Learning Nessus for intrusion assessments (CS8505)

This course starts off with an introduction to vulnerability assessment and penetration testing before moving on to show you the steps needed to install Nessus on Windows and Linux platforms.

Throughout the course, you will learn about the various administrative options available in Nessus such as how to create a new user. You will also learn about important concepts like how to analyze results to remove false positives and criticality. At the end, you will also be introduced to the compliance check feature of Nessus and given an insight into how it is different from regular vulnerability scanning.

Learning Nessus for Penetration Testing teaches you everything you need to know about how to perform VA/PT effectively using Nessus to secure your IT infrastructure and to meet compliance requirements in an effective and efficient manner.

A preferential rate (-15%) applies to the regular cost for non-profit organizations, as well as the government sector. In addition, you can benefit from additional advantages through a corporate agreement when you need to train several people or teams in your company. Contact us for details.

Public class

2 days / 14 hours

Private class

Virtual classroom
Minimum no. of participants: 4
2 days / 14 hours
Price on request
English or Serbian
Training plan: 

Module 1: Fundamentals

  • Vulnerability Assessment and Penetration Testing
    • Need for Vulnerability Assessment
    • The life cycles of Vulnerability Assessment and Penetration Testing
  • Introduction to Nessus
    • Introduction Nessus setup
    • Scheduling scans
    • The Nessus plugin
    • Patch management using Nessus
    • Governance, risk, and compliance checks
  • Installing Nessus on different platforms
    • Prerequisites
    • Instaling Nessus on Windows
    • Instaling Nessus on Linux
  • Definition update
    • Online plugin updates
    • Offline plugin updates
  • User management
  • Nessus system configuration
    • About

Module 2: Scanning

  • Scan prerequisites
    • Scan-based target system admin credentials
    • Direct connectivity without a firewall
    • Scanning window to be agreed upon
    • Scanning approvals and related paper work
    • Backup of all systems including data and configuration
    • Updating Nessus plugins
    • Creating a scan policy as per target system OS and information
    • Configuring a scan policy to check for an
    • Gathering information of target systems
    • Sufficient network bandwidth to run the scan
    • Target system support staff
  • Policy configuration
    • New policy creation
  • Scan configuration
    • Configuring a new scan
    • Scan execution and results

Module 3: Scan Analysis

  • Result analysis
    • False positive analysis
    • Vulnerability analysis
    • Vulnerability exploiting

Module 4: Reporting Options

  • Vulnerability Assessment report
    • Nessus report generation
    • Nessus report content
  • Report customization
  • Report automation

Module 5: Compliance Checks

  • Audit policies
  • Compliance reporting
  • Auditing infrastructure
    • Windows compliance check
    • Windows File Content
    • Unix compliance check
    • Cisco IOS compliance checks
    • Database compliance checks
    • PCI DSS compliance
    • VMware vCenter/vSphere Compliance Check

  • One year access to the class recording
  • Access to the lab environment during the training
  • Course material accessible in electronic format
  • One year subscription to the CodeRed platform containing thousands of cybersecurity videos
  • Certificate of attendance

Contact us for more information on pricing::

Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3