How To Use Nessus 5.2 Vulnerability Scanner Security Center Tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone I am Ovey Ovey Ovey during calm and today we are going to talk about Vanessa's vulnerability scanner Nessus is developed by a company called tenable network security and it is free of charge to file for personal use in a non enterprise environment if you do work in an enterprise then you have to purchase on necess and the price goes for about 1500 dollars a year Nessus allows scans for many types of vulnerabilities for example they include vulnerabilities that allow a remote hacker to control or access sensitive data on the system miss configuration for example open mail relays missing patches etc it can also detect the null so service against the tcp/ip stack by using mangled packets or it can also help you prepare for a PCI DSS audit and many other things too as well like finding botnets and malware on your computer now to download necess we're going to go to google you're going to type on neces home and you're going to click on this link Nessus home link now that's going to take you to a registration page you need to register because they're going to send you an activation code which you're going to need in order to activate nexus so you're going to put in your first name last name email address make sure that you insert a good email address country of origin check these check boxes and then click on register now to download necess you're going to go to products click on the nexus varner ability scanner here up on the top right you're going to see a download link click on that and select the operating system that you're going to install necess on in my case I'm going to install it on a Windows 7 machine so I'll choose Windows and choose the version that applies to you in this case I as I said I have a Windows 7 machine I'm going to download the 32-bit version if I had the 64-bit version then I will choose this one but I'm going to go ahead and click on that click on agree save the file to your computer I've already done that part so I'm going to skip this and double click on your downloaded file and install it once nessus is installed you're going to see this window welcome to necess and you're going to have to cut connect via SSL by clicking on this link right here after you click on that you're going to see the following window the welcome to necess file window go ahead and read this the instructions here and then click on get started immediately after that you're going to see another window and that's the initial account setup here you're going to choose a login name and a password it could be anything but make sure you remember it or write it down because that's what you're going to use to log into nessus from that point on click on next then you don't get to this window this is a plug in feed registration now you need to go to your email and you're going to copy the registration code that was forwarded to you and you're going to paste it here then you're going to click Next here if you have any proxy settings you can go ahead and insert it there in my case I don't I didn't have any so I just went ahead and skip this step click Next then you're going to see this window the registry Nexus window then click next after that you're going to see this this window and what this is doing it's a it's going to fetch all the plugins for Nats Nessus and it's a disk DISA this can take about 15 to 20 minutes once all the plugins are installed you're going to see this window Nessus is initializing and finally you're going to see the nessus sign-in page so let's get out of here and let's go ahead and login to necess so you're going to go to all programs scroll all the way down to the bottom click on a tenable network security then click on necess and then click on the nexus web client click on continue and here it is this is the Nessus login page so go ahead and login and this is what necess looks like it's a this is an html5 and before you do anything else you're going to have to create a policy so click on policies up on top then click on the new policy button and here you see all the plugins that are they come with necess 5.2 s default here you have the host discovery basic network scan credential patch audit web applications test windows malware scan mobile device scan PCI audits and advanced policies for this tutorial or review we're just going to do the basic Network scan now we're going to name this policy you can name it anything you want visibility we have two options private and shared I'm going to leave it as default private you can add a description if you want click on next here we have to scan types internal or external I'm going to leave it as default internal click Next and here we have the authentication method by default because this is a Windows machine it already selects window for me however if you had a Linux or Mac then you will have to select SSH but we're going to leave it at windows go ahead and insert your credentials if you have a domain you can insert that now in my case I don't so go ahead and check these two boxes remote registry service and the admin shares click on save and that's it that's my policy right there now in order to to do the scan you have to click on scans and create a scan so here's the new new scan button go ahead and click on that and I want to name this scan the same as I named my policy just to make it easy these are all the policies that created before you can save your skin on any folder in your computer well not the computer all unnecessary ated several folders before but I'm just going to leave it as default on my scan targets you can scan an individual host or you can do multiple hosts in my case I'm going to go ahead and do every host on my network and now I'm just going to click on launch and there it is it's doing the basic scan right now it's running and this should take about maybe 10 to 15 minutes but as you can see I've already done for scans today and if you click on one of them let's choose this one for example I'm going to show you what a scan report looks like and this is it this is my scan report for my network as you can see it has a nice pie chart and you have red it means critical orange means high yellow means medium green means low and blue means informational so if you if you find vulnerabilities make sure that you take care of your criticals first before you do high medium etc and according to the skin I have this is my router by the way I have 15 medium vulnerabilities seven low vulnerabilities and 52 informational that's my these these are my computers on my network and it even picked up my android wireless device which is this one the very last one and yep let's say that was my Android so let me go back and as I said this is my router let's take a look at what this is medium medium vulnerability SSL Certificates cannot be trusted that probably means that I need to update my router with a new firmware and I should definitely do that today or tomorrow so if I click on this it'll give me a description of the issue and a solution and also this is the plug-in output so this is what a scan looks like so I'm going to go back to host now if I wanted to print out a report there are many ways than this does it this is the just go ahead and click on the export button up here as you can see there there are five different ways for you to print your report my favorite is PDF or HTML so let me go ahead and print an HTML report just to show you what it looks like and I have three options the executive host and plugin reports so if I click and drag this one to the report content my report will only contain the executive information if I can drag these over if I wanted to it's more information per report but I'm going to go ahead and only print the executive reports instead it's a little quicker much faster so click on export how's my firewall by the way and this is what the executive report looks like House summary and they break it down by server medium low informational plugin ID the name etc that's House number one host number two all the way through five and so that's what a vulnerability report looks like let me go back to the main page if you wanted to add a new folder just click here type in the new folder name and once you click on save it'll show up here on the Left menu so that's pretty that's pretty much it this was a short review of the necess owner ability scanner I hope you like this video thanks for watching again I am Ovey Ovey Ovey Teran calm thanks again
Info
Channel: Ovi Duran
Views: 161,698
Rating: 4.8470588 out of 5
Keywords: Vulnerability Scanner (Software Genre), Nessus, Ovidio Duran, OviDuran, Tenable Security, Information Assurance, Computer Security (Industry), Cyber Security, Computer Security (Software Genre), cissp, software security, scan computer, nessus scan, scanner, security center, nessus installation, vulnerability scanner tutorial, Technology, System, Tutorial (Media Genre), cyber threats, vulnerability scanner, vulnerability assessment, vulnerability scanner nessus
Id: r_pDVhNoYr0
Channel Id: undefined
Length: 13min 42sec (822 seconds)
Published: Sun Jan 26 2014
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.