Validating Credentialed Nessus Scans (Part 1)

Posted on April 4, 2012 by Seth

Authenticated Nessus scans are good.  For many reasons.

That said, when they fail, it can be difficult to figure out WHY they fail.  This will be the first in a 3 part series of troubleshooting credentialed scans (Part 2).  Today’s post about what you’ll need to do this troubleshooting.

Nessus

Yes, you will need a copy of Nessus.  You don’t need the professional feed, but it can be quite useful if you have to end up calling Tenable Support for something specific.  Version 4.4 or above.

Scanner

Surprise, you need something to run Nessus on.  You can run Nessus on almost any platform, but for troubleshooting purposes I highly recommend one of the Unix flavors.  Stay away from Windows (just makes it more complicated in my opinion).

Target(s)

You should have a test network. I’ll say it again.  HAVE A TEST NETWORK.  It should have a variety of machines in it that match the settings in your production network.  It doesn’t have to be a separate VLAN/subnet, but know what you’re scanning.  The various versions of Windows can all be slightly different, so have targets representative of your actual scan ranges.  You should also have access to the machines in question, RDP or physical works best, but console works too.

Support

If you are not the admin of the machines you’re scanning, have their contact information.  Have their permission.  Depending on the target, schedule the scans with the system owner so they don’t impact other activities (though this might be for naught if YOU HAVE A TEST NETWORK (ok ok, rant done).

Documentation.  Have offline copies, but they update this stuff often.

It should also go without saying – Internet access.  While this series will try to cover the major issues you may run into, there are bound to be items that I miss.  Google your errors.  Post on the Tenable Discussion Forum.  Send me your solutions. :)

Other Tools

Your scanner should have the following tools installed on it, aside from Nessus.  (All of these have Windows/Unix versions if you ignored my advice above)

  • nmap
  • netcat
  • smbshell (link)
  • smbclient (‘nix only)
  • SSH Client
  • stunnel
  • Telnet Client
  • Wireshark/tcpdump
This entry was posted in Nessus, Vulnerabilities. Bookmark the permalink.