Vulnerability Management Lab Guide: Azure & Tenable

This guide walks through setting up a vulnerability management lab environment using free trials of Azure and Tenable.

Prerequisites

• Personal email address (not Gmail) for Tenable
• Different email address for Azure (personal, not work/school)
• 2-4 hours of time for setup and execution
• Basic understanding of Windows administration
• Notepad++ or similar text editor for logging

Part 1: Initial Setup

1. Azure Trial Setup

1. Visit portal.azure.com
2. Click "Start Free" and sign up using a personal email
3. Complete verification (requires credit card but won't be charged)
4. Receive $200 free credit for 30 days
5. Set up budget alert at $150 to avoid unexpected charges
   • Navigate to Cost Management + Billing
   • Create new budget with email alerts

2. Tenable Trial Setup

1. Visit tenable.com/products/nessus/nessus-professional/trial
2. Use non-Gmail email address
3. Complete registration form
4. Download Nessus installer (save for later)
5. Save activation code in a secure location

3. Azure VM Configuration

1. Log into Azure Portal
2. Create new Resource Group
   • Name: "VulnLab-RG"
   • Region: Choose nearest to you
3. Create Virtual Machine
   • Select Windows 10 Pro
   • Size: Standard_D2s_v3 (2 CPUs, 8GB RAM)
   • Username: Choose an admin username
   • Password: Create strong password
   • Configure networking:
     • Create new VNet
     • Allow RDP (port 3389)
     • Allow HTTP/HTTPS (ports 80/443)
4. Enable Azure Security Center (optional but recommended)
   • Provides additional security insights
   • Free tier is sufficient for lab

Part 2: VM Setup and Configuration

1. Connect to VM

1. Download RDP file from Azure portal
2. Connect using VM credentials
3. Allow connection despite certificate warning
4. Create restore point before making changes
   • Open System Protection
   • Create restore point named "Clean Install"

2. Prepare VM for Scanning

# Run PowerShell as Administrator
# Disable Windows Firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

# Configure LocalAccountTokenFilterPolicy
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -Type DWord -Force

# Create log directory for documentation
New-Item -Path "C:\VulnLab" -ItemType Directory

3. Install Tenable

1. Transfer Nessus installer to VM
2. Run installer with default settings
3. Access Nessus via https://localhost:8834
4. Complete initial setup using trial activation code
5. Update Nessus plugins before first scan

Part 3: Vulnerability Assessment

1. Create Baseline Scan

1. In Nessus, create new "Basic Network Scan"
2. Target: localhost
3. Enable DISA STIG compliance checks
4. Configure advanced settings:
   • Enable thorough tests
   • Set scan window to unlimited
   • Enable all STIG profiles
5. Save and run scan
6. Export baseline results in both PDF and CSV formats

2. Create Vulnerability

1. Download and install Firefox v110
2. Enable Guest Account:

# Enable Guest Account
Net User Guest /Active:Yes

# Document changes
Get-Date | Out-File -Append C:\VulnLab\changes.log
"Enabled Guest Account" | Out-File -Append C:\VulnLab\changes.log
"Installed Firefox v110" | Out-File -Append C:\VulnLab\changes.log

3. Compliance Testing

1. Run second scan
2. Compare results with baseline
3. Document new vulnerabilities
4. Create vulnerability matrix:
   • Severity levels
   • CVSS scores
   • Affected components
   • Potential impacts

Part 4: Remediation

1. Fix Vulnerabilities

# Document start of remediation
Get-Date | Out-File -Append C:\VulnLab\remediation.log

# Uninstall Firefox
wmic product where "name like 'Firefox%'" call uninstall
"Firefox uninstalled" | Out-File -Append C:\VulnLab\remediation.log

# Increase Security Event Log Size
wevtutil sl Security /ms:4194304
"Security log size increased" | Out-File -Append C:\VulnLab\remediation.log

# Disable Guest Account
Net User Guest /Active:No
"Guest account disabled" | Out-File -Append C:\VulnLab\remediation.log

# Rename Guest Account
wmic useraccount where "name='Guest'" call rename "Visitor"
"Guest account renamed" | Out-File -Append C:\VulnLab\remediation.log

2. Verification

1. Run final scan
2. Document improvements
3. Export results
4. Compare all three scans:
   • Initial baseline
   • Post-vulnerability
   • Post-remediation

Part 5: Documentation

1. Create spreadsheet tracking:
   • Initial vulnerabilities
   • Remediation actions
   • Final vulnerability state
   • Time spent on each remediation
   • Risk levels before and after
2. Generate executive summary
3. Document lessons learned
4. Create recommendations for:
   • Future vulnerability prevention
   • Ongoing monitoring
   • Security policy improvements

Best Practices

• Always use strong passwords
• Keep detailed notes of changes
• Take screenshots for documentation
• Remember to shut down Azure resources when not in use to preserve credits
• Document all changes in log files
• Create system restore points before major changes

Troubleshooting Guide

1. Nessus Connection Issues:

   • Verify service is running
   • Check port 8834 is open
   • Restart Nessus service

2. Scan Failures:

   • Check network connectivity
   • Verify credentials
   • Review scan logs

3. Azure Connectivity:

   • Verify NSG rules
   • Check RDP configuration
   • Confirm VM is running

Cleanup

1. Export all logs and documentation
2. Stop VM in Azure portal
3. Consider deleting resources if lab is complete
4. Save all documentation and results locally
5. Archive results for future reference

Additional Learning Opportunities

1. Experiment with different scan policies
2. Try scheduling automated scans
3. Create custom STIG checks
4. Practice writing vulnerability reports
5. Explore Azure Security Center integration