SummaryEveryone needs a good network vulnerability scanner and it would be really nice if it was free. Right? Well, as just about every security maven knows, Nessus is that tool. Nessus started life as a completely free product. Introduced in 1998 by Renaud Deraison, this product focused on Unix initially. Today, it still is free for personal use, but commercial users must pay a fee.
Nessus has found its way into a very large number of commercial scanning products through the development of test scripts by the largest open source community in the security world. Between the development of vulnerability test scripts by Tenable engineers and contributions by the open source community, Nessus plug-ins cover more vulnerabilities closer to the discovery of the vulnerability than any other tool of its type.
Nessus has become the basis for several appliances, including one from Tenable. But whether in its client-server configuration or as an appliance, Nessus is the most comprehensive vulnerability scanner available. For years, Nessus was the only tool needed for routine vulnerability scans. Today, that state of affairs has changed little. The difference is that today it is far more configurable and is much more efficient.
Tenable has a renowned team. Besides Deraison, Ron Gula, co-founder of Tenable, is the CEO/CTO, and Marcus Ranum, of firewall fame, is its chief security officer. This group has the experience and vision to keep the company and its products in the forefront of security tool companies.
For its solid performance, the huge number of plug-ins and the solid support from Tenable, Nessus was and remains a vital and useful solution. Even with tools such as Core Impact (see pg. 53) for penetration testing, we need a good vulnerability assessment tool. At Norwich University where I teach, we use Nessus as our primary vulnerability assessment teaching tool. We follow up with pen testing using Impact to validate suspected vulnerabilities discovered by Nessus. This lets us test those vulnerabilities for exploitability.