Nessus

1
Nessus

• Open Source Vulnerability Scanner

Presentation by Garrett Tomasek for Joanne
Wagners CIT 2251 class, Fall 2005
2
What is Nessus? Nessus was created to be a free,
powerful, remote security scanner. It is one of
the top-rated security software products, and is
endorsed by professional information security
organizations such as the SANS Institute.

• Nessus will
• Perform over 900 security checks
• Accept new plug-ins and patches to expand to new
  checks and security threats
• List security concerns as well as recommend
  courses of action to correct them

3
Nessus was created as an open source project
typically for use on Unix, Linux, BSD, and other
similar systems. Nessus is a client/server
application a client can connect to a remote
server and run a scan remotely. However, ports
for Windows based operating systems are
available. NessusWX is a Nessus client, but does
not contain a server portion NessusWX will have
to connect to a typical Unix-like Nessus
server. NeWT is a commercial Nessus client and
server application that is available for Windows
operating systems that do not have access to a
Unix-like Nessus server. The free version of
NeWT only scans the local class C address the PC
is connected to, which will make it unhelpful to
us.
4
What it means to our class

• Lab exercise 5.2.5 Configure IOS Firewall IDS
  will use Nessus to demonstrate the IDS in action!
• So how do we use Nessus to do this lab?

5
Knoppix, Linux Live CD
Knoppix is a distribution of Linux that allows a
user to run a nearly fully functional Linux
system off a bootable CD, without requiring
installation on a hard drive. Current
distributions of Knoppix contain Nessus! Knoppix
is the perfect choice to finish this one lab,
without requiring a long and hard drive altering
Linux installation. The version of Knoppix I am
using to create these instruction is 3.9 of the
CD version, but will work on the current 4.0 DVD
version (and possibly the 4.0 CD version).
6
Setting up Nessus
The following will be step-by-step instructions
on setting up the Linux system and Nessus in
order to complete the lab. The lab contains
little information on how to set it up, so this
will fill in the gap. After this is set up, the
lab instructions can be followed correctly.
7
Setting up Nessus

• Boot the computer in to Knoppix with the CD.
  Once Knoppix is fully loaded, you will be at the
  desktop.
• Find the icon on the bottom panel that looks like
  a monitor with a command prompt (the tool tip
  will say Konsole) and click it to open the
  terminal program.
• Enter the command su to switch to root, the
  administrative access. Your prompt should have
  changed from knoppix_at_ltmore textgt, to root_at_ltmore
  textgt.
• Enter the command passwd and give root a
  password. The Nessus client will not work
  properly until this is done.

8
Setting up Nessus

• Click on the penguin icon for the Knoppix menu,
  and choose Network/Internet, and from that menu
  pick Network card configuration. Choose the
  correct interface you wish to apply IP settings
  to and click OK.
• Click No on use DHCP broadcast. Then enter the
  appropriate IP address, network mask, broadcast
  address, and default gateway for the network you
  are putting this Nessus PC on.
• This should conclude setting up the network, we
  can move on to Nessus now.

Note It isnt necessarily important what subnet
the Nessus PC is put on, other than it should be
on a different network, so that it transverses
the router we are using IDS on, so that we can
see the IDS work in action.
9
Setting up Nessus

• Open up the Konsole again, if it was closed, and
  enter the su command to switch to root again if
  necessary. Enter the command nessusd D. This
  command will turn the Nessus server on, and run
  it in Daemon mode so it functions as a server in
  the background.
• Now we can run the Nessus client. Open the
  Knoppix main menu bar, the farther icon in the
  low-left corner. Expand System, then Security,
  and finally open NESSUS Security Tool Network
  Scanner.
• Once you are in the Nessus Setup window, make
  sure the login textbox says knoppix. Then add
  the password knoppix as well to the password
  text box.

10
Setting up Nessus

• Now that we have set the login and password,
  click Log in. Make sure Display and remember
  the server certificate, do not care about the CA
  is selected, and click OK. Click yes to accept
  the certificate. Then click OK.
• The attack PC should now be ready to pick up
  where the lab left off, at Step 4, part c, which
  is executing the Nessus scan.

11
Scanning in Nessus

• Now we can begin the final steps to scan the
  other network in Nessus.
• First, we need to choose our target. Click on
  the target tab. In the Target(s) textbox,
  enter the target IP for the PC we are going to
  attack.

12
Scanning in Nessus

• Next, we are going to disable the port scan
  portion of the test, as this is a very time
  consuming process, and does not have any direct
  impact on the demonstraton of IDS for this lab
  (IDS will just report thousands and thousands of
  half-open TCP SYNs).
• To do this, click on the Scan Options tab. In
  the Port Range textbox, enter -1 to disable
  all ports in the scan. You can also mouse-over
  this textbox to see additional port scanning
  options via a tooltip that will pop up.

13
Finished!

• The plug-in scan should be finished within 5
  minutes, assuming the port scan was disabled.