The following is a simple how-to guide for installing, configuring, and running your first vulnerability scan using NessusWX Windows client. The instructions do not include in depth explanations as it is assumed that you are familiar with benefits of using Nessus and have a general working knowledge of Windows.
As with any software installation, your results may vary depending on machine operating system and patch levels being used. The installation steps were conducted using of NessusWX 1.4.4 on several Windows operating systems and patch levels including XP, 2000, and 2003 Server to insure accuracy. It is recommended that installation be conducted using ďadminĒ account or equivalent to avoid rights issues.
If installation process completed successfully, you now have a NessusWX desktop icon and Start/Programs/NessusWX menu listing.
- Download and save self-extracting version of NessusWX for Intel platforms from http://nessuswx.nessus.org/ to a temp directory on your hard drive. (nessuswx-1.4.4-install.exe, 1413KB in size);
- Double-click NessusWX-1.4.4-install.Exe to start installation process;
- If using XP SP2 you may be prompted with a warning message that publisher could not be verified, click <Run>
- At "Welcome to Installation Wizard" screen click <Next>
- At "License Agreement" screen read license terms, check "Yes, I agree with all terms of this license agreement", click <Next>;
- At "Destination Folder" screen enter desired location for NessusWX, or accept default of C:Program FilesNessusWX, click <Next>;
- At "Setup Type" screen select "Binaries Only", or if you wish source files included select "Binaries & Source", click <Next>;
- At "Program Group" screen select desired program group, or leave at default of NessusWX, click <Next>;
- At "Ready to Install Program" screen click <Next>;
- At "Installation Complete" screen click <Ok>.
Configuration of NessusWX
Before configuring NessusWX client, you need some information concerning Nessus server you will be using. Please contact you Nessus server administrator for assistance if needed.
Nessus server IP: _______________________
Nessus port number: _____________________ (default is 1241)
Max simultaneous hosts: __________________ (default is 16)
Max security checks per host: ______________ (default is 10)
Your Nessus login name: __________________
Your Nessus login password: _______________
Maximum simultaneous hosts, and maximum security checks per host, refers to number simultaneous scans that will be performed. It is possible to optimize a Nessus server to support more then default settings and to use a different port. If in this information is not available or unknown use default values.
Your Nessus Server administrator has ability to limit what IP range(s) you can scan based on your login name. Speak with your Nessus server administrator and determine what limits, if any, have been established.
- Upon executing NessusWX you will be prompted with "Settings" screen, "General" tab,requesting database directory information. By default NessusWX uses C:NessusDB to storescan result. The database location can be a network drive if you wish to store results on a network drive for security purposes. Select defaults value or change to desired directory, click <Ok>
- If directory you selected does not exist, you will be prompted with a creation message, click <Yes>
- Select "Communications/Connect" menu option
- Change default Server "Name", from default 127.0.0.1, to desired Nessus server;
- Change default Server "Port Number", from 1241, to desired Nessus server port if needed;
- By default, NessusWX selects TLSv1 as encryption option;
- Select "Authentication by Password" radio button;
- Check save password checkbox;
- Change default Authentication "Login" value to your Nessus login name;
- Enter your Nessus login name password, click <Connect>
- You will be prompted with New Server Certificate window displaying Nessus server certificate information, click <Accept & Save>
If userid/password information you entered is correct, you will receive a brief message that NessusWX is downloading plugin information. Upon download completion, something similar to following will be displayed at bottom of NessusWX screen:
Connection with server [xxx.xxx.xxx.xxx] established
xxxx plugins loaded
xxxx preferences received
xxxx rules received
You now have a fully functioning copy of NessusWX installed, have connected to a Nessus Server, and are ready to being performing vulnerability scans.
Before You Scan
Before performing vulnerability scanning, a few cautions and recommendations should be considered:
- Make sure you are acting within your authority. Most companies have strict policies about who can perform vulnerability scanning and on what equipment. Acting outside your authority with a vulnerability scanner could lead to your dismissal;
- Absent Nessus server based rules that limit what IP ranges you can test, obtain written permission on what you are and are not permitted to perform vulnerability test on;
- Vulnerability scanning can leave equipment in an unstable state. This is practically true if performing Denial of Service tests and/or testing systems are very poorly configured. Nessus vulnerability scanning is normally not destructive and rebooting affected equipment will return it to correct operational state;
- NessusWX has a selection for "Safe checks" that disables most dangerous scripts from executing and instead relies on banners information to determine vulnerability rather than exploiting real flaw. However, it is still possible to leave equipment in an unstable state;
- If your company uses an intrusion detection system, performing vulnerability scanning on network will most likely trigger intrusion alerts. Vulnerability scanning is very "noisy" and easily detected by most intrusion detection systems;
- If you are performing vulnerability scans across internet verify your ISP will not object, that your scanning will not trigger their intrusion detection system, and request documentation concerning scanning polices and rules that you must follow;
- Exercise common sense when performing vulnerability scans. For example, itís most likely not a good idea to run a Denial of Services test on your core router during normal business hours;
- NEVER SCAN EQUIPMENT THAT YOU ARE NOT EXPRESSLY AUTHORIZED TO SCAN. Doing so could result in lawsuits, bad press, jail, ISP termination, and unemployment just to name a few. Running a Denial of Services test against your competitorís web site for example, will most likely result in several unwanted events occurring once you and your company are identified as cause.