Nessus (software)

Nessus (software)
Nessus
Developer(s) Tenable Network Security
Stable release 4.4.1 / 1st March 2011[1]
Operating system Cross-platform
Type Vulnerability scanner
License Proprietary
Website www.nessus.org

In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:

On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user.

According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.[2] Tenable estimates that it is used by over 75,000 organizations worldwide.[3]

Contents

Operation

In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use Amap [1] or Nmap [2]) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.

Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests...).

Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.

If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.

History

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the Internet community a free remote security scanner.[4] On October 5, 2005, Tenable Network Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license.[3] The Nessus 3 engine is still free of charge, though Tenable charges $100/month per scanner for the ability to perform configuration audits for PCI, CIS, FDCC and other configuration standards, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations and the ability for Nessus to perform sensitive data searches to look for credit card, social security number and many other types of corporate data.

In July of 2008, Tenable sent out a revision of the feed license which will allow home users full access to plugin feeds.[5] A professional license is available for commercial use.

The Nessus 2 engine and a minority of the plugins are still GPL, leading to forked open source projects based on Nessus like OpenVAS and Porz-Wahn.[4][6] Tenable Network Security has still maintained the Nessus 2 engine and has updated it several times since the release of Nessus 3.[4]

Nessus 3 is available for many different Unix-like and Windows systems, offers patch auditing of UNIX and Windows hosts without the need for an agent and is 2-5 times faster than Nessus 2.[7]

On April 9, 2009, Tenable released Nessus 4.0.0.

See also

References

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • Nessus (Software) — Nessus Screenshot des Nessus NG Report Basisdaten Entwickler Nessus Aktuelle  …   Deutsch Wikipedia

  • Nessus — can have a number of meanings: Nessus (mythology), a famous centaur from Greek mythology The Tunic or Shirt of Nessus, the poisoned shirt of the centaur Nessus, in the story of Hercules Nessus, an alternate name of Nestos (god), son of Oceanus… …   Wikipedia

  • Nessus — bezeichnet: einen Zentauren aus der griechischen Mythologie, siehe Nessos einen danach benannten Asteroiden, siehe (7066) Nessus ein Sicherheitsprogramm für Computer, siehe Nessus (Software) Siehe auch: Nessos (Begriffsklärung) …   Deutsch Wikipedia

  • NESSUS Probabilistic Analysis Software — For other uses of the word Nessus , please refer to Nessus. NESSUS is a general purpose, probabilistic analysis program that simulates variations and uncertainties in loads, geometry, material behavior and other user defined inputs to compute… …   Wikipedia

  • Nessus Attack Scripting Language — Nessus Screenshot des Nessus NG Report Basisdaten Entwickler: Nessus Aktuelle …   Deutsch Wikipedia

  • Nessus — es un programa de escaneo de vulnerabilidades en diversos sistemas operativos. Consiste en nessusd, el daemon Nessus, que realiza el escaneo en el sistema objetivo, y nessus, el cliente (basado en consola o gráfico) que muestra el avance y… …   Wikipedia Español

  • Nessus (logiciel) — Pour les articles homonymes, voir Nessus. Nessus …   Wikipédia en Français

  • Categoría:Software para Unix — Esta categoría es un contenedor general, utilizado para organizar categorías más precisas. Por su naturaleza amplia, sólo deben aparecer en ella los artículos muy generales. Por favor, utiliza en lo posible alguna de las subcategorías. Nota: Se… …   Wikipedia Español

  • List of SIP software — The following lists of SIP software documents software applications which use SIP as a voice over IP (VoIP) protocol. SIP servers Free and open source * Asterisk (PBX) * FreeSWITCH * Mysipswitch * SailFin * SIP Express Router (SER) * sipX… …   Wikipedia

  • IT-Audit — Als IT Sicherheitsaudit (englisch IT Security Audit; von lateinisch audit: „er/sie hört“; sinngemäß: „er/sie überprüft“) werden in der Informationstechnik (IT) Maßnahmen zur Risiko und Schwachstellenanalyse (engl. Vulnerability Scan) eines IT… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”