This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including nessus.org) where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network.
* Nessus is the premier Open Source vulnerability assessment tool, and was recently voted the "most popular" open source security tool of any kind.
* This is the first book available on Nessus and it is written by the world's premier Nessus developers led by the creator of Nessus, Renaud Deraison.
* The dramatic success of Syngress' SNORT 2.0 INTRUSION DETECTION clearly illustrates the strong demand for books that offer comprehensive documentation of Open Source security tools that are otherwise Undocumented.
Inhalt
Foreword
Chapter 1 Vulnerability Assessment
Introduction
What Is a Vulnerability Assessment?
Why a Vulnerability Assessment?
Assessment Types
Automated Assessments
Stand-Alone vs. Subscription
The Assessment Process
Two Approaches
Administrative Approach
The Outsider Approach
The Hybrid Approach
Realistic Expectations
The Limitations of Automation
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Introducing Nessus
Introduction
What Is It?
The De Facto Standard
History
Basic Components
Client and Server
The Plugins
The Knowledge Base
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Installing Nessus
Introduction
Quick Start Guide
Nessus on Linux (suse/redhat/mandrake/gentoo/debian)
Nessus on Solaris
Picking a Server
Supported Operating Systems
Minimal Hardware Specifications
Network Location
Source or Binary
Installation from Source
Software Prerequisites
Obtaining the Latest Version
The Four Components
./configure
Configuring Nessus
Creating the User Account
Installing a Client
Using the GTK Client
Using the Windows Client
Command-Line Mode
Updating to the Latest Plugins
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Running Your First Scan
Introduction
Preparing for Your First Scan
Authorization
Risk vs. Benefit
Starting the Nessus Client
Plugins
Enable Specific Plugins
Using the Plugin Filter
Plugin Categories
Plugin Information
Preferences
Specify the Host Ping
Configuring WWW Checks
NIDS Evasion
Brute Force with Hydra
The SMB Scope
Configuring Login Credentials
Configuring SNMP
Configuring Nmap
Scan Options
The Port Range
Unscanned Ports
Performance: Host and Process Count
Optimized Checks
Safe Checks Mode
Report by MAC Address (DHCP)
Detached Scan
Send Results to This E-mail Address
Continuous Scan
Configure the Port Scanner
Ignore Top-Level Wildcard Host
Target Selection
How to Select Targets
Common Scanning Issues (Printers, etc.)
Defining a Target Range
Using Zone Transfers (Bad Idea!)
Automatic Session Saving
User Information
Knowledge Base (Basics)
Starting the Scan
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Interpreting Results
Introduction
The Nessus UI Basics
Viewing Results Using the Nessus GUI Client for X
Viewing Results Using the NessusWX Client for Windows
New Nessus Client
Reading a Nessus Report
Understanding Vulnerabilities
Understanding Risk
Understanding Scanner Logic
Key Report Elements
Factors that Can Affect Scanner Output
Forums and Mailing Lists
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Vulnerability Types
Introduction
Critical Vulnerabilities
Buffer Overflows
Directory Traversal
Format String Attacks
Default Passwords
Misconfigurations
Known Backdoors
Information Leaks
Memory Disclosure
Network Information
Version Information
Path Disclosure
User Enumeration
Denial of Service
Best Practices
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 False Positives
Introduction
What Are False Positives?
A Working Definition of False Positives
Why False Positives Matter
False Positives Waste Your Time
False Positives Waste Others' Time
False Positives Cost Credibility
Generic Approaches to Testing
The Nessus Approach to Testing
Dealing with False Positives
Dealing with Noise
Analyzing the Report
False Positives, and Your Part in Their Downfall
Dealing with a False Positive
Disabling a Nessus Plugin
False Positives and Web Servers-Dealing with Friendly 404s
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Under the Hood
Introduction
Nessus Architecture and Design
Host Detection
Service Detection
Information Gathering
Vulnerability Fingerprinting
Denial-of-Service Testing
Putting It All Together
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 The Nessus Knowledge Base
Introduction
Knowledge Base Basics
What Is the Knowledge Base?
Where the Knowledge Base Is Stored
Using the Knowledge Base
Information Exchange
How Plugins Use the Knowledge Base to Share Data
The Type of Data that Is Stored
Dependency Trees
Limitations
Using get_kb_item and fork
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Enterprise Scanning
Introduction
Planning a Deployment
Define Your Needs
Network Topology
Bandwidth Requirements
Automating the Procedure
Configuring Scanners
Assigning the Tasks
System Requirements
Scanning for a Specific Threat
Best Practices
Data Correlation
Combining Reports
Differential Reporting
Filtering Reports
Third-Party Tools
Common Problems
Aggressive Scanning
Volatile Applications
Printer Problems
Scanning Workstations
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 NASL
Introduction
Why NASL?
Why Do You Want to Write (and Publish) Your Own NASL Scripts?
Structure of a NASL Script
The Des…