Running a Scan

Owned by Rebecca.Dewey
Last updated: Sept 20, 2016 by Mary.Zhao

Current Status of Nessus Service

Please note that https://infosec-scan.uit.tufts.edu is currently unavailable. We will update this page when it becomes available. Thank you for your patience!

Tufts' Nessus service is available at https://infosec-scan.uit.tufts.edu/. Please note that the S in HTTPS is required.

 

Please take a moment to familiarize yourself with the optional steps you may wish to take to prepare your systems to be scanned. 

Scan Process

 1. Log in

 
  • Log in, click "Scans," and click "Add." The scan configuration screen will appear.
 2. Configure

 
  • Configure the scan:
    1. Assign a name to the scan for your own reference
    2. Select "Run Now" to start the scan as soon as soon as you're finished with its configuration
    3. Select the "Default Tufts Scan" policy to use the most common scan policy
      1. Decide whether to include an ICMP ping before scanning each host (e.g., scanning a whole subnet) or not to ping, and assume that all hosts are live (e.g., scanning a few hosts you know are live)
    4. List the target(s): 
      by single IP address (e.g., 192.168.0.1) 
      by IP range (e.g., 192.168.0.1-192.168.0.255) 
      by subnet with CIDR notation (e.g., 192.168.0.0/24) 
      or by resolvable host (e.g., www.nessus.org). 
      Only scan hosts you own or control. You are responsible for the results of your scans.

Target File

Alternatively, create and upload a reusable "Targets File" using ASCII text encoding with one host or CIDR network per line and no extra spaces or lines

 3. Launch

  • Click "Run Scan." The scan will start and Nessus will display a progress meter based on the number of IPs which have been scanned.
 4. Run

  • Allow the scan to run. When it's complete, it will move from the Scans section to the Reports section.
 5. Open Report

  • Click Reports, select the report for your scan, and click Browse. This will display a list of the target hosts for this scan. Click on a host to view its results.
 6. Analyze Each Host

  • Click a host name or IP address to open its results. This will display a list of the open ports found on the host. Click on a port number to view the information collected for that port.
  • Click the scan name to return to the list of hosts in the scan.
 7. Analyze Each Port

  • Click on a port to see the results of the analysis of that port.

  • Click on a plugin/analysis to see the vulnerability assessment for that port. Determine whether it's a problem that needs to be remediated, or just an informational notice.
  • Click the host name to return to the list of ports for that host.

Questions?

If in doubt, don't hesitate to ask Information Security for assistance analyzing these results.

 

Remediation and Re-Scanning

Once you've analyzed the results of your scan, you can select the issues you want to remediate, fix them, and then re-scan. The results relating to those issues should not not appear in the new scan.

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.