Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus 3.0 released

from [Renaud Deraison] Network Security [Permanent Link]
Subject: Re: Nessus 3.0 released
Date: Tue, 13 Dec 2005 12:26:36 -0500 


Hi Erin,

On Dec 13, 2005, at 11:43, Erin Carroll wrote:

Renaud, I know you and some others from Tenable lurk on this
list. Any comments or hard numbers you could provide on the performance
differences (or other areas of improvement like reporting) would be very
welcome.


We're in the process of setting up a page with charts and everything, but here are the basic facts :

In terms of performance, the "raw" nasl3 performance is roughly 16x faster than nasl2, which puts the language on par with more traditional languages like perl (and faster than python). In some corner cases you can get an even more impressive performance improvement, for instance when using recursive functions.

Of course, since Nessus is a _network_ scanner, the bottleneck in the end is the network itself, so a nasl engine which is N times faster does not imply a scanner which is N times faster. An overall scan of our lab (local network) takes twice as less time as it used to. However some hosts are much faster -- in particular the Windows boxes (the reason is that our SMB API is more complex code-wise that what it used to be, so that's where one can see the biggest boost).

However, once again the final bottleneck is the network and the remote host -- if you scan one 100% firewalled host, you'll probably see little to no improvement over Nessus 2.2.6.

While we're talking about performance, I'd like to point out that over the last months, we've profiled all the plugins and fixed those which were too slow -- improving the engine makes no sense if you have plugins with long timeouts. So even users sticking to Nessus 2.2.x have probably noticed speedups over the last months.

In terms of other changes :

- When a scan with done with Windows credentials we now look at the version of the files on disk, not just the presence of a key in the registry. (of course, credential-less plugins are written whenever possible)

- In terms of reporting, we do not intend to duplicate efforts such as OSVDB or the Bugtraq database. We've changed the output format of the new plugins to be more readable and contain more information. The new format is also easier to parse. Example at <http://www.nessus.org/ plugins/index.php?view=single&id=20297>. Using 'nasl -V' you can also parse plugins fairly easily.

- Our risk metric uses CVSS. We are in the process of going back thru every plugin to change the description to the new format and adding CVSS ranking.

- We have also fixed many false positives over the last months. To such an extent that we'll soon announce a "contest" were anyone helping us fix 10 different false positives (and negatives) will obtain a free direct feed, so we can be sure the nail the remaining plugins which sometimes do not behave as expected (I'll repost about that very soon).

- Nessus 3 contains yet-unused features which will probably become handy someday. One of them is the ability to rate the 'confidence' of a vulnerability (ie: a banner check against Apache is probably 50% reliable since all distros backport the fixes, while a credential- less test for upnp is 100%)



Now the thing Nessus 3 does _NOT_ do is vulnerability management. Nessus is a scanning _engine_, not a ticketing system. Unfortunately, some analysts seem to confuse the two and (will probably) bash Nessus 3 for not managing the vulnerabilities it finds. Nessus 3 is to a vulnerability management system what libpcap is to ethereal -- it's a "sensor" which reports data. If you want a full blown vulnerability management solution we have products which do that -- I'll spare you with the advertisements.


Finally, feedback with regards to Nessus 3 is welcome -- just download it at <http://www.nessus.org/download/> and let me know how it fares for you !

Thanks,

                                        -- Renaud

--
Renaud Deraison
http://www.nessus.org
http://www.tenablesecurity.com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cracking WEP and WPA keys, Seth Fogie
Next by Date:  Re: Cracking WEP and WPA keys, Seth Fogie
Previous by Thread:  Nessus and Hydra, Fabien Degouet
Next by Thread:  Re: Nessus 3.0 released, Erin Carroll
Indexes:  [Date] [Thread] [Top] [All Lists]