I absolutely agree. This is a little more advanced configuration, but probably worth the effort.
Rgs, Robert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 12:51 AM To: Robert Keith Subject: RE: Nessus Detecting Servers without MS Patch In my humble opinion, the login of nessus to the MS server is best performed with SSH and key exchanges. The "nessus" account I use for these tests DOES NOT have administrator privileges but is only allowed to READ the registry. This is much safer and my windows administrators are more confident... Cordialement / Mit freundlichen Gr��en / Best regards, "Robert Keith" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 14/06/2005 00:36 To cc <[email protected]> Subject RE: Nessus Detecting Servers without MS Patch You can try to select only the plugins you want to test for. This is done by selecting the plugin profile, and under the plugins tab, select the "select plugins" button. There is a group of plugins only relating to Windows Vulnerabilities. If you also select the "silent dependencies" button, this may trim the report to just what you want without the generic IP vulnerabilities. Also, if you are scanning for Windows XP systems with the firewall on, you will need to turn off the ping tests inside the "ping the remote host". Good luck. Robert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TStark Sent: Monday, June 13, 2005 1:09 PM To: Robert Keith Cc: [email protected] Subject: Re: Nessus Detecting Servers without MS Patch Wow, great responses! Thanks! I have the products you have described, I have also tried UpdateExpert which is great for tracking down servers that DO have a particular patch but I need to hand in a report with evidence of who does NOT have patches that make them vulnerable to remote code execution. The other apps give me too much information considering I have to scan 300+ servers that is why I booted up Fedora and brought up Nessus. Robert, you are correct, I am fairly new to Nessus, I have used it to compare our vuln scans but never really dug into it and took advantage of all the plug-ins. I'll try what you had described and see what I can do with it. I'd like to narrow down the search to only look for remote code execution but that might be asking too much.... But it would make a nice report to say "this list of servers are vulnerable..." I did read that there are additional plug-ins that can be downloaded, maybe I should check out that list. Thanks again for all the e-mails!! Nice to get this much of a response!! Tony On 6/13/05, Robert Keith <[EMAIL PROTECTED]> wrote: > > > Sounds like you are new to Nessus. > > 1. Install Nessus, and the windows client NessusWX (if desired, otherwise > use the Xterminal version). > > 2. Configure a scan profile for the subnet containing your windows systems. > > 3. Update this profile, select the "Configure plugins" under the plugins > tab. > > 4. Add the SMB user and SMB Password entries, this needs to be a user with > "administrator" privileges, to be able to access the registry. > > > This will scan windows and list all the vulnerabilities you asked about. > > Be aware: Windows XP systems have a firewall by default, and this will > prevent these scans unless they have the file share enabled, or have ports > 138, etc. open. > > Also, older Windows systems may or may not have remote registry access > services active. > > > Rgs, > Robert > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of TStark > Sent: Monday, June 13, 2005 10:46 AM > To: [email protected] > Subject: Nessus Detecting Servers without MS Patch > > Hello all, > > I have been asked to audit our servers with Nessus and find all > computers that do not have MS patches which correct vulnerabilities of > a remote code execution attack. How can I use Nessus, on Fedora 3, to > find if a server has a particular patch or this vulnerability only? > > Thanks everyone for your help!! Nice to have a place to ask these questions! > > Tony > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
