| |
| |
Foreword | |
| |
| |
Vulnerability Assessment | |
| |
| |
Introduction | |
| |
| |
What Is a Vulnerability Assessment? | |
| |
| |
Why a Vulnerability Assessment? | |
| |
| |
Assessment Types | |
| |
| |
Automated Assessments | |
| |
| |
Stand-Alone vs. Subscription | |
| |
| |
The Assessment Process | |
| |
| |
Two Approaches | |
| |
| |
Administrative Approach | |
| |
| |
The Outsider Approach | |
| |
| |
The Hybrid Approach | |
| |
| |
Realistic Expectations | |
| |
| |
The Limitations of Automation | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Introducing Nessus | |
| |
| |
Introduction | |
| |
| |
What Is It? | |
| |
| |
The De Facto Standard | |
| |
| |
History | |
| |
| |
Basic Components | |
| |
| |
Client and Server | |
| |
| |
The Plugins | |
| |
| |
The Knowledge Base | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Installing Nessus | |
| |
| |
Introduction | |
| |
| |
Quick Start Guide | |
| |
| |
Nessus on Linux (suse/redhat/mandrake/gentoo/debian) | |
| |
| |
Nessus on Solaris | |
| |
| |
Picking a Server | |
| |
| |
Supported Operating Systems | |
| |
| |
Minimal Hardware Specifications | |
| |
| |
Network Location | |
| |
| |
Source or Binary | |
| |
| |
Installation from Source | |
| |
| |
Software Prerequisites | |
| |
| |
Obtaining the Latest Version | |
| |
| |
The Four Components | |
| |
| |
./configure | |
| |
| |
Configuring Nessus | |
| |
| |
Creating the User Account | |
| |
| |
Installing a Client | |
| |
| |
Using the GTK Client | |
| |
| |
Using the Windows Client | |
| |
| |
Command-Line Mode | |
| |
| |
Updating to the Latest Plugins | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Running Your First Scan | |
| |
| |
Introduction | |
| |
| |
Preparing for Your First Scan | |
| |
| |
Authorization | |
| |
| |
Risk vs. Benefit | |
| |
| |
Starting the Nessus Client | |
| |
| |
Plugins | |
| |
| |
Enable Specific Plugins | |
| |
| |
Using the Plugin Filter | |
| |
| |
Plugin Categories | |
| |
| |
Plugin Information | |
| |
| |
Preferences | |
| |
| |
Specify the Host Ping | |
| |
| |
Configuring WWW Checks | |
| |
| |
NIDS Evasion | |
| |
| |
Brute Force with Hydra | |
| |
| |
The SMB Scope | |
| |
| |
Configuring Login Credentials | |
| |
| |
Configuring SNMP | |
| |
| |
Configuring Nmap | |
| |
| |
Scan Options | |
| |
| |
The Port Range | |
| |
| |
Unscanned Ports | |
| |
| |
Performance: Host and Process Count | |
| |
| |
Optimized Checks | |
| |
| |
Safe Checks Mode | |
| |
| |
Report by MAC Address (DHCP) | |
| |
| |
Detached Scan | |
| |
| |
Send Results to This E-mail Address | |
| |
| |
Continuous Scan | |
| |
| |
Configure the Port Scanner | |
| |
| |
Target Selection | |
| |
| |
How to Select Targets | |
| |
| |
Common Scanning Issues (Printers, etc.) | |
| |
| |
Defining a Target Range | |
| |
| |
Using Zone Transfers (Bad Idea!) | |
| |
| |
Automatic Session Saving | |
| |
| |
User Information | |
| |
| |
Knowledge Base (Basics) | |
| |
| |
Starting the Scan | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Interpreting Results | |
| |
| |
Introduction | |
| |
| |
The Nessus UI Basics | |
| |
| |
Viewing Results Using the Nessus GUI Client for X | |
| |
| |
Viewing Results Using the Nessus WX Client for Windows | |
| |
| |
New Nessus Client | |
| |
| |
Reading a Nessus Report | |
| |
| |
Understanding Vulnerabilities | |
| |
| |
Understanding Risk | |
| |
| |
Understanding Scanner Logic | |
| |
| |
Key Report Elements | |
| |
| |
Factors that Can Affect Scanner Output | |
| |
| |
Forums and Mailing Lists | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Vulnerability Types | |
| |
| |
Introduction | |
| |
| |
Critical Vulnerabilities | |
| |
| |
Buffer Overflows | |
| |
| |
Directory Traversal | |
| |
| |
Format String Attacks | |
| |
| |
Default Passwords | |
| |
| |
Misconfigurations | |
| |
| |
Known Backdoors | |
| |
| |
Information Leaks | |
| |
| |
Memory Disclosure | |
| |
| |
Network Information | |
| |
| |
Version Information | |
| |
| |
Path Disclosure | |
| |
| |
User Enumeration | |
| |
| |
Denial of Service | |
| |
| |
Best Practices | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
False Positives | |
| |
| |
Introduction | |
| |
| |
What Are False Positives? | |
| |
| |
Why False Positives Matter | |
| |
| |
False Positives Waste Your Time | |
| |
| |
False Positives Waste Others' Time | |
| |
| |
False Positives Cost Credibility | |
| |
| |
Generic Approaches to Testing | |
| |
| |
The Nessus Approach to Testing | |
| |
| |
Dealing with False Positives | |
| |
| |
Dealing with Noise | |
| |
| |
Analyzing the Report | |
| |
| |
False Positives, and Your Part in Their Downfall | |
| |
| |
Dealing with a False Positive | |
| |
| |
Disabling a Nessus Plugin | |
| |
| |
False Positives and Web Servers-Dealing with Friendly 404s | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Under the Hood | |
| |
| |
Introduction | |
| |
| |
Nessus Architecture and Design | |
| |
| |
Host Detection | |
| |
| |
Service Detection | |
| |
| |
Information Gathering | |
| |
| |
Vulnerability Fingerprinting | |
| |
| |
Denial-of-Service Testing | |
| |
| |
Putting It All Together | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
The Nessus Knowledge Base | |
| |
| |
Introduction | |
| |
| |
Knowledge Base Basics | |
| |
| |
What Is the Knowledge Base? | |
| |
| |
Where the Knowledge Base Is Stored | |
| |
| |
Using the Knowledge Base | |
| |
| |
Information Exchange | |
| |
| |
How Plugins Use the Knowledge Base to Share Data | |
| |
| |
The Type of Data that Is Stored | |
| |
| |
Dependency Trees | |
| |
| |
Limitations | |
| |
| |
Using get_kb_item and fork | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
Enterprise Scanning | |
| |
| |
Introduction | |
| |
| |
Planning a Deployment | |
| |
| |
Define Your Needs | |
| |
| |
Network Topology | |
| |
| |
Bandwidth Requirements | |
| |
| |
Automating the Procedure | |
| |
| |
Configuring Scanners | |
| |
| |
Assigning the Tasks | |
| |
| |
System Requirements | |
| |
| |
Scanning for a Specific Threat | |
| |
| |
Best Practices | |
| |
| |
Data Correlation | |
| |
| |
Combining Reports | |
| |
| |
Differential Reporting | |
| |
| |
Filtering Reports | |
| |
| |
Third-Party Tools | |
| |
| |
Common Problems | |
| |
| |
Aggressive Scanning | |
| |
| |
Volatile Applications | |
| |
| |
Printer Problems | |
| |
| |
Scanning Workstations | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
NASL | |
| |
| |
Introduction | |
| |
| |
Why NASL? | |
| |
| |
Why Do You Want to Write (and Publish) Your Own NASL Scripts? | |
| |
| |
Structure of a NASL Script | |
| |
| |
The Description Section | |
| |
| |
An Introduction to the NASL Language | |
| |
| |
Writing Your First Script | |
| |
| |
More Advanced Scripting | |
| |
| |
The NASL Protocol APIs | |
| |
| |
The Nessus Knowledge Base | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
The Nessus User Community | |
| |
| |
Introduction | |
| |
| |
The Nessus Mailing Lists | |
| |
| |
Subscribing to a Mailing List | |
| |
| |
Sending a Message to a Mailing List | |
| |
| |
Accessing a List's Archives | |
| |
| |
The Online Plugin Database | |
| |
| |
Staying Abreast of New Plugins | |
| |
| |
Reporting Bugs via Bugzilla | |
| |
| |
Querying Existing Bug Reports | |
| |
| |
Creating and Logging In to a Bugzilla Account | |
| |
| |
Submitting a Bug Report | |
| |
| |
Submitting Patches and Plugins | |
| |
| |
Submitting Patches | |
| |
| |
Submitting Plugins | |
| |
| |
Where to Get More Information and Help | |
| |
| |
Summary | |
| |
| |
Solutions Fast Track | |
| |
| |
Frequently Asked Questions | |
| |
| |
The NASL2 Reference Manual | |
| |
| |
Introduction | |
| |
| |
History | |
| |
| |
Differences between NASL1 and NASL2 | |
| |
| |
Copyright | |
| |
| |
Comments | |
| |
| |
The NASL2 grammar | |
| |
| |
Preliminary remarks | |
| |
| |
Syntax | |
| |
| |
Types | |
| |
| |
Operators | |
| |
| |
Precedence | |
| |
| |
Loops and control flow | |
| |
| |
Declarations | |
| |
| |
The NASL2 library | |
| |
| |
Predefined constants | |
| |
| |
Built-in functions | |
| |
| |
NASL library | |
| |
| |
Hacking your way inside the interpretor | |
| |
| |
How it works | |
| |
| |
Adding new internal functions | |
| |
| |
Adding new features to the grammar | |
| |
| |
Checking the result | |
| |
| |
References | |
| |
| |
Endnotes | |
| |
| |
Utilizing Domain Credentials to Enhance Nessus Scans | |
| |
| |
Overview | |
| |
| |
Account Creation and Configuration | |
| |
| |
Manual Modifications | |
| |
| |
Nessus Scan Configuration | |
| |
| |
Comparing Scan Results | |
| |
| |
Comparing Scan 1 with Scan 2 | |
| |
| |
Comparing Scan 2 with Scan 3 | |
| |
| |
Conclusion | |
| |
| |
Index | |