Scanning in a cybersecurity context can be regarded as the means to identify or detect live hosts, services, ports, and architecture of a system meant to be targeted. Architecture in a cybersecurity context is basically what the system is made up of or what it is built around. This involves but is not limited to the Operating System, services it’s running e.t.c. I did talk about why scanning should be done exhaustively briefly earlier on and this is basically because whatever gets picked during a scan is what would be researched just to perform exploitation. Scanning is quite a wide topic to talk about and there are quite a lot of ways to get scanning done and when it comes to scanning, try not to settle for only a method or tool, just like performing reconnaissance or information gathering, scanning should be done exhaustively. The main reason why I did say scanning should be done exhaustively would be explained in detail later on.
Thus, scanning should be done exhaustively just so a lot of information can be noted down. Furthermore, scanning is also quite ideal when it comes to finding vulnerabilities within a network and threats within any given network. There is a huge misconception between vulnerability and threat in cyber security and I would try and get this clarified shortly.
Nessus is one of the vulnerability scanners out there and I remember a couple of years back when I first got introduced to this amazing piece of tool, I was shocked at how powerful it was.
Nessus is a vulnerability scanner and before I dive deep into it, I believe I should clear up a misconception related to the difference between vulnerability, risk, and threat. When it comes to cybersecurity and penetration testing, Most people think they are the same but I’m happy to let you know there’s a difference between both and I would give you a technical difference as well as a real-life scenario as to why it’s different.
Vulnerabilities can simply be seen as a weakness in an asset and this could be hardware, software, web servers, website, and procedures e.t.c. Just see vulnerability as a loophole a hacker needs to hack a system.
Threat on the other hand is something that capitalizes on a vulnerability and is capable of damaging or destroying an asset. While risk is the possibility for assets to be damaged or destroyed. Now let us look at a real-life scenario detailing this.
Consider you have a warehouse where you’re storing some valuable belonging of yours, and the door to this warehouse is a very old door that can be brought down by just a kick. The door being very old is the VULNERABILITY in this instance, the possibility of you losing your belongings is the RISK and the THREAT in this instance would originate from this old door in your warehouse. It might look like the same but you need to understand the fact that there would be no threat in the absence of a vulnerability.
Diving right back into Nessus, it is a vulnerability assessment tool by Tenable. It is quite beginner-friendly as this is a Graphical User interface tool(GUI).
Nessus’ capabilities are endless because it is capable of performing;
- Network scans
- Host discovery
- Mobile Device Scan
- Malware scan
- Web Application vulnerability scan and a whole bunch of other stuff.
According to Tenable, Nessus is #1 in Accuracy and coverage.
Furthermore, it should be noted that this is a subscription-based service and payment needs to be made to Tenable to access this tool. However, there is still a free version that can be used to explore without having to pay any fee.
Finally, the video below dives into how to get started with Nessus and how to also install it on your computer system, and finally, it showcases Nessus in action.
