Implementación de Nessus para el análisis de vulnerabilidades en un centro de datos

Pedro Pérez Santillán

doi:10.22201/dgtic.30618096e.2025.3.3.121

PDF (Español (España)) HTML (Español (España))

Published: Aug 13, 2025

DOI: https://doi.org/10.22201/dgtic.30618096e.2025.3.3.121

Keywords:

Nessus, vulnerabilities, data center, virtual machine, virtualization, security, cybersecurity

Pedro Pérez Santillán

Dirección General de Cómputo y de Tecnologías de Información y Comunicación, Universidad Nacional Autónoma de México

Abstract

A university’s data center hosts vital and sensitive information, making identification and correction of
vulnerabilities in its digital infrastructure crucial. The increasing complexity of digital infrastructures, especially
with the adoption of virtualization technologies and cloud services, has introduced new security challenges,
making vulnerability management essential. Given the large number of virtual servers and the diversity of
operating systems within them, manual security reviews are no longer viable, which motivated the need to
implement automated tools for vulnerability analysis. It was decided to implement and evaluate the Nessus
tool in a testing environment to identify and report potential security breaches in the virtualized infrastructure
of the Data Center of the Directorate General of Computing and Information and Communication Technologies
(DGTIC). The choice of Nessus was based on its broad recognition in the industry, as well as its successful use in
other academic institutions for proactive and automated vulnerability detection.
The methodology consisted of installing Nessus on a virtual machine within a test cluster running the Proxmox
hypervisor and several virtual machines with some security breaches. For the target IP addresses, basic
and credentialed scans were performed, and default port ranges were used. The analysis results provided
a total number of identified vulnerabilities and their distribution by severity level, allowing for specific
recommendations to improve the security of the test environment. The analysis demonstrated Nessus’s
effectiveness in identifying and classifying vulnerabilities in complex virtualized infrastructures, where multiple
physical resources such as servers, storage, and networks have been virtualized. This highlights the importance
of an ongoing vulnerability management program and the adoption of security best practices to improve the
digital infrastructure’s ability to withstand and recover from incidents.

Downloads

Download data is not yet available.

How to Cite

Pérez Santillán, P. (2025). Implementación de Nessus para el análisis de vulnerabilidades en un centro de datos. Cuadernos Técnicos Universitarios De La DGTIC, 3(3). https://doi.org/10.22201/dgtic.30618096e.2025.3.3.121

Issue

Vol. 3 No. 3 (2025): Cuadernos Técnicos Universitarios de la DGTIC

Section

Reportes técnicos

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Este trabajo tiene la licencia CC BY-NC-ND 4.0

Author Biography

Pedro Pérez Santillán, Dirección General de Cómputo y de Tecnologías de Información y Comunicación, Universidad Nacional Autónoma de México

.

References

Chhillar, K. (2021). University computer network vulnerability assessment using NESSUS. Paper Code: RDMOCS-P62. https://www.researchgate.net/publication/356998084_University_Computer_Network_Vulnerability_Assessment_using_NESSUS_Paper_Code_RDMOCS-P62

Elastic. (s.f.). ¿Qué es la gestión de vulnerabilidades? https://www.elastic.co/es/what-is/vulnerability-management

GeeksforGeeks. (2024). Explain Nessus Tool in Security Testing. https://www.geeksforgeeks.org/explain-nessus-tool-in-security-testing/

Harvard University Information Technology Security Operations. (2024). HUIT Server security requirements standard v1.5. https://enterprisearchitecture.harvard.edu/sites/hwpi.harvard.edu/files/enterprise/files/huit_server_security_requirements_standard_v1.5.pdf

Kak, A. (2024). Port and Vulnerability Scanning, Packet Sniffing, Intrusion Detection, and Penetration Testing. Purdue University. https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture23.pdf

Lim, J. T., & Nieh, J. (2020). Optimizing nested virtualization performance using direct virtual hardware. In Proceedings of the Twenty-Fifth International Conference on ASPLOS Architectural Support for Programming Languages and Operating Systems (pp. 557-574). https://www.cs.columbia.edu/~nieh/pubs/asplos2020_dvh.pdf DOI: https://doi.org/10.1145/3373376.3378467

Paspuel, T., & Pablo, J. (2024). Propuesta de un plan de mitigación de riesgos basado en la evaluación de los controles de la ISO 27002, para la identificación de vulnerabilidades. Universidad Tecnológica Israel. Paper Code: MASTER-SEG.INF-PRO;012. (pp. 56-63).

Proxmox Support Forum. (2023). Compatibility with vulnerability scanners [Mensaje en un foro]. https://forum.proxmox.com/threads/compatibility-with-vulnerability-scanners.120807/

Railkar, D. (2022). A Study on Vulnerability Scanning Tools for Network Security. International Journal of Scientific Research in Computer Science Engineering and Information Technology. 8(6):340. (pp. 68-75). https://www.researchgate.net/publication/361951998_A_Study_on_Vulnerability_Scanning_Tools_for_Network_Security

Sllame, A. M., Tomia, T. E., & Rahuma, R. M. (2024). A Holistic Approach for Cyber Security Vulnerability Assessment Based on Open Source Tools: Nikto, Acunitx, ZAP, Nessus and Enhanced with AI-Powered Tool ImmuniWeb. In 2024 IEEE 4th International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering (MI-STA) (pp. 68-75). DOI: https://doi.org/10.1109/MI-STA61267.2024.10599685

University of California, Berkeley. (2025). Frequently asked questions. Information security office. https://security.berkeley.edu/faq-page

University of Texas at Austin. (2021). Minimum security standards for systems. https://security.utexas.edu/content/min-security-standards/systems

Tenable, Inc. (2025). Risk metrics. https://docs.tenable.com/nessus/Content/RiskMetrics.htm

West Virginia University. (2022). Vulnerability management standard. https://it.wvu.edu/policies-and-procedures/security/vulnerability-management-standard

Article Sidebar

Main Article Content

Abstract

Downloads

Article Details

Pedro Pérez Santillán, Dirección General de Cómputo y de Tecnologías de Información y Comunicación, Universidad Nacional Autónoma de México

References