Testing your server's firewall with Nessus

Printer-friendly versionPDF version

In my last article Setting up your firewall with Shorewall on Linux (Debian), I showed you how you could setup a firewall on your server. After setting up the firewall, I had no idea if it was setup correctly. I needed someway to test it. After a bit of searching I found Nessus. Although they had a commercial version but for home use Nessus was free, but ýou have to only register. So hop hop I registered by Nessus, got my activation code, and started the install process. After the initial install It took sometime to update and initialize itself, but the wait was definitely worth it.

So it was time to fire up the Nessus web client at URL "https://localhost:8834/nessus6.html#/scans" and login via the credentials provided during the install. When the UI came up it was nothing short of being both intuitive, modern and impressive.The “New Scan” button was prominently placed and the next screen shown below just poped up. As a first step the “Basic Network Scan” shown below sounded like a good option. So I clicked that:

 

In the screen following the above one I just filled out the details. Put in the actual IP address of the your server here. In my case I am doing a test from my local network, so for demo purposes just put in the the first 3 octets.

On the "Discovery" tab above on the left hand side, I just turned on everything to make the scan an extensive one. This is the option that says “Port Scan (All ports)”.

Than just save your plan. Before I ran this plan I went to my web server and turned its firewall off. If you configured the firewall with shorewall like me, than below is how you could do that:

service shorewall stop

If you now type "iptables -L" on a command shell, you should see something like below which shows that your firewall is now off:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



Now its time to save your NESSUS plan and run it.

After a little while I got a report of 100 vulnerablities in 44 categories. Without going into the details of all those, here is what the vulnerability graph looked like, plus the 2 info categories that were of interest to me regarding the open ports :

So as a summary the "Service Detection" category discoverd 11 services on my server and the "Nessus SYN scanner" category reported that the scanner discovered 9 open ports.

Now it was time to turn on the server's firewall and re-run the test. To start the firewall, configured with shorewall, just do “service shorewall start” on a command shell and you're good to go. "iptables -L" is going to give you a long long input, if you have configured rules on your firewall. Now re-run the scan.

The reported vulnerablities went down from a 100 to only 25. Again the 2 categories of interest to us regarding our firewall setup showed only 3 service and 3 ports opened. This is exactly what I had configured on my firewall in my previous article. So the difference speaks for itself. Only http (ports 80 and 443) and ssh (port 22) are discoverable as should be. So the firewall is doing its job than. Proof enough for today.

 

Update

I added the NTP rule and the DNS queries rule later on after the test when I missed time synchronization and updated my firewall configuration article here. So this test does not represent this change.

Tags:

Add new comment