What is the preferred utility for vuneralibilty scanning on a network Nessus or nmap?

It really depends on what you want to do. Nessus is good at finding open ports and trying different sort of tricks with TCP (e.g. a XMAS tree scan) to probe routers and firewalls. Nessus checks versions of applications against known vulnerabilities and may attempt actual application layer attacks. Both tools are very useful, and I also like SARA, which I've been using a lot lately. Why don't you try them all out in a test lab and decide for yourself which you like the best for various tasks?

I get the impression that nessus is a lot more powerful then nmap!

I download Nessus 3.02 and the documentation is very shabby. Can you point me to another url that would be helpful?

The install docs at http://www.nessus.org/documentation/...hp?doc=install worked for me so I'd recommend them. The demo stuff at http://www.nessus.org/demo/ I haven't used for a while, but it used to be pretty good too.

Nessus has a broader scope than nmap and can be used to report on known vulnerabilities on the hosts that it finds. I tend to use nmap as a first level tool to find out what ports are open on PCs and sometimes to scan for what version of software is running (with -sV).

gilead, forgive me for asking this but from doing a little more research Nessus has alot broader range that nmap and from what I can tell from this link

http://netsecurity.about.com/gi/dyna...m/infocus/1741

Most of the work in done internally from different points and to becareful becuase certain scans can bring down your network and get you fired or a law suite. It can test application for flaws(
web server,SQL servers,DDOS attacks and other flaws. I can truly understand that aspect of it but that does clarify the outside aspect of vunerability flaws. Can I and should I use Nessus externally to look for vunerabilities outside of the network or should I use something less powerful like nmap?

I'm no lawyer, so don't take this as legal advice. It's just me speaking as someone who does testing in a very conservative organisation.

If you're scanning hosts on the internet, check your ISP's service agreement to make sure that doing this is OK. Some people see scans as an indicator that an attack is happening and may lodge a complaint with your ISP. For hosts on your LAN, you should get approval from a system administrator, or at least let them know what you're doing if you own the boxes being scanned.

All that apart - if you have approval to run the scans, run them. You're right that nessus can cause crashes (that's a big part of the reason for my caution), but you won't find vulnerable points on your boxes without stressing them. That includes load tests, bad data tests, etc. as well as nessus/nmap scans.

I wouldnt be probing host on the internet, only mine with my static ip.I would like to scan my firewall thus my network from the outside.should I load Nessusd on my firewall and then from a laptop load Nessus client and then go to a friends house and start the testing? Thanks

You can do that and it should work. And it should be fun to see what it reports

Depending on your network bandwidth (and how much time you have) it might be faster to run the nessus scan from your localhost since that will identify all of the running services and do the analysis for you. Then just run nmap from your friend's house to determine your open ports. I'm assuming that you don't have something listening on your internet network interface that isn't also running on your local network interface.

Gilead

Thanks alot for you help. Other senior members are very paranoid of giving out information is fear of the unexpected. You have very helpful and really appriecated.

Well, I'm going to look very foolish unless I mention that you'll need to allow TCP connections back to your server on port 1241 so that your nessus client can talk to your nessus server (under version 2.2.7 anyway)

Sorry - I forgot that earlier.