Results 1 to 8 of 8

Thread: Introduction to Nessus

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Posts
    193

    Introduction to Nessus

    Source: http://www.securityfocus.com/infocus/1741 for complete tutorial, follow the link.
    1.0 Introduction
    Nessus is a great tool designed to automate the testing and discovery of known security problems. Typically someone, a hacker group, a security company, or a researcher discovers a specific way to violate the security of a software product. The discovery may be accidental or through directed research; the vulnerability, in various levels of detail, is then released to the security community. Nessus is designed to help identify and solve these known problems, before a hacker takes advantage of them. Nessus is a great tool with lots of capabilities. However it is fairly complex and few articles exist to direct the new user through the intricacies of how to install and use it. Thus, this article shall endeavor to cover the basics of Nessus setup and configuration. The features of the current versions of Nessus (Nessus 2.0.8a and NessusWX 1.4.4) will be discussed. Future articles will cover Nessus in more depth.
    Nessus is a public domain program released under the GPL. Historically, many in the corporate world have ridiculed such public domain software as being a waste of time, instead choosing "supported" products developed by established companies. Typically these packages cost hundreds or thousands of dollars, and are often purchased using the logic that you get what you pay for. Some people are starting to realize that public domain software, such as Nessus, isn't always inferior and sometimes it is actually superior. Paid technical support for Nessus is even available from www.tenablesecurity.com. Nessus also has a great community of developers anchored by the primary author, Renaud Deraison. When allowed to fairly compete in reviews against other vulnerability scanners, Nessus has equaled or outshined products costing thousands of dollars. [ref: Information Security, Network Computing]

    One of the very powerful features of Nessus is its client server technology. Servers can be placed at various strategic points on a network allowing tests to be conducted from various points of view. A central client or multiple distributed clients can control all the servers. The server portion will run on most any flavor of Unix. It even runs on MAC OS X and IBM/AIX, but Linux tends to make the installation simpler. These features provide a great deal of flexibility for the penetration tester. Clients are available for both Windows and Unix. The Nessus server performs the actual testing while the client provides configuration and reporting functionality.

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    245

    Re: Introduction to Nessus

    Originally posted by \/IP3R
    Nessus is a public domain program released under the GPL. Historically, many in the corporate world have ridiculed such public domain software as being a waste of time, instead choosing "supported" products developed by established companies. Typically these packages cost hundreds or thousands of dollars, and are often purchased using the logic that you get what you pay for. Some people are starting to realize that public domain software, such as Nessus, isn't always inferior and sometimes it is actually superior.
    Caveat...
    I realize that you are simply quoting the article by Harry Anderson verbatim here \/IP3R, so don't take anything here as a correction to your post.

    First, I can't let a reference to software licesnsed under the GPL as being 'Public Domain" slide; call me a troll, but this really gets under my skin as it implies an entirely different meaning in legaleese, and Harry Anderson would serve everyone better by calling it what it is, Open Source.

    Now, to back Harry up, I don't know of a single commercial security product (except perhaps anti-Virus software) that is superior to the Open or freely available security tools. One trip to http://www.packetstormsecurity.nl will yield more high quality free tools and documentation than any site should ever need to properly secure and monitor their machines and network.

    Whew, now with that off my chest... If you don't have Nessus, go get it! If you don't know how to use Nessus, RTFM until you do! if Nessus won't run on your machines beg like a dog for someone to port it to your OS/Arch, or do it yourself if you know how.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  3. #3
    Junior Member
    Join Date
    Jan 2002
    Posts
    7
    For those M$ users... great intro to linux is http://www.knoppix.net/ distro... boots off of CD and comes packages with Nessus (among other tools). Distro is licensed under GNU.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    For a more indepth introduction to Nessus... visit SecurityFocus.

    Introduction to Nessus
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    If you want step-by-step setup instructions for Nessus, see my tut:

    http://www.antionline.com/showthread...hreadid=247255

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Why is almost every post on AntiOnline a link to someone elses work/writings/code/etc.? Can't anyone of you come up with an original thought of your own?

    Here's an idea! Why don't you all get together and patent the lift system you're using to elevate LAME to unprescedented new heights. I'm sure you'll make a fortune.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    unprescedented
    The problem with irony, and even sarcasm is that it tends to fall flat on its face if you cannot be bothered to spell correctly?

    I might even be tempted to describe it as "lame"

    Hey folks, did someone forget to put something back in its box after Halloween?

    Cheers

  8. #8
    Yes, knoppix is very good for a bootable linux on a cd. I have also heard great things about flak. It is supposed to be a linux security cd based distro, similar to knoppix but full of security tools and patches.
    support your favorites, **** the masses.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •