A developer of the open-source network scanning tool Nessus gave attendees of the Black Hat Briefings conference here a sneak peak of the upcoming version of the software Wednesday, touting better and faster scans, improved reporting features and reduced installation time as among the benefits of the new version.
Renaud Deraison, one of Nessus' core developers, made the journey from France to address a room crowded with people, some standing or sitting in aisles to view the demonstration. Nessus, currently at version 1.0.8, is a free security tool, licensed under the GNU Public License, or GPL, a license popular in the open source and Linux communities that offers less restrictive copyright terms. The software runs on Linux, BSD Unix, Sun Microsystems Inc.'s Solaris and performs checks for more than 700 network security issues.
The system is designed around a client-server model, Deraison said, in which the server actually performs the security check and the client is used as an interface to configure and control the server. Nessus also employs a plug-in architecture that allows each different plug-in to perform a specific task and for plug-ins to work in concert with each other. Because of their ability to cooperate, plug-ins can be used for faster and more complex security checks, he said.
Nessus also employs a shared information repository, called the Knowledge Base, where information about previous checks is stored. The software can create reports in XML (Extensible Markup Language), HTML (Hypertext Markup Language), plain text, LaTeX (a text data format) and more.
Version 1.2, which will be released in September or October, will build on these features to create a better tool for security staffs, Deraison said.
The new version of the software includes a faster installation and an option to install over the Internet using a script launched from Nessus' Web site. It also reduces the bandwidth overhead typically needed to perform full network security checks (which can often run as much as 5M bytes per machine, he said) because Nessus 1.2 can use data obtained from other security tools like nmap, thus avoiding the need for a redundant scan. Reducing the bandwidth used will lower costs of scans as well as make them less intrusive to the network they are checking, he said.
Nessus 1.2 will also run faster than previous versions because it will be able to perform scans in parallel and will be able to store previous scan information in the Knowledge Base, cutting down on the number of tests that have to be run, Deraison said. The new version will be able to scan for security vulnerabilities in generic CGI (common gateway interface) scripts, which are commonly used on Web servers, and will even be able to do some limited scanning of custom CGIs, which are often vulnerable to simple, older attacks, he said. Scans will also be able to be run continuously in the background.
Lastly, the tool will offer shorter reports, providing only the information that is different since the last scan, thus making the security staff's jobs easier, he said.
And lest anyone wonder what's next, Deraison said that Nessus version 1.4 is already in the planning stages, and will include better reporting, as well as clustering features.