September 2012 Meeting Details
The meeting of the “Indian Libre User Group” was successfully held on September 23rd 2012
Time: 2:00pm – 5.30pm
Venue: Internet Club, IInd Floor,
AMI Trust Building,Broadway Enclave,
2.30pm – 2.45pm
Customary Self Introduction.
People shared their experience with Free Software
2.45pm – 4.30pm – Session by JayJacob
In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems.
According to surveys done by sectools.org, Nessus is the world’s most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.Tenable estimates that it is used by over 75,000 organizations worldwide.
Nessus allows scans for the following types of vulnerabilities:
1. Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
2. Misconfiguration (e.g. open mail relay, missing patches, etc.).
3. Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
4. Denials of service against the TCP/IP stack by using mangled packets.
5. Preparation for PCI DSS audits
Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests).
Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA’s guide for hardening Windows servers.
4.30pm – 4.45pm
People were requested to handle small technical discussions for the next meeting.
Thanks to all the attendees for coming and they are requested to put their feedback on the mailing list so that we can improve future meetings
The next user meet is on 28th October 2012