Network Security

Question 14

Which precautions should an administrator consider before using Nessus?

To prevent Nessus from adversely affecting the network, it is necessary to first construct a test lab of non-production machines identical to those which will eventually be scanned. The test lab allows you to configure these test machines, the Nessus test settings and iron out any issues which could possible occur before running the Nessus scan on the actual environment. To test if Nessus is running properly, it is useful to create several “honeypots” or test subjects with known vulnerabilities and then see if Nessus detects them. Also, because the Nessus system is capable of having its tests updates very frequently, it is necessary that all Network Daemons to be used in the test are running the same update version correctly.

Some of the problems are [B1]:

  • inadvertently doing a DOS attack on the whole network
  • crashing vulnerable services
  • messing up NAT and routing tables by overloading them