Running your first scan using NessusWX

Written by Lew Newlin

The following is a simple how-to guide for installing, configuring, and running your first vulnerability scan usingrepparttar NessusWX Windows client. The instructions do not include in depth explanations as it is assumed that you are familiar with benefits of using Nessus and have a general working knowledge of Windows.

As with any software installation, your results may vary depending onrepparttar 132007 machine operating system and patch levels being used. The installation steps were conducted using of NessusWX 1.4.4 on several Windows operating systems and patch levels including XP, 2000, and 2003 Server to insure accuracy. It is recommended thatrepparttar 132008 installation be conducted usingrepparttar 132009 ďadminĒ account or equivalent to avoid rights issues.

Install NessusWX

  • Download and saverepparttar 132010 self-extracting version of NessusWX for Intel platforms from to a temp directory on your hard drive. (nessuswx-1.4.4-install.exe, 1413KB in size);
  • Double-click NessusWX-1.4.4-install.Exe to startrepparttar 132011 installation process;
  • If using XP SP2 you may be prompted with a warning message thatrepparttar 132012 publisher could not be verified, click <Run>
  • Atrepparttar 132013 "Welcome torepparttar 132014 Installation Wizard" screen click <Next>
  • Atrepparttar 132015 "License Agreement" screen readrepparttar 132016 license terms, check "Yes, I agree with allrepparttar 132017 terms of this license agreement", click <Next>;
  • Atrepparttar 132018 "Destination Folder" screen enterrepparttar 132019 desired location for NessusWX, or acceptrepparttar 132020 default of C:Program FilesNessusWX, click <Next>;
  • Atrepparttar 132021 "Setup Type" screen select "Binaries Only", or if you wishrepparttar 132022 source files included select "Binaries & Source", click <Next>;
  • Atrepparttar 132023 "Program Group" screen selectrepparttar 132024 desired program group, or leave atrepparttar 132025 default of NessusWX, click <Next>;
  • Atrepparttar 132026 "Ready to Installrepparttar 132027 Program" screen click <Next>;
  • Atrepparttar 132028 "Installation Complete" screen click <Ok>.
Ifrepparttar 132029 installation process completed successfully, you now have a NessusWX desktop icon and Start/Programs/NessusWX menu listing.

Configuration of NessusWX

Before configuringrepparttar 132030 NessusWX client, you need some information concerningrepparttar 132031 Nessus server you will be using. Please contact you Nessus server administrator for assistance if needed.

     Nessus server IP: _______________________

     Nessus port number: _____________________ (default is 1241)

     Max simultaneous hosts: __________________ (default is 16)

     Max security checks per host: ______________ (default is 10)

     Your Nessus login name: __________________

     Your Nessus login password: _______________

Maximum simultaneous hosts, and maximum security checks per host, refers torepparttar 132032 number simultaneous scans that will be performed. It is possible to optimize a Nessus server to support more thenrepparttar 132033 default settings and to use a different port. If in this information is not available or unknown userepparttar 132034 default values.

Your Nessus Server administrator hasrepparttar 132035 ability to limit what IP range(s) you can scan based on your login name. Speak with your Nessus server administrator and determine what limits, if any, have been established.

  • Upon executing NessusWX you will be prompted withrepparttar 132036 "Settings" screen, "General" tab,requesting database directory information. By default NessusWX uses C:NessusDB to storescan result. The database location can be a network drive if you wish to store results on a network drive for security purposes. Selectrepparttar 132037 defaults value or change torepparttar 132038 desired directory, click <Ok>
  • Ifrepparttar 132039 directory you selected does not exist, you will be prompted with a creation message, click <Yes>
  • Select "Communications/Connect" menu option
    • Changerepparttar 132040 default Server "Name", fromrepparttar 132041 default, torepparttar 132042 desired Nessus server;
    • Changerepparttar 132043 default Server "Port Number", from 1241, torepparttar 132044 desired Nessus server port if needed;
    • By default, NessusWX selects TLSv1 as encryption option;
    • Select "Authentication by Password" radio button;
    • Check save password checkbox;
    • Changerepparttar 132045 default Authentication "Login" value to your Nessus login name;
    • Enter your Nessus login name password, click <Connect>
    • You will be prompted with New Server Certificate window displayingrepparttar 132046 Nessus server certificate information, click <Accept & Save>

Ifrepparttar 132047 userid/password information you entered is correct, you will receive a brief message that NessusWX is downloading plugin information. Upon download completion, something similar torepparttar 132048 following will be displayed atrepparttar 132049 bottom ofrepparttar 132050 NessusWX screen:

     Using <NTP/1.2>

     Connection withrepparttar 132051 server [] established

     xxxx plugins loaded

     xxxx preferences received

     xxxx rules received

You now have a fully functioning copy of NessusWX installed, have connected to a Nessus Server, and are ready to being performing vulnerability scans.

Before You Scan

Before performing vulnerability scanning, a few cautions and recommendations should be considered:

  • Make sure you are acting within your authority. Most companies have strict policies about who can perform vulnerability scanning and on what equipment. Acting outside your authority with a vulnerability scanner could lead to your dismissal;
  • Absent Nessus server based rules that limit what IP ranges you can test, obtain written permission on what you are and are not permitted to perform vulnerability test on;
  • Vulnerability scanning can leave equipment in an unstable state. This is practically true if performing Denial of Service tests and/or testing systems are very poorly configured. Nessus vulnerability scanning is normally not destructive and rebootingrepparttar 132052 affected equipment will return it torepparttar 132053 correct operational state;
  • NessusWX has a selection for "Safe checks" that disablesrepparttar 132054 most dangerous scripts from executing and instead relies on banners information to determine vulnerability rather than exploitingrepparttar 132055 real flaw. However, it is still possible to leave equipment in an unstable state;
  • If your company uses an intrusion detection system, performing vulnerability scanning onrepparttar 132056 network will most likely trigger intrusion alerts. Vulnerability scanning is very "noisy" and easily detected by most intrusion detection systems;
  • If you are performing vulnerability scans acrossrepparttar 132057 internet verify your ISP will not object, that your scanning will not trigger their intrusion detection system, and request documentation concerning scanning polices and rules that you must follow;
  • Exercise common sense when performing vulnerability scans. For example, itís most likely not a good idea to run a Denial of Services test on your core router during normal business hours;
  • NEVER SCAN EQUIPMENT THAT YOU ARE NOT EXPRESSLY AUTHORIZED TO SCAN. Doing so could result in lawsuits, bad press, jail, ISP termination, and unemployment just to name a few. Running a Denial of Services test against your competitorís web site for example, will most likely result in several unwanted events occurring once you and your company are identified asrepparttar 132058 cause.

Business case for an information security awareness program

Written by Gary Hinson

Cont'd on page 2 ==> © 2005
Terms of Use