veryone needs a good network plug-ins cover more vulnerabilities closer security ofﬁcer. This group has the expe-
vulnerability scanner and it would to the discovery of the vulnerability than rience and vision to keep the company
be really nice if it was free. Right? any other tool of its type. and its products in the forefront of
Well, as just about every security maven Nessus has become the basis for security tool companies.
knows, Nessus is that tool. Nessus started several appliances, including one from For its solid performance, the huge
life as a completely free product. Intro- Tenable. But whether in its client-server number of plug-ins and the solid sup-
duced in 1998 by Renaud Deraison, this conﬁguration or as an appliance, Nessus port from Tenable, Nessus was and
product focused on Unix initially. Today, is the most comprehensive vulnerability remains a vital and useful solution. Even
it still is free for personal use, but com- scanner available. For years, Nessus was with tools such as Core Impact (see pg.
mercial users must pay a fee. the only tool needed for routine vulner- 53) for penetration testing, we need a
Nessus has found its way into a very ability scans. Today, that state of affairs good vulnerability assessment tool. At
large number of commercial scanning has changed little. The difference is that Norwich University where I teach, we
products through the development of test today it is far more conﬁgurable and is use Nessus as our primary vulnerability
scripts by the largest open source com- much more efﬁcient. assessment teaching tool. We follow up
munity in the security world. Between the Tenable has a renowned team. Besides with pen testing using Impact to validate
development of vulnerability test scripts Deraison, Ron Gula, co-founder of suspected vulnerabilities discovered by
by Tenable engineers and contributions Tenable, is the CEO/CTO, and Marcus Nessus. This lets us test those vulner-
by the open source community, Nessus Ranum, of ﬁrewall fame, is its chief abilities for exploitability.
Product: Nessus // Vendor: Tenable Network Security // www.nessus.org/nessus
What it does: The leading open source network vulnerability scanner, now available as a commercial tool from Tenable.
NetIQ’s Secure Configuration Manager
n an era driven by compliance, there applies policies and derives a status, of the device being monitored on the
are two speciﬁc areas of concern. which it reports to the administrator. enterprise, and its reportin