Make Nessus Your New Security Tool of Choice

Wednesday, 13 November 2002, 2:15 PM EST

No ace sysadmin should be without Nessus, it's the utility of choice for hardcore security scanning. Nessus is based on nmap, the excellent port scanner by Fyodor. Primarily authored by Renaud Deraison, it adds a nice graphical interface and loads of attack functions.

A nice use for that elderly Pentium sitting around getting in the way is to turn it into a security-monitoring box. There are a wealth of good free network utilities that run on Unix/Linux, give that old PC a useful job to do.

Getting Nessus ready to use is a two-step process: install the server, configure the client. The client, nessus, is the user interface to the server, nessusd. Nessus is multi-user, users are managed with access control lists. It runs either in X, or from the console. Nmap is required, and the Gtk toolkit for running Nessus in X. OpenSSL is not required, but is recommended for communication between the client and server, and for testing SSL services. A good Windows client is available, NessusWX; both the *nix and Windows versions are licensed under the GPL.

[ Read more ]

Related items


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th