What Is Nessus
|

What is Nessus: Running Your First Vulnerability Scan

ByAndrew Lugsden

What Is Nessus Vulnerability Scanner

Nessus is a vulnerability-scanning tool, developed by the company Tenable. Nessus can be used to automatically search for security vulnerabilities and configuration issues in your devices, software, websites, and can also scan cloud infrastructure.

Table of Contents
    This article includes information regarding Tenable products.  Forge Secure is now a Tenable partner and reseller which should be taken into account with any reviews or recommendations.

    Why Nessus Should Be Used

    Vulnerabilities are identified over time for many devices, products, and services. The National Vulnerability Database has received over 16,000 new vulnerability submissions just in 2024, as of May.

    In some cases, the default configuration of devices and services doesn’t make use of the most secure options available.

    Due to these reasons, devices can be vulnerable at the point of their initial installation, and become more vulnerable over time as vulnerabilities are identified.

    Vulnerability scanning can be used as part of risk assessments to find vulnerabilities in a device or service and provide the information you need to take action and address these vulnerabilities, protecting your business from evolving threats.

    How Nessus Scans Work

    How Nessus Works

    Tenable and the Nessus team continually develop “plugins” to perform specific actions such as identifying new vulnerabilities. As of May 2024, Nessus maintains a vast plugin database with over 210,000 plugins listed which cover over 85,000 unique vulnerabilities.

    When a vulnerability scan is run, Nessus will attempt to establish a connection to your network devices and run through these plugins to identify the type of device, the operating system, any running services, the specific versions of these services, and other useful information.

    As more information is gathered, vulnerability detection tests are also run to determine what security weaknesses your devices are affected by, what updates may be missing, and what known vulnerabilities your devices are impacted by.

    This information is presented within a user interface and can be configured to run on a set schedule and provide email notifications when completed.

    Nessus Licences And Their Features

    Nessus has several available licenses, which provide different features, depending on your requirements.

    Tenable Nessus Essentials

    Tenable Nessus Essentials

    Nessus Essentials is a free version of the Nessus scanning tool which provides some of the core vulnerability scanning features but is limited to scanning 16 IP Addresses.

    Nessus Essentials can be a great option to become more familiar with the Nessus tool without having to invest in a licensed version and allows you to set up regular vulnerability scans for a small number of devices.

    Tenable Nessus Professional

    Tenable Nessus Professional

    Nessus Professional removes the restrictions on the number of devices you can run vulnerability scans against and provides a great option for many businesses that would like to manage their own automated vulnerability assessments.

    The professional license also includes built-in options for compliance scans, configuration scans, and security audits, making Nessus Professional a more well-rounded tool for vulnerability assessments.

    These features can be incredibly useful for improving the security of all of your devices, physical or virtual, and adhering to best practice guidelines.

    Tenable Nessus Expert

    Tenable Nessus Expert

    Nessus Expert provides further features to become a complete security solution for your business.

    Dedicated web application scanning tools are available to assess your websites for a range of security vulnerabilities specific to web applications and API’s.

    An external attack surface scanning feature is also provided which can be used to search for internet-accessible assets. This can be useful for organizations to discover all of their subdomains and internet-accessible services that have been set up over time.

    Compliance auditing of your cloud infrastructure can also be conducted, ensuring your environments are free from vulnerabilities and align with a number of best practices.

    Tenable Nessus Agents

    Tenable Nessus Agents

    While not a dedicated product by itself, Nessus Agents are available with tools such as Tenable Vulnerability Management.

    Nessus Agents are installed on lots of individual user devices and only perform a scan of their own device. The information is then submitted to a central platform when a network connection is available.

    With other Nessus scanning tools, the software is installed on a single device and used to scan other devices within your business. This is a great solution providing a continuous network connection is available during the scanning process.

    However, where there are disruptions to the connection, which can occur if users are working remotely or continually on the move for calls and meetings, the vulnerability scans can fail. It can then be difficult for scheduled scans to gather a complete picture of your company’s state of security.

    Nessus Agents solve this problem of devices being more dispersed across remote workers, people who travel, and multiple offices, and still provide a method to conduct regular vulnerability scans against all of your user devices.

    Other Tenable Vulnerability Solutions

    In addition to Nessus, Tenable has also developed multiple security tools for dedicated purposes, such as Risk Management, Vulnerability Management, Web Application Scans, and Attack Surface Management.

    Nessus Compared To Other Products

    Nessus Alternative Products

    Although Nessus is considered one of the more established vulnerability scanning products, many competitors offer similar options or alternative features.

    Some of the more common comparisons for the Nessus Scanner include OpenVas. This is a free-to-use and open-source vulnerability assessment tool that can provide some similar scanning functions but does require some additional setup and isn’t available for Windows operating systems. For a detailed setup process for OpenVAS the following guide can be used.

    Another paid-for alternative solution is developed by Qualys. Qualys also provides multiple dedicated tools for Infrastructure scans, Web Application scans, and External Attack Surface scans which can be compared to the equivalent Tenable products.

    There is a long list of potential vulnerability scanning tools that could be used to scan your devices, with a more complete list provided here.

    Installing The Nessus Scanner

    Nessus has a simple installation process that has been refined over the years and accommodates multiple operating systems including Windows, MacOS, and multiple versions of Linux.

    To install Nessus, it can be downloaded here and will initiate an automated install process, which only requires several onscreen prompts to be followed. This install process will guide you to create a local user account and download all the latest plugins ready for your first scan.

    The installation process will also prompt you for an activation code. These activation codes are required for using Nessus, even when using the free Nessus Essentials version.

    The codes can typically be accessed through the online portal for Tenable once you have created an account, or can be sent to your email inbox when registering, depending upon whether you have purchased a license or are using the free version of Nessus Essentials.

    The Nessus User Interface

    Nessus User Interface

    Once installed, Nessus sets up a simple Web Server which runs locally on the device it was installed on. This interface is accessed through a web browser over Port 8834 by default.

    For the device Nessus was installed on, the address to access Nessus would be https://localhost:8834, where “localhost” refers to the local device Nessus is installed on and “:8834” indicates the specific Port on which Nessus is accessible.

    If accessing Nessus on a device other than your own, you would connect to Nessus in the same method, with a web browser, but would need to replace “localhost” with the IP Address or hostname of the device you are trying to access.

    After accessing Nessus in a web browser, you will be presented with a login page, where you can enter the credentials you created during the installation and setup process for Nessus.

    You will then be presented with the Nessus main dashboard, where you check for updates if necessary, under “Settings” at the top of the page and then select the “Refresh” icon next to “Plugins” and “Last Updated” on the right-hand side of the page.

    You will also be able to set up your first vulnerability scan from the Nessus main dashboard.

    Setting Up Your First Scan

    Tenable provides useful guides and tutorials for using each of their products and features, which are listed under their documentation pages.

    To set up your first Nessus scans there is a dedicated tutorial process that can be followed, however, the process is fairly straightforward.

    Configure Your Initial Scan Settings

    • Select the “New Scan” option in the top right-hand corner of the Nessus interface.
    • For your first scan, a “Basic Network Scan” can be used, but you can test further scanning options once you are familiar with the interface.
    • A “Name” can be given to your first scan such as “Test Scan” or any name you prefer.
    • A “Description” isn’t necessary to provide but can be useful if you intend to run lots of different scans for different purposes.
    • A “Folder” is also not required at the moment but can also be useful if you want to separate lots of different scans into groups for different devices or departments in your company.
    • The “Targets” are the devices which you plan to run a vulnerability scan against. This can be the device you have installed Nessus on, or other devices within your company. Hostnames, IP Addresses, or IP Address ranges are often provided as your targets.

    Getting Your Mac’s IP Address

    • To find the IP Address on a Mac you can go into “System Settings” and click on “Network”. If you are connected by Wi-Fi, select “Wi-Fi” and then select “Details”. This should show the Mac’s IP Address.

    Getting Your Windows IP Address

    • For a Windows 11 device use the Windows search bar to look for “Settings” and then select “Network and Internet. Depending on whether you are connected via “Wi-Fi” or “Ethernet” cable, select the appropriate option and copy the “IPv4 address”.

    Running Your First Scan

    • Additional options can be configured for any of your scans and an “Advanced Scan” has further configuration options, however for the first scan you can save your scan once you have entered a “Name” and your “Targets”
    • After saving your scan, you will be returned to the main dashboard, showing your saved scans. Your saved scan should now appear with a “Play” button on the right-hand side to start the scan, and a “Cross” to delete the scan.
    • Select the “Play” button on the right to launch your scan and you should now see a progress wheel begin turning with the scan time and date displayed.
    • Clicking on the row with your named scan running should then take you to a page with your scan details displayed.
    • This will show that it is running on the right-hand side of the page and will begin to populate with findings, with the number of findings displayed in the center of the page under the “Vulnerabilities” column.

    Reviewing Your Scans Output

    • Clicking on the “Vulnerabilities” will list further information for each vulnerability, including a severity rating, a vulnerability name, and other information.
    • The severity rating for Nessus follows the Common Vulnerability Scoring System (CVSS) which grades vulnerabilities from 0-10, with 10 being the worst.
    • Many of the findings displayed are likely to be “Info” or informational and show the information for each device that Nessus is able to confirm.
    • Other than informational items, there may be vulnerabilities identified, graded as “Low”, “Medium”, “High”, and “Critical”.
    • When selecting individual vulnerabilities, a further page will open to display information specific to that vulnerability, such as a “Description”, “Solution”, “Security Advisories”, and links to further information regarding the vulnerability.
    • Each of the security issues impacting your devices should ideally be reviewed and a process followed to remediate vulnerabilities.
    • A vulnerability management process can also be implemented within your business to effectively manage and resolve newly identified vulnerabilities as you conduct regular vulnerability testing of your devices.

    Authenticated scans can also be configured for Nessus, which can require some additional configuration but will provide much more complete vulnerability assessment results as authenticated scans will be able to review the installed software on your devices and the configuration of each device.

    Creating a Vulnerability Assessment Report

    Nessus Vulnerability Report

    Once your vulnerability scan is completed, you may need to provide the information to your security teams so they can follow the report’s recommended actions, and fix vulnerabilities.

    Reports for Nessus can be generated into HTML, to be viewed in a browser, CSV, to view as a list of items in a spreadsheet, or XML, which some other tools can process if you are using alternative tools for vulnerability management or vulnerability prioritization.

    HTML Reports

    • From the Nessus main dashboard, click on your scan once it has been completed.
    • In the top right-hand corner of the page, there will be a “Report” option you can click.
    • This will present a pop-up page, where you can select either HTML or CSV outputs at the top.
    • For HTML you will have several options for how vulnerabilities should be reported.
    • The “Complete List of Vulnerabilities by Host” report will create a summary list of identified items, which can be useful for management meetings or executive summaries.
    • The “Detailed Vulnerabilities by Host”, “Detailed Vulnerabilities by Plugin”, and “Vulnerability Operations”, reports will each provide a more detailed assessment of each identified issue, including the host-specific information which can be useful for security teams, involved with addressing the issues.
    • The version you choose between can be a personal preference for layout and report details.

    CSV Reports

    • For CSV reports a separate set of options will be available for the specific columns that will be included in the spreadsheet. These reports can be more granular and more detailed, and in some cases easier to work with than HTML reports.
    • Depending on how you want to prioritize vulnerabilities you may want to include all of the available columns and set up multiple filters within the spreadsheet.
    • With your report options chosen, you can select “Generate Report” which should then download the report to your local device.

    XML Reports

    • To generate the XML report you can select the “Export” option instead of “Report” and then choose “Nessus” as the output option.
    • This will begin the download process which will provide a file with the “.nessus” extension. The data in this file is in XML format and can be processed by other tools if necessary for risk prioritization, reviewing security posture, or other analyses.

    Automate Your Scanning With Nessus

    Nessus Automated Scanning

    Once a scan has been set up, using default policies or your own custom policy, you can automate the scan to run on a schedule.

    • From the main dashboard listing each of your scans, you can select one of the scans already configured, or you can define a new scan.
    • Under the “Basic” information for your scan listed on the left-hand side, there will be an option for “Schedule”.
    • Selecting this option provides an “Enabled” option which can be clicked to “On”.
    • This presents options for your scan “Frequency” for daily, weekly, monthly, or yearly. Other options are also available to configure your start date and timezone.

    Saving your scan with these options will automate your configured scanning policy so you can conduct regular scans against your devices.

    Setup Email Notifications When Scans Complete

    Within the settings for Nessus, it is possible to configure a connection to your email service and receive email notifications as scans complete.

    Setting this up will require an email user account, and in most cases, this account won’t be able to have best practice security options configured, such as Multi-Factor Authentication.

    To safeguard your email service and your accounts when using this email notification option, it is recommended to set up a dedicated “Nessus” account for sending emails.

    This account can be configured with no permissions and no access, other than the ability to issue the Nessus notification email.

    The password for the account should also be set up as a long, complex, randomly generated set of characters to avoid the potential of successful brute-force password-guessing attacks.

    Your specific SMTP Server settings will vary for your specific service but for Microsoft 365 or Google WorkSpace the following options can be used

    Configuring The Nessus SMTP Settings
    • From the Nessus main dashboard, select the “Settings” option at the top of the page.
    • This will present a new page, where you can select “SMTP Server” on the left-hand side.
    • The details for the SMTP Server should be completed as described in the following information for Microsoft 365 or Google Workspace.
    • Alternatively, to authenticate with an application password the following process is described for both Google Workspace and Microsoft 365.
    • After configuring your details it is recommended to use the option at the bottom of the page to “Send Test Email” and confirm everything is working as expected.
    Configuring Your Scan Email Settings
    • Once you have your email settings in place you can then configure your scans to send the email notification.
    • From the main dashboard listing each of your scans, you can select one of the scans already configured, or you can define a new scan.
    • If selecting an existing scan click the “Configure” option in the top right-hand corner of the page.
    • Under the “Basic” information for your scan listed on the left-hand side, there will be an option for “Notifications”.
    • This presents an option to enter the email address where you will receive notifications.
    • You can also create filters for your email notifications if needed. For example, you may only want to receive an email notification for a “High” or “Critical” vulnerability.
    • Filter for “CVSS v3.0 Base Score”, then “is more than”, and “6.9”. This will provide notifications for vulnerabilities that rank as CVSSv3 7.0 or above.

    Run Authenticated Scans With Nessus

    Nessus Credentialed Scans

    After entering the configuration interface for a Nessus Scan, there will be several tabs at the top of the page for “Settings”, “Credentials”, and “Plugins”.

    After entering the “Credentials” tab more options will be presented for the different types of credentials that can be provided.

    Running a credentialed Nessus scan can be useful as typically Nessus detects more issues after it is able to gain access to a device.

    A credentialed Nessus scan will produce a more comprehensive vulnerability assessment and highlight software flaws, configuration issues, and other security holes that otherwise would not have been visible when running the vulnerability scanner unauthenticated.

    While some specifics within the Nessus interface are quite straightforward for entering credentials, there can be several checks to make on the devices themselves. Nessus scans also need to be checked to ensure they are connecting correctly, authenticating correctly, and no issues are occurring during the scan.

    A more complete and detailed dedicated write-up for Nessus Credentialed Scans is provided here, to walk through the process of setting up and confirming authenticated scans for Windows, Macs, and Linux.

    Nessus Scanning and Penetration Testing

    Vulnerability scanning is often compared to more manual practices like Penetration Testing, carried out by security professionals.

    During a typical penetration test, Nessus vulnerability scanning tools or alternatives are likely to be used as part of the assessment process.

    By managing your own vulnerability scanner, you will be able to identify a larger number of vulnerabilities that can appear on an average penetration test report.

    However, the most critical difference between the two is the vulnerabilities that a scanning tool is unable to find. Unfortunately, there are still types of vulnerabilities that scanning products struggle to identify or are unable to identify.

    This is part of the value that penetration testing services can provide, in addition to providing useful context regarding your vulnerabilities and other specialist information.

    When reviewing the security of your business, the decision should not be between Vulnerability scanning or Penetration testing, but your vulnerability management program should utilize both, with varying schedules.

    Scanning can be used more frequently as an affordable and regular testing method and Penetration testing can be used more infrequently to verify your security and conduct a more in-depth evaluation.

    Conclusion

    Running A Nessus Scan

    With many types of cyber security risks, the attacks are carried out by malicious hackers but they are often non-targeted and impact businesses of all sizes.

    Due to this, companies must take some appropriate steps to secure their business and also protect their client’s data from potential compromise.

    For every business of any size, vulnerability scanning options are available. This can be either using free-to-use tools or licensed products.

    Heavily investing company resources in expensive cyber security solutions is not always necessary, and should not be considered as a barrier to entry for maintaining good security practices. Many free cyber security solutions are available, as outlined in the post “Cyber Security Solutions for the SMB“.

    With more tools becoming easily accessible and guidance provided by the government, compliance groups, and private companies, every company should utilize the available information to improve their security.

    Where you have any further questions regarding different cybersecurity solutions, our consultants are available to address any concerns you may have.

    Contact Us Today

    Similar Posts