The Nexpose Vulnerability Scanner

Nexpose is a unified vulnerability detection and management solution that scans networks to identify the devices running on them and to probe these devices for vulnerabilities. It analyzes the scan data and processes it for reports. You can use these reports to help you assess your network security at various levels of detail and re-mediate any vulnerabilities quickly. The vulnerability checks identify security weaknesses in all layers of a network computing environment, including operating systems, databases, applications, and files. The application can detect malicious programs and worms, identify areas in your infrastructure that may be at risk for an attack, and verify patch updates and security compliance measures.

Components of the Virtual Appliance The Nexpose application consists of two main components:

• Scan Engines perform asset discovery and vulnerability detection operations. You can deploy them outside your firewall, within your secure network perimeter, or inside your DMZ to scan any network asset.

• The Security Console communicates with Scan Engines to start scans and retrieve scan information. All exchanges between it and Scan Engines occur through encrypted SSL sessions over a dedicated TCP port that you can select. For better security and performance, Scan Engines do not communicate with each other; they only communicate with the Security Console. When an asset is scanned for the first time, the Security Console creates a repository of information about that asset in its database. With each ensuing scan of the asset, the console updates the information in the repository.

The Security Console includes a Web-based interface for configuring and using the application. An authorized user can log on to this interface securely using HTTPS to perform any task that his or her role permits. When you deploy the Virtual Appliance, you will operate a Security Console with a local Scan Engine.

Troubleshooting: If for some reason your Nexpose installation malfunctions, you may want to try running the service manually by invoking the nsc.sh file, e.g.: $ /opt/rapid7/nexpose/nsc/nsc.sh

When in the nsc directory, you may need to invoke: sudo ./nsc.sh

Before running, make sure all existing Nexpose processes are shut-down (you can verify this with top or ps aux).