1
00:00:00,240 --> 00:00:05,550
‫So let's have a look at NASA's developed by Tenable Network security is one of the most popular and

2
00:00:05,550 --> 00:00:07,470
‫capable vulnerability scanners.

3
00:00:08,340 --> 00:00:11,070
‫NASA's professional is a commercial product.

4
00:00:11,490 --> 00:00:17,730
‫In addition, a free NASA's home version is also available, though it's limited and only licensed for

5
00:00:17,730 --> 00:00:18,810
‫home network use.

6
00:00:19,800 --> 00:00:22,710
‫NASA's allow scans for the following types of vulnerabilities.

7
00:00:23,730 --> 00:00:29,160
‫Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.

8
00:00:30,300 --> 00:00:39,510
‫Misconfiguration, for example, open mail relay, missing patches etc default passwords, a few common

9
00:00:39,510 --> 00:00:44,400
‫passwords and blank or absent passwords on some system accounts.

10
00:00:45,060 --> 00:00:50,160
‫Neces can also call Hydra an external tool to launch a dictionary attack.

11
00:00:51,570 --> 00:00:56,850
‫Denials of service against the TCP IP stack by using malformed packets.

12
00:00:58,300 --> 00:01:01,300
‫And preparation for PCI, DSS audits.

13
00:01:02,330 --> 00:01:07,600
‫Now, in a typical operation, Nasir's begins by doing a port scan to determine which ports are open

14
00:01:07,600 --> 00:01:11,680
‫on the target and then tries various exploits on the open ports.

15
00:01:12,430 --> 00:01:19,390
‫The vulnerability tests available as subscriptions are written in NASL Nessus attack scripting language,

16
00:01:19,780 --> 00:01:23,680
‫a scripting language optimized for custom network interaction.

17
00:01:25,310 --> 00:01:30,020
‫NASA's is constantly updated with more than 70000 plug ins.

18
00:01:31,280 --> 00:01:38,030
‫Key features include remote and local authenticated security checks, a client server architecture with

19
00:01:38,030 --> 00:01:45,140
‫a web based interface, and an embedded scripting language for writing your own plug ins or understanding

20
00:01:45,140 --> 00:01:45,920
‫the existing one.

21
00:01:47,080 --> 00:01:53,650
‫Optionally, the results of the scan can be reported in various formats, such as plain text, XML,

22
00:01:54,040 --> 00:01:56,350
‫HTML and latex.