Nessus Network Auditing
Learn about this open-source vulnerability scanner, how to get the most out of the tool, recognize its limitations and how to deal with them, and what makes it flexible to perform a wide range of network-based operations.
TABLE OF CONTENTS Nessus Network Auditing
Data Correlation
In this next section, we ll focus on data correlation, especially in regards to the reports that are developed.
Combining Reports
Obviously, the most important part of Nessus isn t the scan itself, but rather the scan s results. While reading dozen of Nessus reports using the Nessus GUI can prove difficult, you can easily solve this problem by building your own vulnerability database. A comprehensive database often contains reports about all of the servers that were found to be vulnerable, along with the vulnerability identification numbers, descriptions, and risk factors. Once you ve entered the data into a database, it s easy to query it and reveal which parts of the network are the most vulnerable, which vulnerabilities affect most of your servers, which servers contain a particular worm s affected vulnerabilities, and so forth.
Preparing Your Database
Before we can begin, we will need to prepare the database. For this section, our examples will use MySQL as our database server, because it is freely available for both the Linux and Windows operating systems, and is easy to use. However, any other database server can be used, instead. No matter which database server you choose, it will need to hold at least one database and one table where your information can be stored. You can easily parse Nessus NBE (Nessus BackEnd) file format with any program that can interpret content that is delimitated by the pipe sign ().
The fields the Nessus NBE returns are IP address, affected port, script ID, vulnerability type,...
Copyright Syngress Publishing, Inc. 2004 under license agreement with Books24x7
