Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How to interpret test scan results to assess network vulnerability

Once you've run some test scans with a network tool, how do you interpret the results to assess network vulnerability? Find out in this Ask the Expert response with our enterprise network security expert.

I am just stepping into the security domain. I have been asked to work with the Nessus tool to begin with. I just have one basic query of how to utilize Nessus' full capabilities: I installed the Nessus in an XP system and ran some test scans. What is the best means of deriving or interpreting the results so as to assess the network vulnerability? Please tell me if I am headed in the right direction.

Nessus is an open source, comprehensive cross-platform vulnerability scanner with CLI and GUI interfaces. The basic...

components of Nessus include:

  • The Nessus Client and Server Model
  • The Nessus Plugins
  • The Nessus Knowledge Base

Nessus works by performing a step-by-step review. Here are the basic steps:

  1. Inventory network devices
  2. Identify targets
  3. Create a plugin policy
  4. Launch a scan
  5. Analyze the reports
  6. Remediate and repair

Most networks are rather large so instead of trying to scan an entire network, classify the hosts into groups and then scan each group. Just from the data standpoint this will make the job easier as you will have such a massive amount of data to review.

Now comes the last and what some may feel is the hardest step: remediate and repair. Most vulnerability assessment tools like Nessus offer remediation advice, and although the tools have proven to be accurate, your mileage may vary. Therefore, I recommend that you carefully research all remediation plans before taking any action.

This was last published in April 2008

Dig Deeper on Network Security Monitoring and Analysis