Nessus is first and foremost a vulnerability scanner. Although it scans ports just like NMAP, Nessus takes the open ports into account and notifies you if these ports have potential security vulnerabilities attached to them.
Nessus is typically installed on a server and runs as a web-based application. Nessus uses plugins to determine if a vulnerability is present on a specified machine. As of this writing, over 34,000 plugins are available looking for vulnerabilities in anything from Operating Systems (Unix, Linux, Windows) to specific application categories such as Databases or Web Servers.
Administrators log into the Nessus interface and set up policies, scans and view reports. Policies are set to determine what specific vulnerabilities are scanned for. One policy may be set up to look only at database vulnerabilities and will be targeted to run against your database server(s). Another policy may only look for Windows vulnerabilities while it runs against your entire network. Policies in Nessus set what will be scanned along with how it’ll be scanned (Figure 1).
Once a policy is set up, you can schedule scans. Scans in Nessus allow you to specify which machines you want scanned against which policy along with when you want the scan to run.
Once a scan is completed you can view a comprehensive report detailing any potential vulnerabilities on the machines you scanned. The nice thing about Nessus is that it’ll make intelligent recommendations based on security best practices. WMI service enabled? That’s okay – Nessus includes “informational" alerts and has a detailed write up for each vulnerability discovered letting you know the severity of the vulnerability along with mitigation tips (Figure 2).
The cost of Nessus depends on who’s using it. If you are using it for home (non-commercial) use, Nessus has a “Home Feed" subscription that is free. Commercial subscriptions – referred to as “Professional Feeds" give you a year’s worth of plugin and software updates along with email based support. Professional Feeds are priced at $1200 per year. Nessus can be downloaded here.