Nessus: Definition, Architecture and Features

What is Nessus?

Nessus is a proprietary vulnerability scanner developed by Tenable Inc. Nessus is an open source (under GPL license) network vulnerability scanner that has a database of common vulnerabilities which is matched with the vulnerabilities of the system. Nessus works by testing each port on the server/computer and then finding any potential vulnerabilities.


Architecture of Nessus

1. Modular Architecture

It provides flexibility to the tester to deploy the scanner and connect to the client from any machine with a web browser.

2. Plugin Architecture

It provides flexibility to the tester to add plugins and groups into one of 42 families. Through this, users can easily add their test by selecting specific plugins.

Features of Nessus

  1. Nessus is written in NASL language which is Nessus Attack Scripting Language which is designed specifically to write security tests easily and quickly.
  2. Nessus has an inbuilt feature of auto-updating its database which helps to update and disclose new vulnerabilities.
  3. Nessus can test multiple hosts simultaneously.
  4. Nessus does not expect the target hosts to follow IANA-assigned port numbers.
  5. If two or more servers run on the same host but on different network ports then Nessus will identify and test all of them.
  6. Nessus categorizes vulnerabilities based on the informational risk level, low medium, high and critical.
  7. Nessus allows you to add extra plugins as per need.
  8. Nessus will also tell which plugin should or should not be used against a remote host.
  9. Certain checks may prove to be detrimental for some networks. For avoiding service failure, enable the "safe check" option in Nessus.
  10. Nessus is fully supported on all major operating systems like windows, Linux, Mac OS, etc.
  11. Nessus can be easily integrated with tools like Nmap and Nikto.
  12. Nessus allows the user to take the report in pdf, HTML, etc format.
  13. Nessus can also detect missing security updates and patches.

Disadvantages of Nessus

  1. Hard to configure for beginners.
  2. The free non-commercial license is limited to up to 16 IP addresses that must be within the same household.
  3. Limited support for ubuntu, Fedora core, Free BSD, and Debian.
Click here to know more about Nessus.

Popular Posts

Conducting Polymers: Definition, Examples, Properties and Applications

Crime Scene: Definition, Types and Characteristics

Raman Spectroscopy: Principle, Instrumentation and Applications