Nessus is a popular open-source scanner for organizations that choose not to spend the money on other proprietary products. There are significant advantages to Nessus over many other products but there are also some disadvantages.
ITEM
|
ADVANTAGE
|
DISADVANTAGE
|
---|---|---|
Single server performs scans and captures results to a database
|
High-performance capture of data with minimum results reporting impact on the network.
|
Forces centralized server architecture where all scans take place from a single server.
|
Open-source product
|
Low cost of ownership. Can be customized by the end user with technical knowledge.
|
No support without extra fee. Requires greater knowledge to install and operate the product.
|
The user can compile binary
|
Operates on multiple platforms: OSs/CPUs.
|
Requires strong knowledge about the target systems and open-source software.
|
Optimized version of Nessus is recommended for scanning Windows XP SP2 platforms to avoid false negatives
|
Scalability problem: If your organization has a mix of architectures (e.g., Linux and Windows), then it is possible that two versions may come into use, or you are better off using a Windows version.
| |
Professional feeds provide immediate updates
|
Receiving immediate updates for latest vulnerabilities is obviously good.
|
You must pay for this but the cost is likely the same or cheaper than other products.
|
Home feeds provide free vulnerability updates
|
This is a good way to get started evaluating the tool.
|
This is not for commercial use.
|
Plug-ins
|
These elements of Nessus allow for extensibility and customization commonly beyond what other products offer.
|
The increased complexity requires considerable knowledge and experience to deploy.
|
NASL[*]
|
This tool allows the user to script and run specific vulnerability checks. These checks provide a lot of control where most products do not.
|
Knowledge of NASL and how to use it at the command line is necessary.
|