1 00:00:00,270 --> 00:00:06,150 So let's have a look at Nessus developer by Tenable Network Security is one of the most popular and capable 2 00:00:06,150 --> 00:00:11,490 vulnerability scanner. Nessus Professional is a commercial product. 3 00:00:11,550 --> 00:00:18,000 In addition, a free Nessus Home version is also available though, it's limited and only licensed for home 4 00:00:18,000 --> 00:00:18,820 network use. 5 00:00:19,840 --> 00:00:25,970 Nessus allow scans for the following types of vulnerabilities. Vulnerabilities that allow a remote hacker 6 00:00:26,420 --> 00:00:34,870 to control or access sensitive data on a system. • Misconfiguration (e.g. open mail relay, missing 7 00:00:34,870 --> 00:00:38,700 patches, etc.) . Default passwords, 8 00:00:38,920 --> 00:00:46,780 few common passwords and blank or absent passwords on some system accounts. Nessus can also call Hydraa 9 00:00:47,020 --> 00:00:55,660 (an external tool) to launch a dictionary attack. Denials of service against the TCP/IP stack by using 10 00:00:55,660 --> 00:01:05,080 malformed packets. Preparation for PCI DSS audits. In a typical operation Nessus begins by doing a 11 00:01:05,080 --> 00:01:11,170 port scan to determine which ports are open on the target and then tries various exploits on the open 12 00:01:11,170 --> 00:01:12,260 ports. 13 00:01:12,350 --> 00:01:19,390 The vulnerability tests available as subscriptions are written in NASL (Nessus attacks scripting language). 14 00:01:19,870 --> 00:01:28,410 Scripting language optimized for custom network interaction. Nessus is constantly updated with more than 15 00:01:28,410 --> 00:01:35,890 70000 plugins. Key features include remote and local authenticated security checks. 16 00:01:35,990 --> 00:01:42,870 A client/server architecture with a web based interface and an embedded scripting language for writing 17 00:01:42,870 --> 00:01:49,820 your own plugins or understanding the existing one. Optionally only the results of the scan can be reported 18 00:01:49,820 --> 00:01:56,360 in various formats such as plain text, XML, HTML and LaTeX.