Nessus is one of the many vulnerability scanners used during vulnerability assessments and penetration testing engagements, including malicious attacks. This article will focus on this vulnerability scanner, discussing the fundamentals that one needs to have before getting started with the tool, the different scanning capabilities that it provides, what it takes to run the tool and how results appear once scans are complete.
Please note that this article does not in any way serve as a comprehensive guide to Nessus, but as an overview.
Nessus Products Brief
Nessus is sold by Tenable Security. The tool is free for non-enterprise use; however, for enterprise consumption, there are options that are priced differently. The following are the available options at your disposal:
- Tenable.io is a subscription-based service available here. It allows different teams to share scanners, schedules, scan policies and scan results. Tenable also contains what was previously known as Nessus Cloud, which used to be Tenable’s Software-as-a-Service solution. Tenable.io also allows for the customization of workflows for effective vulnerability management.
- Nessus Agents provide a flexible way of scanning hosts within your environment without necessarily having to provide credentials to hosts. The agents enable scans to be carried out even when the hosts are offline. The application areas of these agents are wide. Consider environments that lack traditional malware protection, such as antivirus solutions — the overhead these agents exert within hosts is quite small. Here, agents take up minimal system resources within the hosts they are installed in, whilst still providing adequate malware protection.
- Nessus Professional is the most commonly-deployed vulnerability assessment solution across the industry. This solution helps you perform high-speed asset discovery, target profiling, configuration auditing, malware detection, sensitive data discovery and so much more. Nessus Professional runs on client devices such as laptops and can (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Lester Obbayi. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/CgjdnVUEtu8/