Re: Nessus 3.0 released

[Brian Smith-Sweeney <bsmithsweeney () nyu edu>]

Just installed it this morning without the pay feed.  Scans were run
against the known open ports on an Oracle server I then scanned with an
older (2.2.5) version of nessus, with all plugins enabled and "optimize
the test", "safe checks", and "consider unscanned ports as closed"
disabled.  Port list was default.  Note that the older version of nessus
*did* have access to the direct feed, hence (I assume) the discrepancy
in plugin numbers.

This isn't a dedicated host, but the other processes were fairly
consistent through both tests.  Given this setup I don't know if one
would consider these "hard" numbers, but I'll provide them since I was
doing this for myself anyway.  I ran the tests twice each, but only
posted the results from one set since they were very similar.

Host information
================
SunFire V60x Server
Red Hat Enterprise Linux AS release 3 (Taroon Update 6)
Linux 2.4.21-20.ELsmp #1 SMP Wed Aug 18 20:46:40 EDT 2004 i686 i686 i386
GNU/Linux
4 x Intel(R) Xeon(TM) CPU 2.80GHz
MemTotal:      4099448 kB
10kRPM Ultra 320 SCSI drives
sample loadavg before scans: 0.01 0.11 0.09 1/117 8885
sample vmstat without scans:
procs                      memory      swap          io     system
   cpu
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id wa
 0  0   7092  55296 166556 3442644    0    0     1     0    0     0  0
0  0  0
 0  0   7092  55296 166556 3442644    0    0     0     0  123   213  0
0 100  0
 0  0   7092  55296 166556 3442644    0    0     0     0  116   186  0
0 100  0

Nessus 2.2.5 (~9862 tests run)
=============================
start: [Tue Dec 13 13:34:52 2005][17406] : testing <target> [17409]
finish: [Tue Dec 13 13:46:26 2005][17409] Finished testing <target>.
Time : 694.30 secs


biggest load spike (/proc/loadavg): 1.35 0.55 0.29 3/120 26803
associated vmstat output:
procs                      memory      swap          io     system
   cpu
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id wa
 2  0   7092  28536 166316 3405004    0    0     1     0    0     1  0
0  0  0
 2  0   7092  29108 166316 3402688    0    0     0   604  153  1434 17
31 47  5
 1  0   7092  27712 166316 3402456    0    0     0     0  151  1598 13
34 53  0

near most common load (eyeball estimate): 0.20 0.39 0.26 1/117 27468
associated vmstat output:
procs                      memory      swap          io     system
   cpu
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id wa
 0  0   7092  37880 166324 3401264    0    0     1     0    0     1  0
0  0  0
 0  0   7092  37876 166324 3401264    0    0     0   212  122   597  0
0 96  4
 0  0   7092  37872 166324 3401264    0    0     0     0  113   576  0
0 99  0


Nessus 3.0.0 (~9674 tests run)
=============================
start: [Tue Dec 13 13:57:20 2005][28012] : testing <target>  [28014]
finish: [Tue Dec 13 14:10:33 2005][28014] Finished testing <target>.
Time : 793.23 secs

biggest load spike: 0.35 0.23 0.18 1/122 28587
associated vmstat output:
procs                      memory      swap          io     system
   cpu
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id wa
 0  0   7092  25268 166508 3446940    0    0     1     0    0     1  0
0  0  0
 0  0   7092  25252 166508 3446940    0    0     0     0  113   391  0
0 100  0
 0  0   7092  25252 166508 3446940    0    0     0     0  110   410  0
0 100  0

near most common load (eyeball estimate): 0.25 0.22 0.18 1/121 28599
procs                      memory      swap          io     system
   cpu
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id wa
 0  0   7092  35768 166508 3446940    0    0     1     0    0     1  0
0  0  0
 0  0   7092  35768 166508 3446940    0    0     0     0  145   270  0
0 100  0
 0  0   7092  35768 166508 3446940    0    0     0     0  139   255  0
0 100  0


Other notes:
=============
* The client is *very* different.  Seems more task/project/workflow
influenced.  It'll take some getting used to and I will reserve judgment.
* Server startup is faster with new version (12.9 seconds vs 1.4).
* Login via GUI is both faster and more verbose with new version (40
seconds vs 5)

All in all I'm pleased with the new version.  If anyone wants more
background data let me know.

Cheers,
Brian


Erin Carroll wrote:
> Tenable released Nessus 3.0 yesterday. More information at 
> http://www.tenablesecurity.com/news/pr37.shtml
>
> New licensing debates aside, has anyone yet had a chance to test this new
> version out? As a long-time user of Nessus, I'm curious just how improved
> the performance is, especially on server-side resource utilization. 
>
> Has anyone had a chance to run comparison tests between the old and new 
> versions yet? Renaud, I know you and some others from Tenable lurk on this 
> list. Any comments or hard numbers you could provide on the performance 
> differences (or other areas of improvement like reporting) would be very 
> welcome.
>
> -Erin Carroll
> Moderator
> SecurityFocus pen-test list




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------