Install Apache Web Server

Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region). Vulnerability Assessment tools automate the cracker exploration process and let network administrators assess the security readiness of their networks. Security policies, ACLs, and signed user agreements mean little if your systems are full of exploitable holes.

If you can find the holes before a malicious intruder can, and close them, you've gone a long way toward making your network safer. Introduction of Nessus Nessus is a remote security scanner and vulnerability assessment tools for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, PDF and ASCII text, and suggests solutions for security problems. Nessus is a vulnerability scanner.

Get quality help now

Prof. Finch

Verified writer

Proficient in: Network

4.7 (346)

“ This writer never make an mistake for me always deliver long before due date. Am telling you man this writer is absolutely the best. ”

+84 relevant experts are online

Hire writer

It provides the customization capability that users could defined the security check.

It develops a attack language called NASL. By use of NASL, users could write the security check by themselves. But before writing the security check, the users must know the architecture of Nessus and study how to write the security check by NASL.

Advantage of Nessus

1. Vulnerability Discovery and Management
2. Open source system
3. Available for UNIX and Windows
4. Allows security reports to be generated in PDF or different kinks of format, it helpful to I.
   Get to Know The Price Estimate For Your Paper

   Topic

   Deadline: 10 days left

   Number of pages

   Email Invalid email

   By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email

   "You must agree to out terms of services and privacy policy"

   Write my paper

   You won’t be charged yet!

   T. professional

5. Using NASL (Nessus Attack Scripting Language) allow designed to write security test easily and quikcly
6. Up-to-date security vulnerability database 7. Biggest user base at leaset 50,000 users worldwide.

Installation of Nessus on Linux

Setup Nessus on Linux

1. Download Nessus Download Nessus core package nessus-plugins-2. 2. 6. tar. gz, libnasl-2. 2. 6. tar. gz, nessus-core-2. 2. 6. tar. gz and nessus-libraries-2. 2. 6. tar. gz from http://www. nessus. org/ to your home directory. (In this coursework, my home directory is root and I make a directory /source for nessus to setup)
2. Unzip the source file Type "tar zxvf nessus-libraries-2. 2. 6. tar. gz" and press Enter.
3. Accept default for "CA certificate life" and press Enter
4. Select Country Code Enter "HK" 2 letter country code and press Enter
5. Select State Code Enter state or province code "852" and press Enter
6. Select Location Code Enter your location "Hong Kong" and press Enter
7. Select Organization Name Enter organization name "Middlesex User" and press Enter
8. Complete Certificate Create Process Certificate process completed message press enter to exit

Create Nessus User Account

1. Make A User Account Type "nessus-adduser" to create a user account
2. Select Authentication Method Type "Nessus" to create a Nessus system account and press Enter
3. Select Authentication Method Accept default "pass" for authentication and press Enter
4. Select Authentication Password Enter password "nessus" for Nessus system account and press Enter
5. Confirm Nessus User Create Process Press ctrl-D to end user creation process, "Is that ok? " message and press "Yes" to confirm as the figure
6. Start Nessus Daemon Type "nessusd -D" to start the Nessus server service (It may take several seconds for Nessus to finish initializing.

The command prompt will return once the Nessus daemon is started

Setup Nessus Windows Client NessusWx

1. Download NessusWx Download NessusWx core packet nessuswx-1. 4. 5d from http://www. nessus. org/downlaod to your windows directory. (In this coursework, my setup directory is source and I make a directory source for NessusWx to setup)
2. Install NessusWx Client Double click the file "NessusWX. exe" on MS Windows to start the setup
3. Create NessusWx Client Database Press "OK" to accept the default setting as the figure
4. Create Connection To Nessus Server. In the NessusWx tools bar click "Communications" > "Connect" and fill the IP address, username and password as previously created of Nessus server and press Connect as the figure
5. Complete the server connection If all the information correct the log will show the connection to Nessus server with NessusWx successful establish. Active the Nessus plugin feed Type "nessus-fetch --register (code of register from Nessus) " to perform the Nessus plugin feed update
6. Update Nessus Server Plugins Type "nessus-update-plugins" to perform Nessus plugins up today.

Fine Tune The Vulnerability Scan Session Properties

1. Create Session Host Perform Vulnerability Scan Open Nessus console in the NessusWx tools bar click "session" > "new", enter the session name for report reference and click "Create" as the figure. (In this coursework, my target host for vulnerability scanning is Cisco 1814 Router of Asiaworld-expo)
2. Fine Tune Session Properties In session properties screen of Nessus console click "targets" > "Add" > "select Single host" and fill the host IP address or name press "OK" as the figure (In this coursework, I enter IP address of Cisco router 203.86. 133. 1 as the target host)
3. Fine Tune Port Scan Options In session properties screen of Nessus console click "Port Scan" > select "Privileged ports (1-1024)" port range to scan and click "Enable" to select all the "Port Scanners" options as the figure.
4. Fine Tune Plugins Options In session properties screen of Nessus console click "Plugins" > select "Use session-specific plugin set" > click "select plugins", in the Plugin list of Nessus console click "Enable All" to perform the vulnerability scan as the figure
5. Complete the Session Properties.

After finish all the configuration of the vulnerability scan properties, click "OK" to close the Session Properties screen

Perform Vulnerability Scan and Generate Security Report

1. Create Session Host Perform Vulnerability Scan Open Nessus console select the session previously created and right click "Execute" as the figure
2. Fine Tune Execute Sessions Options In the Execute Sessions screen select "Enable session saving" and "Enable KB saving" and click "Execute" to perform vulnerability scan as the figure
3. Nessus Vulnerability Scan Progress.

After select execute the vulnerability scan Nessus console will display the scanning status click "Close" to complete the session as the figure Step 4: Generate Vulnerability Report In the Manage Session Results screen high light the session of previously generated select "Report" and export to PDF format as the figure Network Vulnerability Assessment Report The Nessus network vulnerability assessment report provide different format like html or PDF the detail information will show up the system vulnerability and severity level to perform improve it as the figure Network Vulnerability Assessment Report.