No-frills security scanning
Nessus and Internet Scanner prove less costly but less capableFollow @infoworld
While we weren’t presented with any helpful network information or recently discovered vulnerabilities when we logged in to Nessus, as we were with Qualys and Foundstone, we did have a functional interface to initiate our scans. Up-to-date vulnerability information and scripts can be gathered simply by typing the command nessus-update-plugins.
Nessus’s reporting options match up with Internet Scanner, but fall far short of Qualys and Foundstone. Nessus does present both a basic and a technically-oriented report, and it includes some limited color graphs and pie charts via HTML. It also lets you compare reports from two scans taken at different times, creating a data trend of sorts. But because Nessus lacks a database, it cannot provide the historical trending reports necessary to track remediation efforts progress or indicate whether your network is becoming more or less secure over time. Here again, third-party help is available; Inprotect allows customization of Nessus to add a database for storing historical data and scheduling scans.
When scanning, we found Nessus to be fairly snappy, depending on the hardware platform. Nessus helpfully notes whether a server stopped responding during a scan, and we found its ability to recognize possible false positives useful. We also liked Nessus’s passive, non-destructive scanning mode, which identifies vulnerabilities without launching exploits that may crash a host or service. The option of using the Nessus attack-scripting language to build our own security tests pleased us, too.
To its credit, Nessus also supports a PKI of sorts, using a certificate for authentication. We could also create accounts and access rules for different users. However, because management of the Nessus server is based on command-line parameters, it can be a bit clunky.
In short, Nessus isn’t the most feature-rich or prettiest vulnerability assessment product on the market, but we can’t complain about what we get for the price. Although we did have some problems with scanned hosts freezing or locking up during Nessus scans, the machines returned to normal once the scan was completed. Overall, we would like to see stronger reporting, including trending analysis, and a Web interface would be a plus. But if your needs are simple, Nessus does the job of identifying vulnerabilities and recommending fixes, and the Knoppix/Nessus combination goes a long way toward making the scanner easy to use.
A Mixed Bag
Internet Scanner requires MSDE (Microsoft SQL Server 2000 Desktop Edition), which must be downloaded and installed separately; we had some problems loading MSDE on our test machines. We then installed the Internet Scanner package, and encountered several annoyances, such as having to agree to the license agreement twice and clicking four dialogs to specify a directory for the install. These problems were trivial but indicative of the frustrations we experienced with the ISS product. Not so trivial was the instability of the Internet Scanner application, which crashed repeatedly during testing.
Internet Scanner’s management interface is straightforward and divided into three panes. The first pane is the Hosts Tree, which provides detailed information on machines, vulnerabilities, services, and accounts. The next pane is the Properties View, which lists discovered hosts and specifics related to that host including OS ID and MAC addresses. The third pane is the Status View, which reports progress during a scan.