Product Reviews
How Secure is Your Network? Nessus 1.0.8
Seven network scanners test your security before the crackers do.
- By Greg Saoutine
- 09/01/2001
Nessus is a comprehensive and flexible product. It
reported four serious vulnerabilities for our default
Win2K installation:
- FTP Write by anonymous
- NetBIOS NULL enumeration
- SNMP public
- SNMP private community strings
Seventeen "security warnings" and eight "security
notes" provided a relatively accurate description of
both the configuration and the security flaws of our
Win2K server. However, when we later introduced Back
Orifice 2000 on a random (non-default) port, Nessus
wasn't able to detect it on the server (even though
a probe for this software is specifically defined in
the "Backdoors" category). Often, scanners look for
Trojans based on default listening ports—should the
Trojan be listening on a non-standard port, the scanner
may not detect it. This, once again, stresses the importance
of a manual "what-makes-sense" analysis of plain port-scanner
output.
 |
| Nessus does a good job of locating
serious security holes and explaining their impact,
but the result is not always complete and some vulnerabilities
may not get detected. (Click image to view larger
version.) |
Nessus features port scanning (see figure), OS detection,
information gathering, vulnerability scanning, attack
simulation and automated updates of its vulnerability
database. One of the main advantages of this software
(especially for an advanced user) is the ability to
create your own custom probes and specific attacks.
The server portion of Nessus is written in C and provides
the ability to add user-defined libraries. An even easier
solution is Nessus' own API controlled via Nessus Attack
Scripting Language (NASL), which allows users to craft
probes and even attacks on the fly.
About the Author
Greg Saoutine, MCSE, is an IT Consultant working in New York City.