Vulnerability Scanning With Nessus

of 09

Start Scan

After you open the Nessus graphical front-end, click on

Start Scan
of 09

Choose Targets

Next, you select the device, or devices, that you want to scan. You can input a single host name or IP address, or an IP address range. You can also use a comma-separated list to input a mass quantity of devices that aren't necessarily in the same IP range.

There is also a link to use the Address Book. Devices, or groups of devices, that you want to scan on a frequent or regular basis can be saved into the Nessus Address Book for future reference.

of 09

Pick How To Conduct Scan

Nessus scans by default using all scans and plugins except for the scans that are deemed potentially "dangerous". Dangerous plugins may potentially crash target systems and should only be used if you are sure there will be no impact to a production environment.

If you do want to run all Nessus scans, including the dangerous ones, you can select that option. You can also choose to use a pre-defined policy you have already customized using Manage Policies.

of 09

Custom Scan

Lastly, you can also choose to define your policy on the fly. The scan configuration window will open and you can click through the tabs to choose what and how to conduct the scan. I recommend that only Advanced or Expert users try this method since it requires a fair amount of knowledge about Nessus, protocols, and your network to properly execute.

of 09

Select Server

Often, you will conduct the actual Nessus scan from your local computer, or Local Host. However, if you have a different machine, or a server dedicated to running the Nessus scans, you can specify here which computer to use for conducting the scan.

of 09

Conduct Scan

Now you can start the actual scan. The scan itself can be processor, memory and network bandwidth intensive. Depending on the number of devices being scanned and their physical proximity on the network, the scan could take quite a while.

of 09

View Report

When the scan is complete, Nessus generates a report to display any findings

of 09

Scanning For Security Configuration

Nessus 3 is now able to scan systems for compliance against security configurations, as well as the ability to scan file content to look for classified or sensitive information. This functionality is only available to customers that subscribe to The Nessus Direct Feed, which costs $1200 per year per Nessus scanner. Users of the free Registered Feed will not be able to conduct these scans.

With the content scans, Nessus can be used to scan the network for PCI DSS issues such as unprotected credit card numbers, social security numbers, or drivers license numbers. It can also be used to scan for information leakage requests by searching for files that contain source code, HR compensation data or corporate financial spreadsheets.

The necessary plugins and .audit files can be downloaded from Nessus if you are a Direct Feed customer. Tenable has security configuration compliance templates for the following standards, but customers can also scan against custom security configurations to insure internal compliance:

  • NIST
  • GLBA
  • CERT
  • NSA
  • DISA
of 09

Enable Plugins

In order to conduct the configuration audits or content scans, you need to ensure that the Policy Compliance plugins are enabled.

Editor's Note: This is a legacy article. The screenshots and instructions shown are for a legacy version of the Nessus scanner. For up-to-date information on how to perform a scan using the latest version of Nessus, visit Tenable's Free On-Demand Training Site where you will find free computer based training courses for various Tenable products, including Nessus.