Gallery

Lock up your servers!

Posted on 29 Jun 2006 at 12:18

Ian Wrigley and Simon Brock discuss how to keep your systems safe and secure from attacks

Nessus scans a computer - either the local machine or some, or all, of your network - for a huge range of vulnerabilities, and produces a report that lists any potential problems and their solutions. For example, you may be running software versions known to have security holes, and Nessus will inform you of this and give directions on where to find updated versions. The software consists of two parts: a server and a client. The server is the software that performs the actual scans, while the client connects to it and specifies which machines to scan and what vulnerabilities to look for. The server is available for Mac OS X, Linux and FreeBSD, while clients are available for all those OSes and for Windows too. When configuring the server, you can specify different users who have different privileges - so one person might run a scan on only one set of machines, while another could be granted access to scan the entire network.

Once the server has started up - which takes a considerable amount of time when it's first run, since it needs to process all the plug-ins that define the vulnerabilities - you can connect to it via the client. From there, you can determine which machines to scan and what to scan for, ranging from a basic port-scan to an exceptionally detailed list of vulnerabilities. If you provide Nessus with login details, the software will log in to each machine as it scans them, to check software versions and so on. The range of vulnerabilities Nessus can look for is enormous, and it knows about not only Unix, but also Windows, so it can tell you if you have unpatched boxes on your network that require your attention. The report produced after a scan can be exported as HTML, as plain text (although this option didn't appear to be available on the Mac OS X client we were using) or in Nessus' own proprietary format, which can be re-imported at a later date.

Nessus is an extremely capable vulnerability checker, and new plug-ins are released daily as fresh vulnerabilities are detected. If you're a network manager with a large number of potentially vulnerable machines, it's well worth paying the $1,200 a year for immediate updates; otherwise, the free seven-day-delayed updates will probably be fine.

Simple network scanning

If you simply want to know what devices are connected to your network and what ports they have open, Nmap may be what you're looking for. This venerable program scans either specific machines or a network range, and reports back on what it finds, including, whenever it can, operating system information. The software takes some time to run, as it scans all the ports on each system you instructed it to inspect, and there's no indication of progress until the scan is complete. This is a command line-only program, so you'll just see a flashing cursor until it starts to dump out information. For that reason, you may find the best way to run Nmap is to redirect its output to a file, so you can start it running then come back later and inspect the file for its output.

Although Nmap doesn't look for specific vulnerabilities, it's very useful if you want to ensure you haven't left open ports on machines that shouldn't have them open and, since it can scan an entire network address range, it could also alert you to the fact that there's an unauthorised machine on your network.

One neat feature of Nmap is its operating system detection, which uses some very clever (and very technical) techniques to determine as best it can what OS the target machine is running. It isn't perfect, but will give you a good idea of exactly what type of boxes are currently on your network.