Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Nessus Control Panel
- Default Policies
|
Nessus Control Panel
Nessus control panel is divided into the following six main components: Reports This would be our actual findings compiled in the form of a report. Mobile This is a new feature added to the latest version of nessus for scanning mobile devices located on a network. Vulnerability Assessment ◾ 127 Scan This tab is where we would spend most of our time after the policies tab. This enables us to scan the targets for vulnerabilities. Policies Policies are a core component of Nessus. In policies, we define what type of scan we want to per- form on the target, which plug-ins to use, what targets should be excluded, what types of scans should be excluded, and so on. Users This is where we can add and delete users that can access the nessus. Configuration Configuration allows us to use a proxy and a bunch of other options for scanning. Default Policies As mentioned before, policies let us customize the type of scan and plug-ins we want to use to scan a target. Nessus comes preloaded with several default policies. Each policy has a different objective and is meant for different types of pentests. Some of the default policies are as follows: ◾ External network scan ◾ Internal network scan ◾ Web app tests ◾ Prepare for PCI DSS audits The Nessus guidelines document, available on the official website, contains information about each of the default policies. Understanding the policies listed in this document will help in using Nessus more effectively. Policy name Description External network scan This policy is tuned to scan externally facing hosts, which typically present fewer services to the network. The plugins associated with known web application vulnerabilities (CGI Abuses and CGI Abuses: XSS plugin families) are enabled in this policy. In addition, all 65,536 ports (including port 0 via separate plugin) are scanned for on each target. Internal network scan This policy is tuned for better performance, taking into account that it may be used to scan large internal networks with many hosts, several exposed services, and embedded systems such as printers. CGI Checks are disabled and a standard set of ports is scanned for, not all 65,535. Web app tests If you want to scan your systems and have Nessus detect both known and unknown vulner- abilities in your web applications, this is the scan policy for you. The fuzzing capabilities in Nessus are enabled in this policy, which will cause Nessus to spider all discovered websites and then look for vulnerabilities present in each of the parameters, including XSS, SQL, com- mand injection and several more. This policy will identify issues via HTTP and HTTPS. Prepare for PCI DSS audits This policy enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture. It is very important to note that a successful compliance scan does not guarantee compliance or a secure infrastruc- ture. Organizations preparing for a PCI DSS assessment can use this policy to prepare their network and systems for PCI DSS compliance. |