Nessus Network Auditing (Paperback, CD-ROM)

Foreword

Chapter 1 Vulnerability Assessment

Introduction

What Is a Vulnerability Assessment?

Why a Vulnerability Assessment?

Assessment Types

Automated Assessments

Stand-Alone vs. Subscription

The Assessment Process

Two Approaches

Administrative Approach

The Outsider Approach

The Hybrid Approach

Realistic Expectations

The Limitations of Automation

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Introducing Nessus

Introduction

What Is It?

The De Facto Standard

History

Basic Components

Client and Server

The Plugins

The Knowledge Base

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Installing Nessus

Introduction

Quick Start Guide

Nessus on Linux (suse/redhat/mandrake/gentoo/debian)

Nessus on Solaris

Picking a Server

Supported Operating Systems

Minimal Hardware Specifications

Network Location

Source or Binary

Installation from Source

Software Prerequisites

Obtaining the Latest Version

The Four Components

./configure

Configuring Nessus

Creating the User Account

Installing a Client

Using the GTK Client

Using the Windows Client

Command-Line Mode

Updating to the Latest Plugins

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Running Your First Scan

Introduction

Preparing for Your First Scan

Authorization

Risk vs. Benefit

Starting the Nessus Client

Plugins

Enable Specific Plugins

Using the Plugin Filter

Plugin Categories

Plugin Information

Preferences

Specify the Host Ping

Configuring WWW Checks

NIDS Evasion

Brute Force with Hydra

The SMB Scope

Configuring Login Credentials

Configuring SNMP

Configuring Nmap

Scan Options

The Port Range

Unscanned Ports

Performance: Host and Process Count

Optimized Checks

Safe Checks Mode

Report by MAC Address (DHCP)

Detached Scan

Send Results to This E-mail Address

Continuous Scan

Configure the Port Scanner

Ignore Top-Level Wildcard Host

Target Selection

How to Select Targets

Common Scanning Issues (Printers, etc.)

Defining a Target Range

Using Zone Transfers (Bad Idea!)

Automatic Session Saving

User Information

Knowledge Base (Basics)

Starting the Scan

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 Interpreting Results

Introduction

The Nessus UI Basics

Viewing Results Using the Nessus GUI Client for X

Viewing Results Using the NessusWX Client for Windows

New Nessus Client

Reading a Nessus Report

Understanding Vulnerabilities

Understanding Risk

Understanding Scanner Logic

Key Report Elements

Factors that Can Affect Scanner Output

Forums and Mailing Lists

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 Vulnerability Types

Introduction

Critical Vulnerabilities

Buffer Overflows

Directory Traversal

Format String Attacks

Default Passwords

Misconfigurations

Known Backdoors

Information Leaks

Memory Disclosure

Network Information

Version Information

Path Disclosure

User Enumeration

Denial of Service

Best Practices

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 False Positives

Introduction

What Are False Positives?

A Working Definition of False Positives

Why False Positives Matter

False Positives Waste Your Time

False Positives Waste Others’ Time

False Positives Cost Credibility

Generic Approaches to Testing

The Nessus Approach to Testing

Dealing with False Positives

Dealing with Noise

Analyzing the Report

False Positives, and Your Part in Their Downfall

Dealing with a False Positive

Disabling a Nessus Plugin

False Positives and Web Servers?Dealing with Friendly 404s

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Under the Hood

Introduction

Nessus Architecture and Design

Host Detection

Service Detection

Information Gathering

Vulnerability Fingerprinting

Denial-of-Service Testing

Putting It All Together

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 The Nessus Knowledge Base

Introduction

Knowledge Base Basics

What Is the Knowledge Base?

Where the Knowledge Base Is Stored

Using the Knowledge Base

Information Exchange

How Plugins Use the Knowledge Base to Share Data

The Type of Data that Is Stored

Dependency Trees

Limitations

Using get_kb_item and fork

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 10 Enterprise Scanning

Introduction

Planning a Deployment

Define Your Needs

Network Topology

Bandwidth Requirements

Automating the Procedure

Configuring Scanners

Assigning the Tasks

System Requirements

Scanning for a Specific Threat

Best Practices

Data Correlation

Combining Reports

Differential Reporting

Filtering Reports

Third-Party Tools

Common Problems

Aggressive Scanning

Volatile Applications

Printer Problems

Scanning Workstations

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 11 NASL

Introduction

Why NASL?

Why Do You Want to Write (and Publish) Your Own NASL Scripts?

Structure of a NASL Script

The Description Section

An Introduction to the NASL Language

Writing Your First Script

More Advanced Scripting

The NASL Protocol APIs

The Nessus Knowledge Base

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 12 The Nessus User Community

Introduction

The Nessus Mailing Lists

Subscribing to a Mailing List

Sending a Message to a Mailing List

Accessing a List’s Archives

The Online Plugin Database

Staying Abreast of New Plugins

Reporting Bugs via Bugzilla

Querying Existing Bug Reports

Creating and Logging In to a Bugzilla Account

Submitting a Bug Report

Submitting Patches and Plugins

Submitting Patches

Submitting Plugins

Where to Get More Information and Help

Summary

Solutions Fast Track

Frequently Asked Questions

Appendix A The NASL2 Reference Manual

1 Introduction

1.1 History

1.2 Differences between NASL1 and NASL2

1.3 Copyright

1.4 Comments

2 The NASL2 Grammar

2.1 Preliminary Remarks

2.2 Syntax

2.3 Types

2.4 Operators

2.5 Precedence

2.6 Loops and Control Flow

2.7 Declarations

3 The NASL2 Library

3.1 Predefined Constants

3.2 Built-in Functions

3.3 NASL Library

4 Hacking your Way Inside the Interpretor

4.1 How It Works

4.2 Adding New Internal Functions

4.3 Adding New Features to the Grammar

References

Endnotes

Appendix B Utilizing Domain Credentials to Enhance Nessus Scans

Overview

Account Creation and Configuration

Manual Modifications

Nessus Scan Configuration

Comparing Scan Results

Comparing Scan 1 with Scan 2

Comparing Scan 2 with Scan 3

Conclusion

Index