Book Image

Learning Nessus for Penetration Testing

By : Himanshu Kumar
Book Image

Learning Nessus for Penetration Testing

By: Himanshu Kumar

Overview of this book

<p>IT security is a vast and exciting domain, with vulnerability assessment and penetration testing being the most important and commonly performed security activities across organizations today. The Nessus tool gives the end user the ability to perform these kinds of security tests quickly and effectively.</p> <p>Nessus is a widely used tool for vulnerability assessment, and Learning Nessus for Penetration Testing gives you a comprehensive insight into the use of this tool. This book is a step-by-step guide that will teach you about the various options available in the Nessus vulnerability scanner tool so you can conduct a vulnerability assessment that helps to identify exposures in IT infrastructure quickly and efficiently. This book will also give you an insight into penetration testing and how to conduct compliance checks using Nessus.</p> <p>This book starts off with an introduction to vulnerability assessment and penetration testing before moving on to show you the steps needed to install Nessus on Windows and Linux platforms.</p> <p>Throughout the course of this book, you will learn about the various administrative options available in Nessus such as how to create a new user. You will also learn about important concepts like how to analyze results to remove false positives and criticality. At the end of this book, you will also be introduced to the compliance check feature of Nessus and given an insight into how it is different from regular vulnerability scanning.</p> <p>Learning Nessus for Penetration Testing teaches you everything you need to know about how to perform VA/PT effectively using Nessus to secure your IT infrastructure and to meet compliance requirements in an effective and efficient manner.</p>

Related Content you might be interested in

Current Title:

Small book image
Learning Nessus for Penetration Testing
Himanshu Kumar
Jan, 2014 | 116 pages
No titles found
Table of Contents (12 chapters)
Learning Nessus for Penetration Testing
Learning Nessus for Penetration Testing
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Fundamentals
Fundamentals
Vulnerability Assessment and Penetration Testing
Introduction to Nessus
Installing Nessus on different platforms
Definition update
User management
Nessus system configuration
Summary
2
Scanning
Scanning
Scan prerequisites
Policy configuration
Scan configuration
Summary
3
Scan Analysis
Scan Analysis
Result analysis
Summary
4
Reporting Options
Reporting Options
Vulnerability Assessment report
Report customization
Report automation
Summary
5
Compliance Checks
Compliance Checks
Audit policies
Compliance reporting
Auditing infrastructure
Summary
Index
Index

Summary

In this chapter, we learned the basics about Vulnerability Assessment and Penetration Testing as well as had an introduction to Nessus.

VA and PT are key types of technical risk assessment, where VA concentrates on finding weaknesses or vulnerabilities in the infrastructure and PT goes to the next level to exploit these vulnerabilities.

Such assessments are carried out as preventive control to identify and mitigate vulnerabilities or out of various compliance requirements. Key activities for such tests include scoping, information gathering, vulnerability scanning, false positive analysis, vulnerability exploitation (Penetration Testing), and report generation. Scoping includes a different approach to testing Blackbox (no information about infrastructure) and Greybox (credentials and details about infrastructure are shared).

In this chapter, we also got an introduction to Nessus as one of the widely-used vulnerability scanners. It uses security checks, called plugins, against which vulnerabilities are identified during a scan. The key plugin family includes Windows, Linux, Solaris, Cisco, and Databases. Over the years, Nessus has added features such as configuration and compliance checks, apart from the primary functionality of the vulnerability scanner.

Nessus can be installed on all the major operating systems and detailed steps for installing Nessus on Windows 7 and Linux OS—along with the prerequisites—are mentioned in this chapter.

During initial setup, the initial administrator account is created to log in to Nessus as the administrator, and based on the requirement, the home or professional feed is activated.

This is followed by updating the plugin. The option to update plugins offline is also explained. Nessus offers a user management section to create Nessus users and grant those privileges for future use. Finally, Nessus system configuration settings such as Feed Settings, Mobile Settings, and Advanced Settings were introduced.

In the next chapter, we will learn about scanning the IT infrastructure using Nessus.

Previous Section
End of Chapter 1
Next Chapter