The video below is part 2 in our series of the top ten things you didn't know about Nessus and covers how Nessus scans and audits routers, firewalls, virtualization, and integrates with your patch management systems.

Further Reading:

• Nessus Cisco Compliance Checks
• Junos Local Patch Checking Support Added to Nessus
• Microsoft Patch Management Integration with Nessus - Part 1 WSUS

The video below is part 3 in our series of the top ten things you didn't know about Nessus and covers Nessus plugins that provide outstanding capabilities beyond detecting traditional vulnerabilities:

Further Reading:

• Tip: Finding Open SMB File Shares
• USB Device History Auditing with Nessus
• The Value Of Credentialed Vulnerability Scanning

The video below is part 4 in our series of the top ten things you didn't know about Nessus and covers Nessus licensing and usage:

Further Reading:

• Tenable Charitable Organization Subscription Program
• Tenable Information Security Training Organization Subscription Programs

The video below is part 5 in our series of the top ten things you didn't know about Nessus and covers how to schedule scans from within Nessus:

Further Reading:

• Nessus 4.4.0 Released! (This post quickly covers Nessus scan scheduling as it was introduced in version 4.4.0.)
• Security Metrics - How Often Should We Scan?

The video below is part 6 in our series of the top ten things you didn't know about Nessus and covers information related to IPv6 scanning using Nessus:

Further Reading:

Nessus - IPv6 Scanning

Nessus has several different plugins and techniques for helping you with the fight against malware. The video below is part 7 in our series of the top ten things you didn't know about Nessus and covers 3 different ways Nessus can be used to help detect malware:

Below are a few more examples of how Nessus can detect malware:

1. Nessus Network Checks

Nessus plugins in the "Backdoor" plugin family detect certain types of generic behavior on listening services that are indicative of malware. For example, plugin #35322 detects the presence of an HTTP backdoor. Nessus detects the web server remotely and identifies a condition where the web server, regardless of the request, returns a Windows executable:

Next up on our Nessus top ten list is #8, which covers how to use Nessus to find web application vulnerabilities. I've broken out the process into four different methods supported by Nessus:

1. Test For Known Vulnerabilities

Nessus contains over 2,600 plugins that can fingerprint and detect known vulnerabilities in web applications. Any plugin listed in the "CGI Abuses" or "CGI Abuses: XSS" plugin families is written to enumerate vulnerabilities that have been publicly reported in a web application product, whether open source or commercial. To enable these plugins you must enable CGI scanning in a Nessus policy's "Preferences" section. Even if you enable the plugin families they will not execute unless CGI scanning is enabled.

Below is an example of one such plugin's output:

The Nessus Top Ten List

This is the second post in a series of ten that will cover “The Top Ten Things You Didn’t Know About Nessus”. The first, starting with 10 in David Letterman top ten list fashion, is titled “There's More Than One Way To...” and covers the benefits of both credentialed and uncredentialed vulnerability scanning. Each item on the list will have a blog post and video associated with it. And now, on to number 9: “Nessus Detects Misconfiguration”.

Misconfiguration Leads To Compromise

Nessus helps you answer the question “Do my systems have uniform configuration settings?” Why is this important? Systems are increasingly more complex, and maintaining control of your configurations leads to systems that run smoother and are more resilient to attack. A recent case study that supports this concept was presented in a blog post titled "What do you mean privilege escalation is not HIGH RISK?".

Next up on our Nessus top ten list is #9, which covers how to use Nessus configuration auditing to discover information about your system configurations. The following video presents use cases and examples, from PCI compliance to detecting viruses:

Please visit Tenable's YouTube channel for more Nessus and SecurityCenter videos!

Drum Roll Please...

Being the Product Evangelist for Tenable Network Security gives me some interesting insight into how the community views the features of our products. I meet some people who provide us with awesome suggestions for improvements and I also meet some people who scan their networks at semi-regular intervals using the default set of policies, unaware of the huge variety of features that Nessus includes.

Hence the project I have been working on: with help and support from the community and my fellow co-workers at Tenable, I have developed what we understand to be a list of the top ten things that people may not know about Nessus.

In part one, I want to explore the differences between traditional network-based scanning and scanning with credentials. So, in traditional David Letterman top ten fashion, we’ll start with number 10!

#10. There's More Than One Way To...