A handy Nessus tutorial

Tutorial

A handy Nessus tutorial

If a full-featured vulnerability scanner is on your mind, it's time to consider Nessus. A leading active scanner, Nessus is supported by a world renowned research team. It has to its credit one of the largest vulnerability knowledge bases, making it suitable for complex environments.

Nessus features rapid discovery, configuration audits, asset profiling, sensitive data discovery, and vulnerability analysis. To top it all, it’s free when used for non-enterprise requirements. Installing, navigating, configuring and optimizing Nessus can be quite confusing, which is where this Nessus tutorial should prove useful.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

Need help to install and configure Nessus? Look no further than this part of the Nessus tutorial compiled by our experts. Join us in our walkthrough of Nessus’ wizard guided installation process, which is extremely easy to follow, run and update.

Nessus scans the network for potential security risks, and provides detailed reporting that enables the remediation of gaps in an enterprise's security posture. These scans run using client/server architecture, and the installer allows one or both to be configured on an individual system. Learn how to run a Nessus system scan and learn commands for the Unix Nessus GUI using our Nessus tutorial.

As part of our Nessus tutorial, discover how you can use the Nessus attack scripting language (NASL) to find application vulnerabilities. NASL can be used to write a custom Nessus "attack," or a check that can find "killerapp.asp." While NASL is a fairly simple scripting language, it does contain a number of built-in functions to help customize your own scripts. This part of our Nessus tutorial should prove handy while trying to overcome the initial NASL learning curve.

Vulnerability scanning in the enterprise using Nessus can involve more than what meets the eye. Developing an enterprise scanning program is a customized task, and the unique requirements facing your enterprise must first be considered. Our Nessus tutorial has a few important tips for first time Nessus installers who plan to incorporate the open source scanning tool into their enterprise security architecture.

Spreadsheets can prove nifty while using Nessus. Intelligent scans using Nessus can be streamlined by dividing networks into small, manageable IP spaces and maintaining data in a spreadsheet. This section of the Nessus tutorial details three steps to help you easily leverage Microsoft Excel or OpenOffice.

Did you know that now even your cellular phone can use Nessus’ capabilities? Tenable Network Security Inc. recently released an Android application for its Nessus vulnerability scanner, thereby improving scan launches and previous scan reviews. We take a look at the latest version of Nessus for the Android platform, before we wind up this tutorial.

This was first published in August 2011