins are ticked. If only checking for common Windows OS
vulnerabilities, enable all the Windows family of plugins and disable all the others (
Figure 9.6). Click
Save to go back to the main Nessus Client screen.
Now select the target host to be scanned. Click on the + button on the bottom left of the
Network(s) to scan pane, then in the
Edit target dialogue box. If the scan is against a single server, select
Single Host, type in the Host Name field either the IP address or the host name of the target machine, then click Save (
Figure 9.7). This will take you to the main Nessus Client screen, with the target machine shown on the left pane and the available scan policies on the
right pane. Click once more on the customized policy to make sure it is selected. Now you are ready to run the scan.
Click the
Scan Now button. Nessus will automatically go to the
Report tab and in a few moments will start displaying the results (
Figure 9.8).
If some of the open ports detected have been found to have vulnerabilities, the color of their fonts will change:
▪
Black For low-risk vulnerabilities
Clicking any of the open ports on the left pane will show the findings for that port (
Figure 9.10).
While running, a “Scan in progress” message will be displayed at the bottom of the screen, along with the buttons Pause and Stop. Clicking the Pause button interrupts the scanning to be resumed later. The Stop button terminates the scan altogether. The Scan in progress message and the Pause and Stop buttons will disappear when scanning is completed.
A detailed report of the findings can be exported via the Export button. The user is given the option what file- type, filename and in which folder to save the report. An example of the HTML report format is displayed in
Figure 9.11.