Publication date : 06/06/2024
Course : Nessus, conducting a vulnerability audit
Practical course - 2d
- 14h00 - Ref. NES
|
Download in PDF format
Share this course by email
 | Installing and configuring Nessus |
| Using the Nessus client |
| Conducting a vulnerability audit with Nessus |
| Conduct a configuration audit of Windows and Linux systems |
Intended audience
Technicians, system and network administrators and auditors required to perform [[PenTest]".
Prerequisites
Basic knowledge of networks and security.
Course schedule
1 Background and positioning of Nessus
- Terminology and references relating to vulnerabilities (CVE, CWE, CVSS, AWS, CERT, etc.).
- Security audit versus vulnerability audit and penetration test.
- Positioning of different security tools and approaches: intrusion detection, scanner.
- Vulnerability auditing tools (Snort, Suricata, Nessus, OpenVas, Qualys, Acunetix...).
- Network, system and application vulnerability scanning (tools, approach and limitations).
- Introducing Nessus products.
- Client/server operating mode.
- Basic network configuration and scanning.
Hands-on work
Installation, configuration and basic network scanning.
2 Nessus components and architectures
- Nessus architecture and features.
- Plug-in integration: managing and designing plug-ins.
- Deployment of manager, agent.
- License management.
Hands-on work
Configuration and settings. Plug-in management and design.
3 Policy: design and analysis
- Definition of a basic scan policy.
- Define and manage a discovery policy (host, port, service).
- Create, configure and schedule an advanced vulnerability scan.
- Vulnerability scanning operations: scans of vulnerable Web applications, active scans, authenticated scans.
- Web application vulnerability audits.
- Designing a security policy.
Hands-on work
Security policy design and vulnerability audit. Implement a Web platform and audit Web application vulnerabilities.
4 Configuration and vulnerability audits: implementation and analysis
- Principles of configuration auditing.
- Introduction to compliance auditing.
- System audit principles: Windows, Linux/Unix.
- System and virtual environment auditing.
- Reporting and vulnerability analysis.
Hands-on work
Configuration audit of Windows and Linux systems.
PARTICIPANTS
Technicians, system and network administrators and auditors required to perform [[PenTest]".
PREREQUISITES
Basic knowledge of networks and security.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Technicians, system and network administrators and auditors required to perform [[PenTest]".
PREREQUISITES
Basic knowledge of networks and security.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class
Dernières places
Date garantie en présentiel ou à distance
Session garantie