O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Nessus Network Auditing, 2nd Edition

Book Description

The Updated Version of the Bestselling Nessus Book. This is the ONLY Book to Read if You Run Nessus Across the Enterprise. Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, vendor, and practitioner alike, many of whom rely on Nessus as the foundation to their security practices. Now, a team of leading developers have created the definitive book for the Nessus community. Perform a Vulnerability Assessment Use Nessus to find programming errors that allow intruders to gain unauthorized access. Obtain and Install Nessus Install from source or binary, set up up clients and user accounts, and update your plug-ins. Modify the Preferences Tab Specify the options for Nmap and other complex, configurable components of Nessus. Understand Scanner Logic and Determine Actual Risk Plan your scanning strategy and learn what variables can be changed. Prioritize Vulnerabilities Prioritize and manage critical vulnerabilities, information leaks, and denial of service errors. Deal with False Positives Learn the different types of false positives and the differences between intrusive and nonintrusive tests. Get Under the Hood of Nessus Understand the architecture and design of Nessus and master the Nessus Attack Scripting Language (NASL). Scan the Entire Enterprise Network Plan for enterprise deployment by gauging network bandwith and topology issues.

  • Nessus is the premier Open Source vulnerability assessment tool, and has been voted the "most popular" Open Source security tool several times.
  • The first edition is still the only book available on the product.
  • Written by the world's premier Nessus developers and featuring a foreword by the creator of Nessus, Renaud Deraison.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Technical Editor
  6. Contributing Authors
  7. Chapter 1. Vulnerability Assessment
    1. Introduction
    2. What Is a Vulnerability Assessment?
    3. Automated Assessments
    4. Two Approaches
    5. Realistic Expectations
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  8. Chapter 2. Introducing Nessus
    1. Introduction
    2. What Is It?
    3. The De Facto Standard
    4. History
    5. Basic Components
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  9. Chapter 3. Installing Nessus
    1. Introduction
    2. Nessus Version Comparison
    3. Picking a Server
    4. Nessus 2.2.x Install Guide
    5. Nessus 3 Install Guide
    6. Configuring Nessus for UNIX
    7. Final Steps
    8. Installing a Client
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  10. Chapter 4. Running Your First Scan
    1. Introduction
    2. Preparing for Your First Scan
    3. Starting the Nessus Client
    4. Policies
    5. Target Selection
    6. Starting the Scan
    7. Nessus Command Line
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  11. Chapter 5. Interpreting Results
    1. Introduction
    2. The Nessus UI Basics
    3. Reading a Nessus Report
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  12. Chapter 6. Vulnerability Types
    1. Introduction
    2. Critical Vulnerabilities
    3. Information Leaks
    4. Denial of Service
    5. Best Practices
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  13. Chapter 7. False Positives
    1. Introduction
    2. What Are False Positives?
    3. Why False Positives Matter
    4. Dealing with False Positives
    5. Dealing with a False Positive
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  14. Chapter 8. Under the Hood
    1. Introduction
    2. Nessus Architecture and Design
    3. Host Detection
    4. Service Detection
    5. Information Gathering
    6. Vulnerability Fingerprinting
    7. Denial-of-Service Testing
    8. Putting It All Together
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  15. Chapter 9. The Nessus Knowledge Base
    1. Introduction
    2. Knowledge Base Basics
    3. Information Exchange
    4. Limitations
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  16. Chapter 10. Enterprise Scanning
    1. Introduction
    2. Planning a Deployment
    3. Configuring Scanners
    4. Data Correlation
    5. Common Problems
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  17. Chapter 11. NASL
    1. Introduction
    2. Why NASL?
    3. Structure of a NASL Script
    4. An Introduction to the NASL Language
    5. The Nessus Knowledge Base
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  18. Chapter 12. The Nessus User Community
    1. Introduction
    2. The Nessus Mailing Lists
    3. The Online Plug-In Database
    4. Reporting Bugs via Bugzilla
    5. Submitting Patches and Plug-Ins
    6. Where to Get More Information and Help
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  19. Chapter13. Compliance Monitoring with Nessus 3
    1. Introduction
    2. Understanding Compliance
    3. The Nessus Compliance Engine
    4. Using Nessus 3 Auditing
    5. Nessus 3 Reporting
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  20. Index