Vulnerability Management(Nessus)

Welcome to the vulnerability management lab! In this lab, I will be using Nessus to identify and prioritize vulnerabilities within the Virtual machine. Nessus is a powerful vulnerability scanner that allows us to scan our network and systems for known vulnerabilities, misconfigurations, and other weaknesses that could potentially be exploited by malicious actors.

 In this lab, I set up Nessus Essentials, installed Windows 10 inside a virtual machine using VMware Workstation Player, added some outdated software, and performed vulnerability checks on the virtual machine to look for any potential security flaws. Later, I make an effort to fix some of the flaws.

I first start by downloading, Vmware Workstation, a windows 10 iso and Nessus.

It is crucial to set the network adapter to bridged while constructing the Windows virtual machine. It connects the virtual machine to the physical computer's network so that Nessus can communicate with the virtual machine effortlessly.


After completing the necessary installations, I needed to perform a Nessus scan to ensure it worked correctly. In order to do this, I first needed the IP of the virtual machine, so I went into the command line and used ipconfig to see its IP address. I then pinged the virtual machine from my physical machine. At first, it wasn't working, the firewall was the source of the initial failure, thus I had to adjust its settings before it started working.

I could perform my first scan on the machine to see if it was working correctly.




According to the basic vulnerability scan, there appear to be 18 vulnerabilities. Since I did not supply any credentials, most of them are info and low vulnerabilities, but if I do, the scan will be more thorough and may uncover additional information and problems.

By clicking on the vulnerability, I can see more details about it and even some recommended solutions by the system on how to remediate it.


There are other vulnerabilities such as Trace route information which from my research it means that the host accepts ICMP, and trace route information can be seen. This is not necessarily a vulnerability but something to be aware of.




The virtual computer will next be configured such that it can receive authorized scans, after which I will give Nessus my login information and attempt a new scan in order to compare the results.

Activating the remote registry in services.msc is what Nessus advises doing in order to do authorized scans on window hosts that are not part of the domain. This enables the scanner to access the registry and search for unsafe configurations. Next, make sure that file and printer sharing is enabled.


Then I went to user Account control Settings and set it to never notify. This is not recommended on an actual corporate computer but since the computer is not on the domain I have to use this to able to scan it.


Lastly I had to go to the registry editor, then I went into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. In this folder, I create a 32-bit DWORD called LocalAccountTokenFilterPolicy and set the hex data value to 1 and then restart the Virtual machine.At this point I am ready to rescan the computer but with credentials.


I am now expecting more result with this scan since the scanner now has credentials so its able to enter the computer and dive deeper to find more vulnerabilities.


In contrast to before, the scan now has 16 critical vulnerabilities and 44 highs. This proves to me that the scan was effective and that a deeper dive was indeed taken. This demonstrates that credential scans may be advantageous since they generally perform better.

If I go to the Remediations tab it shows me ways to fix some of the issues. Because most of the vulnerabilities come from Windows or internet browsers, an update would most likely fix a large portion of the issues. If this happened in a company, my first thought would be to have third-party patching and Windows OS patching set up properly, tested, and deployed on a regular basis to prevent this type of incident. There is also a category called VPR Top Threats, which appears to be the system's opinion on what should be remedied first.

Now before I go about remediating any of the issues I will first install an older version of Firefox and do a rescan once again. The new scan should discover a lot more vulnerabilities with the old version of Firefox.

To install a deprecated version of Firefox on the VM, follow these steps:

  1. Download the deprecated version of Firefox from the Mozilla FTP server (https://ftp.mozilla.org/pub/firefox/releases/).
  2. On the VM, open the downloaded Firefox installer and follow the prompts to complete the installation process.

The latest version has more critical vulnerabilities and some mixed about Firefox

My current strategy is to address as many concerns as possible. I want to run Windows updates until the system is fully updated, then either remove Firefox totally or update it to the latest version.

From this lab, I have gathered that one of the primary benefits of Nessus is its ability to identify a wide range of vulnerabilities across different platforms and technologies. Whether you are running a Windows or Linux environment, Nessus can scan your systems and identify vulnerabilities such as missing patches, weak passwords, and misconfigured services. By regularly conducting scans with Nessus, you can ensure that you are aware of the vulnerabilities present in your systems and can take steps to mitigate them before they can be exploited by attackers.

In conclusion, Nessus is a powerful and feature-rich tool for performing vulnerability assessments and identifying security weaknesses in a network. By regularly scanning systems and analyzing the results, one can identify and prioritize vulnerabilities and take steps to mitigate them before they can be exploited by attackers.

Using Nessus can help improve an organization's security posture, reduce the risk of data breaches, and demonstrate compliance with regulatory requirements. With its wide range of scanning capabilities and customizable options, Nessus is a valuable asset for any security professional.

Comments

Post a Comment

Popular posts from this blog

Active Directory Home Lab

Image
In this lab, I'll be utilizing Oracle VirtualBox to run an active directory. I'm undertaking this lab to learn more about Windows networking and how Active Directory functions. Installing VirtualBox will be the first step in getting the virtual machines up and running. I'll next install Windows 10 and Windows Server 2019 isos, which I'll use to set up two different virtual machines with two different operating systems. The domain controller, which will host the active directory, will be the first virtual machine. I'm going to give this virtual machine two network adapters, one for connecting to the public internet and the other for connecting to VirtualBox, which will act as a sort of virtual private network for the clients   After creating the virtual machine, I'll install Server 2019 on it and then assign it an IP address for the internal network. The external network will automatically obtain IP addresses from the home network. I can tell if the adapter is
Read more

TightVNC and Colasoft Packet Builder Lab

Image
 Welcome to the remote access and packet analysis lab! In this lab, I will learn how to perform remote access using TightVNC and how to use Colasoft Packet Builder to analyze IP packet headers. The first part of this lab will focus on using TightVNC for remote access. TightVNC is a popular open-source remote desktop software that allows us to access and control a computer from a remote location. This can be useful in a variety of situations, such as when you need to access a computer that is not physically located near you, or when you need to provide technical support to someone who is not in the same location as you. To use TightVNC, I will need to install the software on both the computer that I want to access remotely (the server) and the computer that you will use to access the server (the client). Once the software is installed, I can start the TightVNC server on the server and the TightVNC viewer on the client. The viewer  prompts me  to enter the IP address or hostname of t
Read more

Lab 2 Access Controls

Image
  Like usual I start by opening the page and seeing what it has to offer in terms of any vulnerabilities. I then go to robots.txt because it often has information about admin pages that could be found. If it not found there then I would probably try to brute force the admin pages. In the robots.txt I found that they don’t want crawlers on the /administrator-panel. This is an admin panel that a normal user might not have access to. But it is always good to try in case the website doesn’t have any verification or security when it comes to accessing unauthorized pages. The page is not checking to see if I am authorized to access the page as such it gives me full admin access right away. I then deleted the user without ever having to sign in or have any type of admin authorization.
Read more