Hi,
I am an undergraduate student beginning some research on the security
holes that Nessus itself could introduce to a system. I am hoping this is
considered a part of developing Nessus. This is a precursor to work I am
planning on doing with Nessus and DOD's IAVA system. Any information or
resources about concerns that have already been identified, possible
weaknesses and the structure of Nessus security, user authentication and the
dangers of modularity would be greatly appreciated. I am especially
interested in real world experiences of users on large wide area networks.
Some specific issues I am wondering about:
Client, Server communications and authentication
strength of encryption and authentication techniques
Danger of Malicious plugins and the possibility that a server could be
compromised and have malicious plugins added thereby compromising every
machine that server scans
Clear text password storage?
Is a move to NASL only plugins in the future plausible?
Weaknesses that have been identified but are not being addressed yet due to
resources and the developmental nature of Nessus.
Thank you in advance for any information, suggestions, comments, or
additional questions,
Neil Lofland
Cadet, Co. G-2, Class '02
I am an undergraduate student beginning some research on the security
holes that Nessus itself could introduce to a system. I am hoping this is
considered a part of developing Nessus. This is a precursor to work I am
planning on doing with Nessus and DOD's IAVA system. Any information or
resources about concerns that have already been identified, possible
weaknesses and the structure of Nessus security, user authentication and the
dangers of modularity would be greatly appreciated. I am especially
interested in real world experiences of users on large wide area networks.
Some specific issues I am wondering about:
Client, Server communications and authentication
strength of encryption and authentication techniques
Danger of Malicious plugins and the possibility that a server could be
compromised and have malicious plugins added thereby compromising every
machine that server scans
Clear text password storage?
Is a move to NASL only plugins in the future plausible?
Weaknesses that have been identified but are not being addressed yet due to
resources and the developmental nature of Nessus.
Thank you in advance for any information, suggestions, comments, or
additional questions,
Neil Lofland
Cadet, Co. G-2, Class '02