Thursday, March 29, 2012

OpenVas Vs Nessus

(Now you can access to the Spanish version of this post | Ya está disponible la versión en Español de este post)

Hi there!

Today we will talk about OpenVas and Nessus but I think we will start the post explaining from a most basic idea:


What's a vulnerability?

Vulnerabilities are also known as "security holes". A simple meaning of this holes can be this "Security holes can be saw as open doors in your PC when you are think that this doors are closed"







I really think that most people do not know that these doors do not even exist.










Now that we know that these doors exists, how can we close it?



Most of vulnerabilities are not easy to detect by a human, even a security expert can not be aware his/her own PC vulnerabilities.

We should know that most of vulnerabilities are caused by well know software applications like internet browsers, messenger apps (like MS Messenger, Skype, IRC...).

Malicious emails are a big source of security risks too.


If you're worried about if your computer is vulnerable, you should run a vulnerability scanner.



What's a vulnerability scan?

In a simple manner, a vulnerability scan is a script-tool with a huge amount of plugins which are able to detect vulnerabilities automatically.
Each plugin is a special "module" will be able to detect a particular kind of vulnerability.
Back to the post title, OpenVas and Nessus are vulnerability scanners.




Nessus
Nessus: Network Vulnerability Scanner

Nessus is a well known vulnerability scanner.

Pros:

  • Easy to install
  • Simple interface, it has just the neccesary items.
  • Higher quality tests
  • Only one support company
  • Higher amount of plugins.
Cons:

  • There are a home (free) edition is very limited
  • The professional edition is very expensive.
Opinion:
  • I only tried the home edition, it's easy-to-use. Ok to perform your first scannings for learning about this "world".
  • I had not the pleasure to work with Nessus "paid" editions :(

OpenVas

Pros:

Open Vulnerability Assessment System
  • Completely free and, more, completely open source. You will be able to recode it if you want to do it.
  • Being free and opensource means that it will supported by many companies.
  • It is able to implement more advanced funcions than Nessus.
  • It's 100% operative, you will be able to enjoy the full power of OpenVas, not like Nessus.
  • It has better access tools, like a web client, a console client...
Cons:
  • It's more difficult to install, to config and to use it.
  • A free-opensource software could not transmit the confiability than a "paid one".
Opinion:

  • This is my favourite one, with it you will be able to perform very advanced scans. It's powerful but not easy-to-use.


We are legion
Next post "Hacking XBox360 card credit data" (English)
Next post "Piratear la tarjeta de crédito de tu Xbox360" (Spanish)
Posted by at
Labels: , , , , , , ,

2 comments:

  1. AnonymousMarch 30, 2012 at 11:01 PM

    Other than SCADA, Compliance, and being restricted to 16 machines at a time, there really are no differences between the free (home) version of Nessus, and the paid one.

    ReplyDelete
    Replies
    1. Fran V.March 31, 2012 at 6:55 PM

      I have not the pleasure of working with the paid Nessus, I will remember your opinion :)

      Thank you very much for your comment my friend.

      Delete

Subscribe to: Post Comments (Atom)

Popular Posts