6 Tips for Getting the Most from Nessus
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help you get started.
July 9, 2020
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt0093c962ecb4f4a5/64f0d29aa3f42b5c34a3f1fb/Image_1_AdobeStock_300300277.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Nessus has been on the scene for more than 20 years. Available in both free and commercial versions, many cybersecurity professionals have used the vulnerability scanner as a learning tool when starting their careers, and many enterprise customers use it as part of their security infrastructure.
In fact, entire books have been written on how to use Nessus, though building and conducting useful custom scans can start by following some simple configuration steps.
Of course, it's important to keep some basic tips in mind, whether you're first starting out with Nessus or want to learn about how to make it more useful.
What tips have helped you get the most ouf of Nessus? Share your knowledge with the Dark Reading community in the Comments section, below.
(Image:blackboard VIA Adobe Stock)
It's important to understand what Nessus does: It scans the ports and services for which it has access. In some cases, no special access is required. In others, a lack of authentication information or the presence of security mechanisms can limit the breadth or depth of Nessus scan results. The solution is to provide access -- but there's a catch.
While Nessus scans can be part of a strong security program, creating the openings that allow a complete scan can leave vulnerabilities. That's why it's important to keep a checklist of all the ports and hosts that are opened and make sure they are resecured as soon as the scan is complete.
Nessus isn't a penetration tool; the network penetration is up to the professional running the scans. That means putting everything back the way it was found is critical for responsible Nessus use in a production network.
When initially installing Nessus, it's very easy to set it up to automatically start on system boot. Individual scans can also be set to run automatically. While convenient, these automatic runs should be carefully considered, especially on laptop computers that are subject to waking up in different locations.
This is especially important if you want to be invited back to wherever your inadvertent scan is running. It's possible, of course, that nothing will happen because the IP address range you specified for your scan doesn't match the IP address range your machine is living in at the remote location. If both your "normal" IP address range and the one where your scan begins are private IP ranges sitting behind a network address translation (NAT) firewall -- as virtually all home, small business, and public accommodation locations are -- then you could have a problem.
There are three address ranges that you must worry about: 192.168.0.0 - 192.168.255.255, 172.16.0.0 - 172.31.255.255, and 10.0.0.0 - 10.255.255.255. If the range you're scanning is in any of these, then you could inadvertently kick off a scan that will look exactly like a criminal port-probing attack to any network security program. Alarms will go off for the network admin, and the possibility of a very awkward conversation becomes quite real.
Nessus can do a variety of things during its scans: It can search for all the hosts on a network, scan individual hosts for vulnerabilities, scan for particular vulnerabilities, and even scan for the presence of specific malware (such as WannaCry). For the reports that each scan generates to be useful, you should assign each scan to do one thing, label it appropriately, and then run it to get information on that specific issue.
When you first set up a new scan, you will see a list of 22 premade scans, some of which are part of the free license and wight of which require a paid subscription. These are simple to use: Click on an icon, provide an address range and name for your scan, and you're off to the IP races.
When you're building your own scans, it can be tempting to try to do too much with a single scan. Better to keep each one as simple as possible, and then run them in suites on an ad hoc or scheduled basis. You'll end up with scans that run faster and provide reports that are more understandable -- and far more useful.
This one is easy but quite critical: Keep Nessus updated to the latest version. This will not only ensure the Nessus software you're running is up to date, but it will keep all of the plugins and Nessus system components on the latest version, as well.
When setting up Nessus for the first time, go to the Settings menu where you'll find a Software Updates tab. There you can set up automatic updates, the update frequency, and (if you have an enterprise team checking all updates for compatibility) the internal update server from which to obtain approved code.
This step is basic but easy to overlook. Daily updating of all components is on by default. Do yourself a favor and leave it that way.
Nessus has the ability to scan hosts found in a network for internal vulnerabilities in both hardware and software. There's a catch, though: Nessus has to have access to the host in order to scan for vulnerabilities.
As noted earlier, Nessus is not a penetration-testing tool -- it won't force its way into a host. If you want it to scan a particular host for vulnerabilities, you must provide it with credentials that allow it access at the appropriate level. This is one of those things that is simple to set up. When a scan that searches for vulnerabilities is first established, there is a tab for "Credentials" where you can provide SSH or Windows credentials for each desired host on the network.
For the credentials to be effective, it's possible that you'll need to change the rules on the host itself. For example, MacOS computers will require remote login permission. In some cases, setting these up will violate internal security rules. In those instances, setting up access for the duration of the scan, then revoking the insecure permissions immediately after, will provide both a thorough scan and security.
As mentioned earlier, Nessus provides 22 prebuilt scans. Each of these can be a useful tool for scanning and a valuable resource for learning about how Nessus works.
One of the things that will help is to run each scan and see both what it requires in terms of access and the report that it generates. This can be a very good way to begin to understand what Nessus can provide for security analysts. In addition, they can be very good ways to begin to understand how plugins work within Nessus -- there are hundreds of plugins that deal with individual pieces of hardware and software and that search for individual CVEs and system status conditions.
It's also important to note that Nessus has a large and active user community who can provide answers to questions and code for helping to develop new, customized scans. Make use of that community to help you understand what's going on with your existing scans and how to develop new custom scans, and you will be on your way to turning Nessus into a tool that helps you step up your cybersecurity game.
As mentioned earlier, Nessus provides 22 prebuilt scans. Each of these can be a useful tool for scanning and a valuable resource for learning about how Nessus works.
One of the things that will help is to run each scan and see both what it requires in terms of access and the report that it generates. This can be a very good way to begin to understand what Nessus can provide for security analysts. In addition, they can be very good ways to begin to understand how plugins work within Nessus -- there are hundreds of plugins that deal with individual pieces of hardware and software and that search for individual CVEs and system status conditions.
It's also important to note that Nessus has a large and active user community who can provide answers to questions and code for helping to develop new, customized scans. Make use of that community to help you understand what's going on with your existing scans and how to develop new custom scans, and you will be on your way to turning Nessus into a tool that helps you step up your cybersecurity game.
Nessus has been on the scene for more than 20 years. Available in both free and commercial versions, many cybersecurity professionals have used the vulnerability scanner as a learning tool when starting their careers, and many enterprise customers use it as part of their security infrastructure.
In fact, entire books have been written on how to use Nessus, though building and conducting useful custom scans can start by following some simple configuration steps.
Of course, it's important to keep some basic tips in mind, whether you're first starting out with Nessus or want to learn about how to make it more useful.
What tips have helped you get the most ouf of Nessus? Share your knowledge with the Dark Reading community in the Comments section, below.
(Image:blackboard VIA Adobe Stock)
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024