Nessus is an open source, comprehensive cross-platform vulnerability scanner with CLI and GUI interfaces. The basic components of Nessus include:
- The Nessus Client and Server Model
- The Nessus Plugins
- The Nessus Knowledge Base
Nessus works by performing a step-by-step review. Here are the basic steps:
- Inventory network devices
- Identify targets
- Create a plugin policy
- Launch a scan
- Analyze the reports
- Remediate and repair
Most networks are rather large so instead of trying to scan an entire network, classify the hosts into groups and then scan each group. Just from the data standpoint this will make the job easier as you will have such a massive amount of data to review.
Now comes the last and what some may feel is the hardest step: remediate and repair. Most vulnerability assessment tools like Nessus offer remediation advice, and although the tools have proven to be accurate, your mileage may vary. Therefore, I recommend that you carefully research all remediation plans before taking any action.
This was first published in April 2008