Images seem small in the page, but can be clicked to expand.
This project is based on Josh Madakor's "Nessus Tutorial". The goal of this project will be to improve our understanding of vulnerability scanning and vulnerability remediation. We will be using Nessus Essentials to scan a local virtual machine running the Windows 10 Enterprise operating system. We are going to run credentialed scans to discover vulnerabilities, remediate them, and finally rescan to verify.
As previously mentioned, our target system will be running the Windows 10 Enterprise operating system. Thus, our first step was obtaining the ISO. To do this, we go on Microsoft's website and download the 64-bit Enterprise ISO.
We then give Virtualbox the ISO, and go through all the standard configuration steps. This includes allocating space (in my case, 75 gigabytes), memory (8 gigabytes), and processors (6 cores).
After this setup, we go through Windows' setup steps. Then, we have our functional virtual machine.
Next, we proceed to obtain Nessus Essentials by filling out the form to get an activation key.
After obtaining this key, we proceed to the download page and download the application.
After downloading the application, we see this page.
After proceeding through the steps and utilizing our activation code, we see this page.
This confirms that our webapp is functional.
The first step towards establishing connectivity between our host and guest system is to set the guest system's network adapter to host-only.
We also need to disable Windows defender. We do this by going into the policy settings.
We then disable the three profiles' firewalls, domain, private, and public.
This allows us to communicate between them. This can be verified with a simple ping test.
As we can see, the host system can talk to the guest system. This means we can proceed with vulnerability scans.
As previously mentioned, this is the page we see with Nessus.
To begin, we press the "New Scan" button, and that brings us to this page.
We are going to use "Basic Network Scan", and fill out the page provided.
The IP address we gave as a target is that of our guest system.
Note the "Credentials" page, we will be using that later. For now, that is all the settings we will change.
Pressing "save" brings us to this page, where we can see our newly created scan.
We are going to go ahead and run this scan.
Once completed, we come across this screen.
This "Hosts" screen gives us a high-level overview of the scan results. When we go to vulnerabilities, we get a more specific view of what was found.
When we click on the specific issues, we can get an even more specific analysis. For example, if we click on "SMB Signing not required", we see this.
This is a basic introduction into scanning. Our next step is to ensure that Nessus can properly crawl through our system.
Some modifications need to be made to ensure Nessus can properly search through our system. The first thing we need to do is enable remote registry. We do this through services.msc.
I proceed to find it, enable automatic startup, and start the service.
Next, we ensure network discovery and file/printer sharing are on, through the Control Panel.
We're also going to add a key to registry editor to allow the remote account to connect.
At this point, we restart our virtual machine.
After rebooting our machine, we need to modify Nessus to have credentialed scans. We provide it our login credentials so it can search through our virtual machine. We do this by going into the aforementioned "credentials" tab and filling out the information so it can properly search through the machine.
After running the scan, we can immediately see significantly more vulnerabilities.
Upon clicking on the "Vulnerabilities" tab, we can see more specifics.
As we can see, the issues are grouped into folders for us. Upon clicking on one of them, "Microsoft Edge" for example, we can get a closer look into these issues.
Similarly to before, we can click on each of these vulnerabilities to see specific information about them, along with their solution. A majority of them would be solved with a simple update.
If click on the "Remediations" tab, we can get a high-level overview of what would solve a large number of our vulnerabilities.
Naturally, these are solid options to harden your device.
Before beginning remediation, we're going to install some deprecated software to introduce new vulnerabilities. Our software of choice is going to be Firefox. We find an old version of it, download it, and set it up on our computer.
Now that we have an artificially induced vulnerability, we will re-do our scan. Once it's completed, we immediately see more critical vulnerabilities.
It's clear that the deprecated software massively exposes the system to threats. Upon taking a closer look at the "Vulnerabilities" tab, we can see the "Mozilla Firefox" fjolder, with an astounding 181 vulnerabilities.
Of those related vulnerabilities, nearly half of them are critical.
Looking at the "Remediations" tab, we can see that one of the suggested fixes is updating Firefox, with a massive 1885 vulnerabilities related to it.
We're now going to proceed to remediation.
Our first step in remediation is accessing "appwiz.cpl", which takes us to the "Uninstall or change a program" screen.
With this screen, for simplicity's sake, we're going to uninstall Firefox.
Our next step will be to update the device to grab security patches from Microsoft.
After updates are complete, we re-run our scans.
We can immediately see a massive reduction in amount of vulnerabilities.\
Before:
After:
This concludes the lab.