Vulnerability Assessment
◾
127
Scan
This tab is where we would spend most of our time after the policies tab. This enables us to scan
the targets for vulnerabilities.
Policies
Policies are a core component of Nessus. In policies, we define what type of scan we want to per-
form
on the target, which plug-ins to use, what targets should
be excluded, what types of scans
should be excluded, and so on.
Users
This is where we can add and delete users that can access the nessus.
Configuration
Configuration allows us to use a proxy and a bunch of other options for scanning.
Default Policies
As mentioned before, policies let us customize the type of scan and plug-ins we want to use to scan
a target. Nessus comes preloaded with several default policies. Each policy has a different objective
and is meant for different types of pentests. Some of the default policies are as follows:
◾
External network scan
◾
Internal network scan
◾
Web app tests
◾
Prepare for PCI DSS audits
The Nessus guidelines document, available
on the official website, contains information about
each of the default policies. Understanding the policies listed in this document will help in using
Nessus more effectively.
Policy name
Description
External
network scan
This policy is tuned to scan externally facing hosts, which typically
present fewer services to
the network. The plugins associated with known web application vulnerabilities (CGI Abuses
and CGI Abuses: XSS plugin families) are enabled in this policy. In addition, all 65,536 ports
(including port 0 via separate plugin) are scanned for on each target.
Internal
network scan
This policy is
tuned for better performance, taking into account that it may be used to scan
large internal networks with many hosts, several exposed services,
and embedded systems such
as printers. CGI Checks are disabled and a standard set of ports is scanned for, not all 65,535.
Web app tests
If you want to scan your systems and have Nessus detect both known and unknown vulner-
abilities
in your web applications, this is the scan policy for you. The fuzzing capabilities in
Nessus are enabled in this policy, which will cause Nessus to spider all discovered websites
and then look for vulnerabilities present
in each of the parameters, including XSS, SQL, com-
mand injection and several more. This policy will identify issues via HTTP and HTTPS.
Prepare for
PCI DSS audits
This policy enables the built-in PCI DSS compliance checks that compare scan results with
the PCI standards and produces a report on your compliance posture.
It is very important to
note that a successful compliance scan does not guarantee compliance or a secure infrastruc-
ture. Organizations preparing for a PCI DSS assessment can use this policy to prepare their
network and systems for PCI DSS compliance.