Vulnerability scanners are tools used to probe and reveal network security weaknesses. There are two types of vulnerability scanners:
•
Passive vulnerability scanners: A passive vulnerability scanner (PVS) monitors
network traffic at the packet layer to determine topology, services, and vulnerabilities. It
avoids the instability that can be introduced to a system by actively scanning for
vulnerabilities. Some examples of PVSs are the Tenable PVS and NetScanTools Pro.
•
Active vulnerability scanners: Whereas passive scanners can only gather
information, active vulnerability scanners (AVS) can take action to block an attack, such
as block a dangerous IP address. They can also be used to simulate an attack to assess
readiness. They operate by sending transmissions to nodes and examining the responses.
Because of this, these scanners may disrupt network traffic. Examples include Nessus
and Microsoft Baseline Security Analyzer (MBSA).
After installing Nessus, it will open a web browser and ask you to connect via SSL (port 8834)
. Click Connect via SSL.
Create a login and click
Continue.
Choose Scanner Type: Home, Professional or Manager (the free Home version is limited to scanning 16 IP addresses) > type the Activation Code > click Continue. You
can obtain an activation code from this link and register using a non-public email account, i.e Gmail, Yahoo, etc.
Nessus will download its plugins from the cloud (plugins.nessus.org) which takes a few minutes to finish.
To perform a basic network vulnerability scan, go to Scans > My Scans > Create a new scan.
Choose Basic Network Scan.
Under Settings > Basic General > type
a Name, Description, leave the default Folder: My Scans > type the IP
address (in CIDR notation) under Targets.
You can configure a periodic scan under Settings > Basic > Schedule > modify the
Frequency, Start time and Timezone. In this case I disabled the scheduled scan (default).
You can send the scan reports under Settings > Basic > Notifications > Email Recipient(s)
> type the email address (separate by a comma). Note you need to configure
your SMTP Server first.
Under Settings > Discovery > Scan Type > leave
the default: Port can (common ports).
Under Settings > Assessment > Scan Type > leave
the default: Default.
Under Settings > Report > leave the default
options ticked.
Under Settings > Advanced > leave the default Scan
Type: Default.
There's no need to add Credentials and Plugins in this case. Click Save at the bottom and the newly
created scan appear.
Tick the created scan (SCAN-1) >
click More > choose Launch.
Click
Launch to continue.
The
basic network scan will begin to run (green loading icon). The scan will run for several minutes and will depend how big the scanned IP range and active hosts.
It will show a check mark when it has finished running the scan.
Nessus will list the host and the vulnerabilities associated with it. This is the result of the vulnerability scan in my virtual lab.
Click on a specific host/IP address to list all of its vulnerabilities. This is the vulnerability scan of my Metasploitable Linux machine. Notice there's a lot of vulnerabilities which is intended on this machine.
Click a specific vulnerability to display its severity, description and patching solution.
This is the vulnerability scan of my Windows 7 machine (where Nessus is installed). It was included since it's part of the 192.168.1.0/24 range.
This is the vulnerability scan of my Windows 2012 R2 server.
This is the vulnerability scan of my Ubuntu Linux machine.
This is the vulnerability scan of my Kali Linux machine.
This is the vulnerability scan of my Cisco IOU Layer 2 Switch.
This is the vulnerability scan of my Cisco ASA firewall.
You can also export the results on a PDF report. Just click
Export > PDF > choose Executive Summary > then Export.