Nessus is one of the most well known network vulnerability tool available on the market. If you are in the field of security, you should be familiar with the tool and know how to use it well. But how to get hands on experience with the tool when you are still in school or working in your first IT job that does not directly involve network security?
I recommend that you first try the Nessus Home, which is free for home use.
- According to their official webpage, “Nessus® Home allows you to scan your personal home network with the same powerful scanner enjoyed by Nessus subscribers.”
Windows installation is fairly simple. Once you install, it would let you create an web interface where you can test the tool.
– Find vulnerabilities in a system or network
– Better than just a port scanner.
– Generally considered to be least intrusive.
– Penetration testing / port scanning is considered more intrusive.
– One may run a password cracker on a password file to check for weaknesses in user password. This would be considered as a Vulnerability Assessment.
– scan for open ports
– review known software vulnerabilities
Some example of Vulnerability Assessment Tools:
– Nessus (paid with a free trial period): Nessus is a proprietary vulnerability scanner developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment. Download page: http://www.tenable.com/products/nessus-vulnerability-scanner.
– Microsoft Baseline Security Analyzer (Free)- The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations. MBSA 2.3 release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012. Windows 2000 will no longer be supported with this release. Windows 2000, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP. Download Page: https://www.microsoft.com/en-us/download/details.aspx?id=7558
– Retina (Paid with free trial option) – this tool is fast and non-intrusive, and has the most comprehensive vulnerability database. This tool can also be used for web application scanning. Download page: https://www.beyondtrust.com/products/retina-network-security-scanner/
– Even ping scan can be considered as vulnerability assessment.
– You can also use port scanner – TCP SYN scan – Half open scan
Things to remember:
– Socket: IP address + port
– nmap is a very popular port scanner
– OVAL – Open Vulnerability and Assessment Language (XML): As stated in the official homepage, “OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.”