Doug Vitale Tech Blog

Posts Tagged ‘vulnerability scanner

Tenable Nessus

If Nmap is the most popular free network scanning tool, then Nessus by Tenable is undoubtedly the most widely used commercial security application. Nessus is designed to comprehensively scan network hosts for vulnerabilities and generate reports based on its findings. During its scans, Nessus probes ports and checks for potential software flaws that could be exploited by hackers or malware. Some of these flaws include outdated and vulnerable software, improper configurations such as accounts with default passwords or without password protection, and the presence of risky services or daemons. In this way Nessus is very similar to BeyondTrust Retina; however, these two tools have very different user interfaces and Nessus is undoubtedly more popular and widely used, as multiple surveys on SecTools.org have shown over the years.

Nessus is available for both Linux and Windows. On both operating systems, Nessus operates as a server and as a client. The Nessus server (a Windows service or a Linux daemon called nessusd) performs the actual scanning while the client presents the user with an interface and passes commands to the server. The Nessus server utilizes plugins to determine which flaws exist on the target hosts. Plugins are small programs that look for specific vulnerabilities (Nessus contains tens of thousands of them). When Nessus can connect to the Internet it automatically downloads the latest plugins which will enable it to recognize and report on the latest known software weaknesses (such as those disclosed by Mitre). There is even an embedded scripting language (known as NASL) for writing your own custom plugins.

Nessus login interface

Nessus v5.x login interface

Nessus login interface

Nessus v4.4.x login interface

Read the rest of this entry »

Written by Doug Vitale

March 2, 2012 at 2:08 PM

Retina Network Security Scanner by BeyondTrust

Unlike most of the software applications reviewed here, Retina Network Security Scanner by BeyondTrust is not available as freeware. As it is a highly capable and fully-featured security vulnerability scanner, it is distributed as commercial software. The license pricing for Retina is $1,200. The license is actually one year subscriptions as Retina will not function after the one-year period is over unless you renew.

While your subscription period is valid, you can download and install updates for Retina. These updates take two forms: patches for the Retina scanner itself, and vulnerability definition updates that allow Retina to recognize the latest vulnerabilities and exploits. In this way, Retina must be kept up to date in the same way that antivirus scanners do.

Retina must be installed on the Windows operating system; supported versions of Windows run from Windows 2000 to Windows Server 2012. Retina can scan all networked hosts regardless of operating system, however.

Retina is one of the main network scanners used in the Department of Defense (DoD). In January of 2013 the DoD continued its long relationship with BeyondTrust (formerly known as eEye) by renewing its vulnerability management contract between DISA and BeyondTrust.

Retina interface

When you launch Retina you will see the main user interface as depicted below.

Retina version 5.19.4.2737 main interface

Usage options are divided among four interface tabs: Discover, Audit, Remediate, and Report.

Read the rest of this entry »

Written by Doug Vitale

February 13, 2012 at 2:23 PM

%d bloggers like this: