Laboratory assignment 3Vulnerability scanning with Nessus
In this laboratory assignment you will use the
vulnerability scanning tool togather information about and to assess the security of a system. The purpose of thelab is threefold; 1) to get some hands-on experience with a common vulnerabilityassessment tool; 2) to learn common signs on insecure practices, and 3) to becomea more security aware computer user.
Unless you are already familiar with Nessus, you are encouraged to read the
NessusUser’s Manual, section 4
, before the lab occasion. The manual is available at
Work your way through the labpm. When you encounter a paragraph beginningwith the text
you should do the task. To report your ﬁndings andprogress there is a reporting sheet available for download from the course lab page.The sheet is called
Report sheet lab3.pdf
.When you have ﬁnished the assignments, you need to show the completed reportsheet for the supervisor. Be prepared to motivate and discuss your results.
4 Nessus architecture and lab setup
Before attempting to connect, be sure to read the entire paragraph 5.1.Nessus is a vulnerability scanner. It performs port scans and is able to test a targetcomputer system for over 10000 known vulnerabilities. The Nessus architecture con-sists of two parts; a server daemon (
) and a client providing a graphical userinterface (
) for interaction with nessusd. nessusd runs on a separatehost and can serve multiple NessusClients simultaneously.To use the Nessus service, each lab group has a certiﬁcate generated. The certiﬁ-cate allows you to connect to the nessusd without supplying username and password.The Nessus server runs at host
and uses SSL for secure con-nection.