COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Nessus Network Auditing - 2nd Edition - ISBN: 9781597492089, 9780080558653

Nessus Network Auditing

2nd Edition

Editor: Russ Rogers
Paperback ISBN: 9781597492089
eBook ISBN: 9780080558653
Imprint: Syngress
Published Date: 21st May 2008
Page Count: 448
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


The Updated Version of the Bestselling Nessus Book. This is the ONLY Book to Read if You Run Nessus Across the Enterprise. Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, vendor, and practitioner alike, many of whom rely on Nessus as the foundation to their security practices. Now, a team of leading developers have created the definitive book for the Nessus community.

Perform a Vulnerability Assessment
Use Nessus to find programming errors that allow intruders to gain unauthorized access.

Obtain and Install Nessus
Install from source or binary, set up up clients and user accounts, and update your plug-ins.

Modify the Preferences Tab
Specify the options for Nmap and other complex, configurable components of Nessus.

Understand Scanner Logic and Determine Actual Risk
Plan your scanning strategy and learn what variables can be changed.

Prioritize Vulnerabilities
Prioritize and manage critical vulnerabilities, information leaks, and denial of service errors.

Deal with False Positives
Learn the different types of false positives and the differences between intrusive and nonintrusive tests.

Get Under the Hood of Nessus
Understand the architecture and design of Nessus and master the Nessus Attack Scripting Language (NASL).

Scan the Entire Enterprise Network
Plan for enterprise deployment by gauging network bandwith and topology issues.

Key Features

  • Nessus is the premier Open Source vulnerability assessment tool, and has been voted the "most popular" Open Source security tool several times.
  • The first edition is still the only book available on the product.
  • Written by the world's premier Nessus developers and featuring a foreword by the creator of Nessus, Renaud Deraison.


Network Administrators and security specialists running Nessus or considering its use

Table of Contents

Chapter 1. Vulnerability Assessment

  • Introduction
  • What Is a Vulnerability Assessment?
  • Automated Assessments
  • Two Approaches
  • Realistic Expectations
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 2. Introducing Nessus

  • Introduction
  • What Is It?
  • The De Facto Standard
  • History
  • Basic Components
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 3. Installing Nessus

  • Introduction
  • Nessus Version Comparison
  • Picking a Server
  • Nessus 2.2.x Install Guide
  • Nessus 3 Install Guide
  • Configuring Nessus for UNIX
  • Final Steps
  • Installing a Client
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 4. Running Your First Scan

  • Introduction
  • Preparing for Your First Scan
  • Starting the Nessus Client
  • Policies
  • Target Selection
  • Starting the Scan
  • Nessus Command Line
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 5. Interpreting Results

  • Introduction
  • The Nessus UI Basics
  • Reading a Nessus Report
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 6. Vulnerability Types

  • Introduction
  • Critical Vulnerabilities
  • Information Leaks
  • Denial of Service
  • Best Practices
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 7. False Positives

  • Introduction
  • What Are False Positives?
  • Why False Positives Matter
  • Dealing with False Positives
  • Dealing with a False Positive
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 8. Under the Hood

  • Introduction
  • Nessus Architecture and Design
  • Host Detection
  • Service Detection
  • Information Gathering
  • Vulnerability Fingerprinting
  • Denial-of-Service Testing
  • Putting It All Together
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 9. The Nessus Knowledge Base

  • Introduction
  • Knowledge Base Basics
  • Information Exchange
  • Limitations
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 10. Enterprise Scanning

  • Introduction
  • Planning a Deployment
  • Configuring Scanners
  • Data Correlation
  • Common Problems
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 11. NASL

  • Introduction
  • Why NASL?
  • Structure of a NASL Script
  • An Introduction to the NASL Language
  • The Nessus Knowledge Base
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter 12. The Nessus User Community

  • Introduction
  • The Nessus Mailing Lists
  • The Online Plug-In Database
  • Reporting Bugs via Bugzilla
  • Submitting Patches and Plug-Ins
  • Where to Get More Information and Help
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Chapter13. Compliance Monitoring with Nessus 3

  • Introduction
  • Understanding Compliance
  • The Nessus Compliance Engine
  • Using Nessus 3 Auditing
  • Nessus 3 Reporting
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions


No. of pages:
© Syngress 2008
21st May 2008
Paperback ISBN:
eBook ISBN:

About the Editor

Russ Rogers

Russ Rogers (CISSP, CISM, IAM, IEM, Hon. Sc.D.), author of the popular "Hacking a Terror Network: The Silent Threat of Covert Channels" (Syngress, ISBN: 978-1-928994-98-5), co-author of multiple books, including the best-selling "Stealing the Network: How to Own a Continent" (Syngress, ISBN: 978-1-931836-05-0) and "Network Security Evaluation Using the NSA IEM" (Syngress, ISBN: 978-1-59749-035-1), and former editor-in-chief of The Security Journal, is currently a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security, Inc., a veteran-owned small business based in Colorado Springs, CO. Russ has been involved in information technology since 1980 and has spent the past 20 years working as both an IT and InfoSec consultant. Russ has worked with the U.S. Air Force (USAF), National Security Agency (NSA), Defense Information Systems Agency (DISA), and other federal agencies. He is a globally renowned security expert, speaker, and author who has presented at conferences around the world in Amsterdam, Tokyo, Singapore, São Paulo, Abu Dhabi, and cities all over the United States. Russ has an honorary doctorate of science in information technology from the University of Advancing Technology, a master's degree in computer systems management from the University of Maryland, a bachelor of science degree in computer information systems from the University of Maryland, and an associate's degree in applied communications technology from the Community College of the Air Force. He is a member of ISSA and (ISC)2® (CISSP). Russ also teaches at and fills the role of professor of network security for the University of Advancing Technology (

Affiliations and Expertise

Penetration Tester for a Federal Agency and Co-founder/Chief Executive Officer, Peak Security, Inc.

Ratings and Reviews