Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-26-2006, 01:29 AM
|
#1
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Rep:
|
vuneralibilty scanning
What is the preferred utility for vuneralibilty scanning on a network Nessus or nmap?
|
|
|
03-26-2006, 04:08 AM
|
#2
|
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290
|
It really depends on what you want to do. Nessus is good at finding open ports and trying different sort of tricks with TCP (e.g. a XMAS tree scan) to probe routers and firewalls. Nessus checks versions of applications against known vulnerabilities and may attempt actual application layer attacks. Both tools are very useful, and I also like SARA, which I've been using a lot lately. Why don't you try them all out in a test lab and decide for yourself which you like the best for various tasks?
|
|
|
03-26-2006, 07:38 PM
|
#3
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
I get the impression that nessus is a lot more powerful then nmap!
I download Nessus 3.02 and the documentation is very shabby. Can you point me to another url that would be helpful?
Last edited by metallica1973; 03-26-2006 at 07:39 PM.
|
|
|
03-26-2006, 07:53 PM
|
#4
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep: 
|
The install docs at http://www.nessus.org/documentation/...hp?doc=install worked for me so I'd recommend them. The demo stuff at http://www.nessus.org/demo/ I haven't used for a while, but it used to be pretty good too.
Nessus has a broader scope than nmap and can be used to report on known vulnerabilities on the hosts that it finds. I tend to use nmap as a first level tool to find out what ports are open on PCs and sometimes to scan for what version of software is running (with -sV).
|
|
|
03-27-2006, 03:42 PM
|
#5
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
gilead, forgive me for asking this but from doing a little more research Nessus has alot broader range that nmap and from what I can tell from this link
http://netsecurity.about.com/gi/dyna...m/infocus/1741
Most of the work in done internally from different points and to becareful becuase certain scans can bring down your network and get you fired or a law suite. It can test application for flaws(
web server,SQL servers,DDOS attacks and other flaws. I can truly understand that aspect of it but that does clarify the outside aspect of vunerability flaws. Can I and should I use Nessus externally to look for vunerabilities outside of the network or should I use something less powerful like nmap?
|
|
|
03-27-2006, 05:20 PM
|
#6
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep: 
|
I'm no lawyer, so don't take this as legal advice. It's just me speaking as someone who does testing in a very conservative organisation.
If you're scanning hosts on the internet, check your ISP's service agreement to make sure that doing this is OK. Some people see scans as an indicator that an attack is happening and may lodge a complaint with your ISP. For hosts on your LAN, you should get approval from a system administrator, or at least let them know what you're doing if you own the boxes being scanned.
All that apart - if you have approval to run the scans, run them. You're right that nessus can cause crashes (that's a big part of the reason for my caution), but you won't find vulnerable points on your boxes without stressing them. That includes load tests, bad data tests, etc. as well as nessus/nmap scans.
|
|
|
03-27-2006, 08:43 PM
|
#7
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
I wouldnt be probing host on the internet, only mine with my static ip.I would like to scan my firewall thus my network from the outside.should I load Nessusd on my firewall and then from a laptop load Nessus client and then go to a friends house and start the testing? Thanks
|
|
|
03-27-2006, 09:17 PM
|
#8
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep: 
|
You can do that and it should work. And it should be fun to see what it reports
Depending on your network bandwidth (and how much time you have) it might be faster to run the nessus scan from your localhost since that will identify all of the running services and do the analysis for you. Then just run nmap from your friend's house to determine your open ports. I'm assuming that you don't have something listening on your internet network interface that isn't also running on your local network interface.
|
|
|
03-27-2006, 10:20 PM
|
#9
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
Gilead
Thanks alot for you help. Other senior members are very paranoid of giving out information is fear of the unexpected. You have very helpful and really appriecated.
|
|
|
03-27-2006, 10:40 PM
|
#10
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep: 
|
Well, I'm going to look very foolish unless I mention that you'll need to allow TCP connections back to your server on port 1241 so that your nessus client can talk to your nessus server (under version 2.2.7 anyway)
Sorry - I forgot that earlier.
|
|
|
All times are GMT -5. The time now is 06:54 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|