Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner

Do not log in with user

accounts not specified in

the policy

Used to prevent account lockouts if your password policy is set to lock out accounts

after several invalid attempts.

Enable CGI scanning

Activates CGI checking. Disabling this option will greatly speed up the audit of a local

network. This option must be enabled in conjunction with the web application testing

plugin for a full web audit to occur.

Network type

Allows you to specify if you are using public routable IPs, private non-internet routable

IPs or a mix of these. Select “Mixed” if you are using RFC 1918 addresses and there

are multiple routers within your network.

Enable experimental

scripts

Causes plugins that are considered experimental to be used in the scan. Do not

enable this setting while scanning a production network.

Tenable does not release scripts flagged “experimental” in either plugin

feed.

Thorough tests (slow)

Causes various plugins to “work harder”. For example, when looking through SMB file

shares, a plugin can analyze 3 levels deep instead of 1. This could cause much more

network traffic and analysis in some cases. Note that by being more thorough, the

scan will be more intrusive and is more likely to disrupt the network, while potentially

having better audit results. For more information about “thorough tests” see this blog

entry.

Report verbosity

A higher setting will provide more information in the report.

Report paranoia

In some cases, Nessus cannot remotely determine whether a flaw is present or not. If

the report paranoia is set to “Paranoid (more false alarms)” then a flaw will be

reported every time, even when there is a doubt about the remote host being affected.

Conversely, a paranoia setting of “Avoid false alarm” will cause Nessus to not report

any flaw whenever there is a hint of uncertainty about the remote host. The default

option (“Normal”) is a middle ground between these two settings.

HTTP User-Agent

Specifies which type of web browser Nessus will impersonate while scanning.

SSL certificate to use

Allows Nessus to use a client side SSL certificate for communicating with a remote

host.

SSL CA to trust

Specifies a Certificate Authority (CA) that Nessus will trust.

SSL key to use

Specifies a local SSL key to use for communicating with the remote host.

SSL password for SSL key

The password for managing the SSL key specified.

HTTP cookies import (plugin 42893) facilitates web application testing. Nessus can import HTTP cookies from another

piece of software (web browser, web proxy, etc.) with this setting. A cookie file can be uploaded so that Nessus uses the

cookies when attempting to access a web application. The cookie file must be in Netscape format.

The HTTP login page (plugin 11149) settings provide control over where authenticated testing of a custom web-based

application begins. See this blog entry for more details about configuring web applications that require authentication.