Home > Ask the Networking Experts > Enterprise security with Michael Gregg Questions & Answers > How to interpret test scan results to assess network vulnerability
Ask The Networking Expert: Questions & Answers
EMAIL THIS

How to interpret test scan results to assess network vulnerability

Michael Gregg EXPERT RESPONSE FROM: Michael Gregg

Pose a Question
Other Networking Categories
Meet all Networking Experts
Become an Expert for this site


Network security news, advice and technical information
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 08 April 2008
I am just stepping into the security domain. I have been asked to work with the Nessus tool to begin with. I just have one basic query of how to utilize Nessus' full capabilities: I installed the Nessus in an XP system and ran some test scans. What is the best means of deriving or interpreting the results so as to assess the network vulnerability? Please tell me if I am headed in the right direction.

>
EXPERT RESPONSE

Nessus is an open source, comprehensive cross-platform vulnerability scanner with CLI and GUI interfaces. The basic components of Nessus include:

  • The Nessus Client and Server Model
  • The Nessus Plugins
  • The Nessus Knowledge Base

Nessus works by performing a step-by-step review. Here are the basic steps:

  1. Inventory network devices
  2. Identify targets
  3. Create a plugin policy
  4. Launch a scan
  5. Analyze the reports
  6. Remediate and repair

Most networks are rather large so instead of trying to scan an entire network, classify the hosts into groups and then scan each group. Just from the data standpoint this will make the job easier as you will have such a massive amount of data to review.

Now comes the last and what some may feel is the hardest step: remediate and repair. Most vulnerability assessment tools like Nessus offer remediation advice, and although the tools have proven to be accurate, your mileage may vary. Therefore, I recommend that you carefully research all remediation plans before taking any action.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Enterprise security with Michael Gregg
How can I block my competitor's IP address range from my website?
What software monitors and locks users from accessing my router?
Why do we need IP security at the network layer?
What's the difference between VPN pass-through and multi-tunneling?
What is a genetic algorithm and where can I learn more about them online?
Why implementing adequate security challenges LAN administration
What security measures are recommended for each level of the TCP/IP model?
What are the best methods for handling rogue access points?
What should I know before implementing a packet sniffer?
Will WPA2-PSK keep wireless networks safe from war drivers?

Network Security Monitoring
Poor data-loss prevention practices almost cost Intel a billion
How can I block my competitor's IP address range from my website?
Hospital gains network visibility by convincing vendors to collaborate
What software monitors and locks users from accessing my router?
Data leak prevention starts with trusting your users
NagVis -- 'Nagios: System and Network Monitoring, Second Edition,' Chapter 18
What is a genetic algorithm and where can I learn more about them online?
Networking data visualization not just for pointy-headed bosses
Visual Security Analysis -- 'Applied Security Visualization,' Chapter 5
SIEM platform secures university's open network

Network Security Products
How can I block my competitor's IP address range from my website?
Retrieve network resources and email after installing ISA Server 2004
The TPM chip: An unexploited resource for network security
Hospital gains network visibility by convincing vendors to collaborate
What software monitors and locks users from accessing my router?
As threats grow, crowdsourcing could be the future of network security
Securing the new network architecture
What security measures are recommended for each level of the TCP/IP model?
Securing the new network architecture: Security for distributed, dynamic networks
What is data loss prevention? -- An introduction to DLP

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
deep packet inspection (DPI)  (SearchNetworking.com)
FCAPS  (SearchNetworking.com)
Nessus  (SearchNetworking.com)
netstat  (SearchNetworking.com)
port mirroring  (SearchNetworking.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Expert networking advice and tips for IT professionals
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersNetworking Product Trials
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2000 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts