Product Reviews

How Secure is Your Network? Nessus 1.0.8

Seven network scanners test your security before the crackers do.

• By Greg Saoutine
• 09/01/2001

Nessus is a comprehensive and flexible product. It reported four serious vulnerabilities for our default Win2K installation:

1. FTP Write by anonymous
2. NetBIOS NULL enumeration
3. SNMP public
4. SNMP private community strings
   

Seventeen "security warnings" and eight "security notes" provided a relatively accurate description of both the configuration and the security flaws of our Win2K server. However, when we later introduced Back Orifice 2000 on a random (non-default) port, Nessus wasn't able to detect it on the server (even though a probe for this software is specifically defined in the "Backdoors" category). Often, scanners look for Trojans based on default listening ports—should the Trojan be listening on a non-standard port, the scanner may not detect it. This, once again, stresses the importance of a manual "what-makes-sense" analysis of plain port-scanner output.

Nessus does a good job of locating serious security holes and explaining their impact, but the result is not always complete and some vulnerabilities may not get detected. (Click image to view larger version.)

Nessus features port scanning (see figure), OS detection, information gathering, vulnerability scanning, attack simulation and automated updates of its vulnerability database. One of the main advantages of this software (especially for an advanced user) is the ability to create your own custom probes and specific attacks. The server portion of Nessus is written in C and provides the ability to add user-defined libraries. An even easier solution is Nessus' own API controlled via Nessus Attack Scripting Language (NASL), which allows users to craft probes and even attacks on the fly.