Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nessus, Harmful?

From: Joseph McCray <joe () learnsecurityonline com>
Date: Sun, 31 Jan 2010 15:02:12 -0500
With Nessus as well as with any vulnerability scanner for that matter
you run the risk of downing the device, server or application you are
auditing. There really isn't a good way to know how it will affect what
you are auditing until you actually run the scan. You can of course
disable dangerous pluggins so that Nessus doesn't perform DOS checks,
and you can tell Nessus not to scan sensitive hosts (Network Printers,
Novell, etc).

Another option is to try something like VMWare "P to
V" (http://www.vmware.com/products/converter/) where you take a physical
host and convert it to a virtual machine and then run Nessus against the
virtual machine.


Hope this helps...

-- 
Joe McCray

Toll Free:      1-866-892-2132
Email:          joe () learnsecurityonline com
LinkedIn:       http://www.linkedin.com/in/joemccray
Twitter:        http://twitter.com/j0emccray
Website:        http://www.learnsecurityonline.com

New Advanced Penetration Testing Course:
http://tinyurl.com/apt-course


Video of my Advanced SQL Injection Presentation:
http://tinyurl.com/j0e-McCray-sql-Injection


"The only thing worse than training good employees and losing them 
is NOT training your employees and keeping them." 

        - Zig Ziglar


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: