Using Nessus To Detect Wireless Access Points
Using Nessus to DetectWireless Access PointsMay 5, 2003(Updated January, 2009)Renaud DeraisonDirector of ResearchRon GulaChief Technology Officer
Table of ContentsTABLE OF CONTENTS . 2INTRODUCTION . 3WHY DETECT WIRELESS ACCESS POINTS?. 3WIRELESS SCANNING FOR WAPS . 4DETECTING WAPS USING NESSUS . 4LIMITATIONS OF WAP SCANNING WITH NESSUS . 8ADVANTAGES OF WAP SCANNING WITH NESSUS . 9CONFIGURING NESSUS FOR A WAP SCAN . 9OTHER WAP IDENTIFICATION TECHNIQUES . 10CONCLUSION . 10ABOUT THE AUTHORS . 10ABOUT TENABLE NETWORK SECURITY . 12Copyright 2004-2009, Tenable Network Security, Inc.Proprietary Information of Tenable Network Security, Inc.2
IntroductionThe detection of wireless access points (WAPs) has become a major source of activity formany enterprise security groups. Conducting physical inspections of each campus locationwith handheld, laptop computers or even dedicated “wireless monitors” to find unauthorizedaccess points is time consuming. Fortunately, these efforts may be enhanced throughdetection of WAPs with the Nessus Vulnerability Scanner.This paper will discuss the techniques used by Nessus to efficiently scan for wireless accesspoints. It will also highlight some of the advantages and disadvantages of scanning withNessus as compared to manual physical audits. Recommendations for writing signatures todetect new types of WAPs will also be covered.This paper assumes that the reader is familiar with the Nessus Vulnerability Scanneroperating and basic wireless technology. Unless specifically stated, the WAPs that supportthe 802.11b protocol are assumed.Why Detect Wireless Access Points?In campus environments, many network users will add a wireless access point to theirnetwork in order to free their laptops and computers from a network cable. In the processof doing this, the network users may be opening the network for unsecured access byremote intruders equipped with wireless network cards. Even though there are simple waysto increase the security of WAPs, many users do not enable these features and this leaveslarge campus networks exposed to security breaches from remote intruders.For example, as shown below, a simple corporate network could be protected from theInternet with a firewall. If an internal network user installs an unsecured WAP inside thecorporate network, external users may be able to access internal systems.Simple example of how WAPs can impact securityIn the above figure, attacks to breach a server on the “Company Network” are foiled by afirewall. However, with the addition of an unsecured WAP, users outside the firewall are ableto access internal systems. Of course, the example may seem to over-simplify the threat ofWAPs to network security, but the reality is that war-driving and t
Aironet 630-2400 V3.3P Wireless LAN bridge . Aironet Wireless Bridge running firmware V5.0J . Aironet AP4800E v8.07 - Aironet (Cisco?) 11 Mbps wireless access point . Cisco AIR-WGB340 V8.38 wireless workgroup bridge 340 . D-Link DI-713P Wireless Gateway (2.57 build 3a)
Today Tenable Network Security is the sole developer, owner and licensor of the Nessus source code. Even Nessus 3.0 is now closed source; however most of the plugins can be updated for free by simply registering with Nessus (2). 3.0 Nessus at Work: Nessus can be used to scan for vulnerabili
AWS instances with Nessus while in development and operations, before publishing to AWS users. Tenable Network Security offers two products on the AWS environment: Nessus for AWS is a Nessus Enterprise instance already available in the AWS Marketplace. Tenable Nessus for AWS provides pre-authorized scanning in the AWS cloud via AWS instance ID.
Web Application Scanning with Nessus Each of the covered standards are introduced followed by a brief description of how Nessus web-based audits can be used to help achieve compliance with the standard. Nessus scanning techniques can be accomplished with Nessus as well as when being managed by Tenable's SecurityCenter.
Starting with Nessus 4.2, user management of the Nessus server is conducted through a web interface and it is no longer necessary to use a standalone NessusClient. The standalone NessusClients will still connect and operate the scanner, but they will not be updated. Refer to the Nessus 4.2 Installation Guide for instructions on installing Nessus.
Learning Nessus for Penetration Testing gives you an idea on how to perform VA and PT effectively using the commonly used tool named Nessus. This book will introduce you to common tests such as Vulnerability Assessment and Penetration Testing. The introduction to the Nessus tool is followed by steps
Die Nessus-Benutzeroberfläche (User Interface, UI) ist eine webbasierte Oberfläche für den Nessus-Scanner. Sie umfasst einen einfachen HTTP-Server und -Webclient und erfordert abgesehen vom Nessus-Server keine weitere Softwareinstallation. Seit Nessus 4 weisen alle Plattformen dieselbe Codebasis auf. Hierdurch werden nicht nur die
Tenable Nessus Automated Scans We will continue to scan all technologies in scope for which we have IRS audit files. Scans may be conducted using: The agency’s/data center’s instance of Nessus (Pro, Security Center, etc.) The agency can download Nessus from Tenable on agency equipment and IRS
ANSI A300 defines as a tree risk assess-ment: “A systematic process used to identify, analyze, and evaluate risk.” “Mitigation” is a term that I see com-monly used inappropriately. In the Standard, it is very clearly defined as the process of diminishing risk. We do not eliminate risk in trees when we perform some form of mitigation practice. We are minimizing the risk to some .
