Nessus Network Auditing

ISBN-10: 1931836086

ISBN-13: 9781931836081

Edition: 2004

List price: $51.95
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description:

This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including nessus.org) where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network.
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Customers also bought
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $51.95
Copyright year: 2004
Publisher: Elsevier Science & Technology Books
Publication date: 7/20/2004
Binding: Paperback
Pages: 550
Size: 6.75" wide x 8.75" long x 1.25" tall
Weight: 1.936
Language: English

Renaud Deraison is the primary author of the open-source Nessus vulnerability scanner project. He has worked for SolSoft, and founded his own computing security consulting company, "Nessus Consulting S.A.R.L." Nessus has won numerous awards, most notably, the 2002 Network Computing 'Well Connected' award. Mr. Deraison has presented at a variety of security conferences including Blackhat and CanSecWest. He joins TNS as the Director of Security Research.

Charl van der Walt is a founder member of SensePost. He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus.

Foreword
Vulnerability Assessment
Introduction
What Is a Vulnerability Assessment?
Why a Vulnerability Assessment?
Assessment Types
Automated Assessments
Stand-Alone vs. Subscription
The Assessment Process
Two Approaches
Administrative Approach
The Outsider Approach
The Hybrid Approach
Realistic Expectations
The Limitations of Automation
Summary
Solutions Fast Track
Frequently Asked Questions
Introducing Nessus
Introduction
What Is It?
The De Facto Standard
History
Basic Components
Client and Server
The Plugins
The Knowledge Base
Summary
Solutions Fast Track
Frequently Asked Questions
Installing Nessus
Introduction
Quick Start Guide
Nessus on Linux (suse/redhat/mandrake/gentoo/debian)
Nessus on Solaris
Picking a Server
Supported Operating Systems
Minimal Hardware Specifications
Network Location
Source or Binary
Installation from Source
Software Prerequisites
Obtaining the Latest Version
The Four Components
./configure
Configuring Nessus
Creating the User Account
Installing a Client
Using the GTK Client
Using the Windows Client
Command-Line Mode
Updating to the Latest Plugins
Summary
Solutions Fast Track
Frequently Asked Questions
Running Your First Scan
Introduction
Preparing for Your First Scan
Authorization
Risk vs. Benefit
Starting the Nessus Client
Plugins
Enable Specific Plugins
Using the Plugin Filter
Plugin Categories
Plugin Information
Preferences
Specify the Host Ping
Configuring WWW Checks
NIDS Evasion
Brute Force with Hydra
The SMB Scope
Configuring Login Credentials
Configuring SNMP
Configuring Nmap
Scan Options
The Port Range
Unscanned Ports
Performance: Host and Process Count
Optimized Checks
Safe Checks Mode
Report by MAC Address (DHCP)
Detached Scan
Send Results to This E-mail Address
Continuous Scan
Configure the Port Scanner
Target Selection
How to Select Targets
Common Scanning Issues (Printers, etc.)
Defining a Target Range
Using Zone Transfers (Bad Idea!)
Automatic Session Saving
User Information
Knowledge Base (Basics)
Starting the Scan
Summary
Solutions Fast Track
Frequently Asked Questions
Interpreting Results
Introduction
The Nessus UI Basics
Viewing Results Using the Nessus GUI Client for X
Viewing Results Using the Nessus WX Client for Windows
New Nessus Client
Reading a Nessus Report
Understanding Vulnerabilities
Understanding Risk
Understanding Scanner Logic
Key Report Elements
Factors that Can Affect Scanner Output
Forums and Mailing Lists
Summary
Solutions Fast Track
Frequently Asked Questions
Vulnerability Types
Introduction
Critical Vulnerabilities
Buffer Overflows
Directory Traversal
Format String Attacks
Default Passwords
Misconfigurations
Known Backdoors
Information Leaks
Memory Disclosure
Network Information
Version Information
Path Disclosure
User Enumeration
Denial of Service
Best Practices
Summary
Solutions Fast Track
Frequently Asked Questions
False Positives
Introduction
What Are False Positives?
Why False Positives Matter
False Positives Waste Your Time
False Positives Waste Others' Time
False Positives Cost Credibility
Generic Approaches to Testing
The Nessus Approach to Testing
Dealing with False Positives
Dealing with Noise
Analyzing the Report
False Positives, and Your Part in Their Downfall
Dealing with a False Positive
Disabling a Nessus Plugin
False Positives and Web Servers-Dealing with Friendly 404s
Summary
Solutions Fast Track
Frequently Asked Questions
Under the Hood
Introduction
Nessus Architecture and Design
Host Detection
Service Detection
Information Gathering
Vulnerability Fingerprinting
Denial-of-Service Testing
Putting It All Together
Summary
Solutions Fast Track
Frequently Asked Questions
The Nessus Knowledge Base
Introduction
Knowledge Base Basics
What Is the Knowledge Base?
Where the Knowledge Base Is Stored
Using the Knowledge Base
Information Exchange
How Plugins Use the Knowledge Base to Share Data
The Type of Data that Is Stored
Dependency Trees
Limitations
Using get_kb_item and fork
Summary
Solutions Fast Track
Frequently Asked Questions
Enterprise Scanning
Introduction
Planning a Deployment
Define Your Needs
Network Topology
Bandwidth Requirements
Automating the Procedure
Configuring Scanners
Assigning the Tasks
System Requirements
Scanning for a Specific Threat
Best Practices
Data Correlation
Combining Reports
Differential Reporting
Filtering Reports
Third-Party Tools
Common Problems
Aggressive Scanning
Volatile Applications
Printer Problems
Scanning Workstations
Summary
Solutions Fast Track
Frequently Asked Questions
NASL
Introduction
Why NASL?
Why Do You Want to Write (and Publish) Your Own NASL Scripts?
Structure of a NASL Script
The Description Section
An Introduction to the NASL Language
Writing Your First Script
More Advanced Scripting
The NASL Protocol APIs
The Nessus Knowledge Base
Summary
Solutions Fast Track
Frequently Asked Questions
The Nessus User Community
Introduction
The Nessus Mailing Lists
Subscribing to a Mailing List
Sending a Message to a Mailing List
Accessing a List's Archives
The Online Plugin Database
Staying Abreast of New Plugins
Reporting Bugs via Bugzilla
Querying Existing Bug Reports
Creating and Logging In to a Bugzilla Account
Submitting a Bug Report
Submitting Patches and Plugins
Submitting Patches
Submitting Plugins
Where to Get More Information and Help
Summary
Solutions Fast Track
Frequently Asked Questions
The NASL2 Reference Manual
Introduction
History
Differences between NASL1 and NASL2
Copyright
Comments
The NASL2 grammar
Preliminary remarks
Syntax
Types
Operators
Precedence
Loops and control flow
Declarations
The NASL2 library
Predefined constants
Built-in functions
NASL library
Hacking your way inside the interpretor
How it works
Adding new internal functions
Adding new features to the grammar
Checking the result
References
Endnotes
Utilizing Domain Credentials to Enhance Nessus Scans
Overview
Account Creation and Configuration
Manual Modifications
Nessus Scan Configuration
Comparing Scan Results
Comparing Scan 1 with Scan 2
Comparing Scan 2 with Scan 3
Conclusion
Index
×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×