This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including nessus.org) where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network.
* Nessus is the premier Open Source vulnerability assessment tool, and was recently voted the "most popular" open source security tool of any kind.
* This is the first book available on Nessus and it is written by the world's premier Nessus developers led by the creator of Nessus, Renaud Deraison.
* The dramatic success of Syngress' SNORT 2.0 INTRUSION DETECTION clearly illustrates the strong demand for books that offer comprehensive documentation of Open Source security tools that are otherwise Undocumented.
Sprache
Verlagsort
ISBN-13
978-0-08-047962-0 (9780080479620)
Schweitzer Klassifikation
ForewordChapter 1 Vulnerability Assessment Introduction What Is a Vulnerability Assessment? Why a Vulnerability Assessment? Assessment Types Automated Assessments Stand-Alone vs. Subscription The Assessment Process Two Approaches Administrative Approach The Outsider Approach The Hybrid Approach Realistic Expectations The Limitations of Automation Summary Solutions Fast Track Frequently Asked QuestionsChapter 2 Introducing Nessus Introduction What Is It? The De Facto Standard History Basic Components Client and Server The Plugins The Knowledge Base Summary Solutions Fast Track Frequently Asked QuestionsChapter 3 Installing Nessus Introduction Quick Start Guide Nessus on Linux (suse/redhat/mandrake/gentoo/debian) Nessus on Solaris Picking a Server Supported Operating Systems Minimal Hardware Specifications Network Location Source or Binary Installation from Source Software Prerequisites Obtaining the Latest Version The Four Components ./configure Configuring Nessus Creating the User Account Installing a Client Using the GTK Client Using the Windows Client Command-Line Mode Updating to the Latest Plugins Summary Solutions Fast Track Frequently Asked QuestionsChapter 4 Running Your First Scan Introduction Preparing for Your First Scan Authorization Risk vs. Benefit Starting the Nessus Client Plugins Enable Specific Plugins Using the Plugin Filter Plugin Categories Plugin Information Preferences Specify the Host Ping Configuring WWW Checks NIDS Evasion Brute Force with Hydra The SMB Scope Configuring Login Credentials Configuring SNMP Configuring Nmap Scan Options The Port Range Unscanned Ports Performance: Host and Process Count Optimized Checks Safe Checks Mode Report by MAC Address (DHCP) Detached Scan Send Results to This E-mail Address Continuous Scan Configure the Port Scanner Ignore Top-Level Wildcard Host Target Selection How to Select Targets Common Scanning Issues (Printers, etc.
