02233

Netværkssikkerhed
Network Security

• Introduktion
• Nessus Scan
• Nessus Questions
  • Question 1
  • Question 2
  • Question 3
  • Question4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  • Question 11
  • Question 12
  • Question 13
  • Question 14
  • Question 15
  • Question 16
  • Question 17
  • Question 18
  • Question 19
  • Question 20
  • Question 21
  • Question 22
  • Question 23
  • Question 24
  • Question 25
• Snort Questions
• References

Question 6

How is Nessus updated - in purely technical and administrative terms?

Nessus works in much the same way as anti-virus software in that the plugins which are used to check for specific vulnerabilities should be kept up to date - they are continuously being written as new vulnerabilities are discovered. The plugins themselves can be written in any language, though usually it is NASL which is Nessus' own language specifically designed for vulnerability testing. Each new plugin is usually written by someone in the Nessus community to test for a specific known vulnerability and/or industry best practices. When a new vulnerability is released to the public, a new plugin will typically be written in response and then submitted to nessus.org. The developers review it and then add it to the approved plugin list. For high risk, high profile vulnerabilities the plug-in is often released the same day the vulnerability information is publicly released. The "nessus-update-plugins" command (as root) allows you to update the plugins in your own nessus system from the maintained list, but it is also possible to write your own plugins and get other plugins from sources other than nessus.org.

Bjarne D Mathiesen

Michael Pantridge

Thabet Al-Assdi

Chang Jensen