How to scan using Nessus : Advance and Compliance Scan
How To Run Your First Vulnerability Scan with Nessus
Nessus is a powerful vulnerability scanning tool used to assess the security of computer systems, networks, and infrastructure. It can perform various types of scans, including vulnerability assessment scans and compliance scans. Here, I’ll provide an overview of how to perform an advanced network vulnerability assessment scan and a compliance scan using Nessus.
Advanced Network Vulnerability Assessment Scan:
1. Launch Nessus:
— Start the Nessus application on your system.
2. Create a New Scan:
— Click on “Scans” in the left sidebar.
— Click the “New Scan” button to create a new scan configuration.
3. Scan Configuration:
— Give your scan a meaningful name and description.
— Select the target for your scan. You can specify a single IP address, a range of IPs, or import a list of targets.
4. Choose Scan Policy:
— Select a scan policy that aligns with your goals. Nessus provides predefined policies for different types of scans, including basic network scans, web application scans, and more. You can also create custom policies.
5. Configure Scan Options:
— Customize scan options, such as the maximum number of hosts to scan concurrently, the timeout values, and other advanced settings based on your network and requirements.
6. Schedule the Scan (optional):
— If you want to run the scan at a specific time or on a recurring basis, you can schedule it.
7. Start the Scan:
— Click the “Launch” button to initiate the scan.
8. Review Scan Results:
— Once the scan is complete, you can review the scan results to identify vulnerabilities, assess their severity, and take appropriate action to remediate them.
Compliance Scan:
Nessus can also perform compliance scans to check whether your systems and network components adhere to specific security standards (e.g., CIS benchmarks, NIST guidelines). Here’s how to perform a compliance scan:
1. Create a New Compliance Policy:
— In the Nessus interface, go to “Policies” and click the “New Policy” button.
— Select the compliance standard you want to audit against (e.g., CIS, NIST).
2. Customize the Policy:
— Adjust the policy settings to match your compliance requirements. You can specify which checks to include or exclude and set severity levels for non-compliant items.
3. Create a New Scan:
— Follow the same steps as described above for creating a new scan, but select the compliance policy you just created as the scan policy.
4. Configure Other Scan Settings:
— Set up the target, schedule, and other scan options as needed.
5. Start the Scan:
— Launch the compliance scan by clicking the “Launch” button.
6. Review Compliance Results:
— Once the scan is complete, review the compliance results to identify areas where your systems may not be in compliance with the chosen standard. Take action to remediate any non-compliant items.
Nessus provides detailed reports that can help you prioritize and address security vulnerabilities or compliance issues efficiently. It’s essential to keep Nessus up to date and follow best practices for scanning to get accurate results and maintain the security of your network.
