Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody josh here welcome back to my channel i do a lot of videos on it cyber security education and career things and today's video is going to be on vulnerability management we're actually going to be doing a vulnerability management lab where we install an ss essentials we install vmware workstation player and set up windows 10 inside of a vm install some old deprecated software on it and then we're going to be doing some vulnerability scans against that virtual machine to kind of discover any vulnerabilities that might be on there and then we're going to go ahead and remediate one or two of those just so we can kind of observe what's happening i figured this would be a good video to do because there's like quite a few vulnerability management jobs on on linkedin and i've gotten i've gotten a lot of spam from recruiters for these type of positions and actually the last real job i had i was the vulnerability management program manager for king county here in washington state so i kind of did this on an ongoing basis for a while basically what vulnerability management is continuously assessing your assets discovering vulnerabilities remediating them to an acceptable risk and then kind of starting the process over and over again to kind of make sure the risk in the whole organization is low or at least an acceptable level so i think if you kind of watch this video and practice it a few times you can get pretty good at it and get an idea of how vulnerability management might work in like a larger corporation this is definitely something you can put on your resume it might look something like this so it will definitely help you out so yeah if you're excited to learn vulnerability management consider smashing that like button and let's get started so the first thing we're going to do is go ahead and download and install vmware player now you probably want to have like a semi-decent computer enable to be able to do this maybe like at least eight gigabytes of ram and maybe a dual core or something but if you don't know about any of that just try to go ahead and do it and if something fails then it fails i suppose but go ahead and download vmware player i'll put a link to this in the in the description um just download for windows i'm not gonna do it again because i already have it but just go ahead and like click this download it and install it you can see mine started downloading i'm just going to go ahead and cancel this and then while you're waiting for vmware player to download we'll go ahead and download the windows 10 iso that's basically a file that'll let us install windows 10 onto our virtual machine so again i'll put a link to this in the description as well but just go ahead and go to it and then you'll go to where it says create windows 10 installation media and you'll say download tool and with this when this downloads just go ahead and open it don't be surprised if this takes a while to like start up and download so we'll just say accept and then we're going to click create installation media we want to get an iso file so we'll say next this looks good and we're going to say iso file be sure to select this and then we'll just choose where it goes like this nice xp pro iso that i have go ahead and put it in a folder just remember what folder you put in so i'll just save it to my c underscore isos folder and then we'll wait for this to finish and while this is going we can actually download and install uh nessus essentials which is going to be going to be the vulnerability scanner that we use to actually conduct our scans so i'll put a link to this in the description as well but you can probably find on google and just basically like fill this thing out after you fill this out you'll be able to download it and it will send like a key to your email so just go ahead and actually i'll just do it just fill this thing out cool so it will send an email um inside of your email i can't show it because it has a key and like i don't know so inside of your email there'll be like a button that says uh download nessus and then there will be a key go ahead and click the button to download nessus and it will take you to a page that looks like this and just click on nessus and we already have an activation code it should be in your email so we'll pick the one for this one it says windows server 2008 blah blah blah and then it says 10 in here so we'll download this just say agree and then you know download it anywhere and then meanwhile remember in the background windows 10 should be still downloading virtual vmware player might be downloading still too so we just have to install that on your own i'm not going to show it on the screen because i already have it installed here we are at the tenable setup so we just say next accept and just accept this location and then go ahead and install it and then say finish and then it's going to kind of um show this like socket up here like localhost in the port um i would recommend saving this url because it's it's kind of annoying if you lose it so just save it in like a notepad somewhere or something like this and then we'll say connect via ssl and just say advanced and then say proceed and this takes a while to set up the very first time it has to like initialize and install things and i assume download a whole bunch of definitions or something like this so just go get like some coffee or something while you while you wait for this to happen because it will take a while to do and we're going to say nessus essentials it's essentially free you can read the i guess license agreement if you want but we're going to install essentials and then just fill this thing out and we'll get an activation code i believe i have one already um it should have emailed it to you actually it should have emailed the activation code to you so maybe skip this and then just paste the activation code that was that was in your email that you already received and just continue and then this is where you're going to set up a username and password just make sure you don't forget this it might be troublesome you know if you forget it you'll have to reset it or something like this so just uh set up a password i guess and this this is a part that takes a while so just you know go get coffee or sandwich or something and we will meet back here okay so while this is still installing and initializing and doing everything it needs to do let's go ahead and set up our virtual machine since this is going to take some time anyway so by now you should have downloaded and installed um vmware workstation player so we'll just go ahead and open this up and check on your windows 10 iso download it should be finished by now as well maybe it looks something like this and then it shows you like where it's at the ci so it's windows or yeah wherever you put yours so just take note of this and we'll say finish cool and then we're going to create a new virtual machine inside of vmware workstation player we'll go to player and then file and then new virtual machine and then for the installer we're going to say browse and then we'll just browse to wherever you downloaded the windows 10 iso so this could probably be named something better but that's okay so we'll say next and just name this something appropriate this is fine this location's fine i guess you can change it if you want so we'll say next maximum disk size um this is fine we're not gonna really put anything on it i'm just gonna put set mine at 50 and then we'll go to customize hardware and for memory like if you don't know how much ram you have maybe just like leave this as it is i'm going to increase mine a little bit i'll increase this a little bit if you don't know about your cpu just leave it as is but we do have to change the network adapter we should change it to bridged without explaining too deeply bridge kind of puts this virtual machine on the same network as your actual physical computer so your nessus implement implementation can talk to the virtual machine more easily this looks good we'll close this and this is good power on after creation we'll say finish kind of move tenable to the side and then after the vm finishes getting kind of created it's going to launch and then we're going to have a chance to install windows be sure to press any key to boot into the iso when it asks and if your cursor is gone you can see in the lower left it says like press control alt to release your cursor and then you can get your cursor back so we're just going to install windows 10. so we'll just say next install and say i don't have a product key you can close this message down here and just pick windows 10 pro and say next and we'll say accept say next and say custom and then this is our blank hard drive so click on that the only one you can click and just say next and then this will take some time to install too so i'll kind of come back when one of these finishes cool so it looks like both finished now i'll just finish setting up the vm i will say yes and us and skip and for nessus we'll just kind of uh we'll close this thing here and then we'll we'll just kind of wait on this until we finish setting up the virtual machine and we'll say set up for personal use next and then we'll say offline account limited experience and then just name i don't know just name it like admin and put make a password but just remember what it is make it like something simple because we're going to use this later for the credentialed scans so just remember what it is it's troublesome you know if you forget it just make up make up something for these if it asks you this is just like you know a junk vm no one cares say no for all of these things not now cool okay now everything is totally set up we have our vm here and then we have our nessus essentials set up and ready to go so for now we're just going to do a kind of basic scan against the virtual machine there's we're going to do a credentialed scan later which i'll kind of explain but i just want to make sure we can scan it and make sure we can kind of get some kind of result back so before we do that i'm going to go to the vm and like get the ip address from it so go make sure to go to the vm not your actual computer but go to the vm click start open up command line and then we will type ipconfig just to get the ipv4 ip address and we're going to ping this from our local machine just to make sure that we can reach it i guess essentially so open up the command like command line on your pc and we will just say we'll just ping this ip address so we'll just say ping 10.0.0.189 and then we'll do dash t which means like perpetual ping like keep going forever until we cancel it and we see like it's it's timing out so we just have to disable the firewall on our virtual machine here you might not want to do this in production it just depends on like what other controls you have in place so we will minimize this we'll go to our vm here and then we will type wf.msc it's this windows firewall microsoft something console can't remember so we'll open the firewall and we're just going to do a lot of this stuff for our lab so we'll go to defender firewall properties and just on these first three tabs we'll just turn all three of them off like domain profile off private profile off public profile off and we'll just say okay here the firewall is off and then we notice that the ping is kind of going through on our our local computer here so we can press control c to cancel this and we'll just copy this ip address this is the ip address of our vm we will close this and then this is um our nessus essentials essentially it's it's like a web app essentially so we'll go back to this and then we're going to create a new scan so we'll just do a basic network scan here and so we'll just name it like i don't know windows 10 single host something like this and then for targets we'll just paste this is our our virtual machine's ip address so we'll just kind of paste it in here we don't really need to change anything else on here we're just going to do like a manual scan but you you know take note that you can do like a scheduled scan if you're working in an organization you want to scan like every x days or like every tuesday or something like this or scan common ports support scan all ports obviously all ports going to take longer you can customize it there's a bunch of settings that you can kind of explore in here on your own and there is um there's also this credentials page which we'll get into in a little bit but basically you can we won't do this yet but you can enter credentials in here like the username and password that we made when we created the virtual machine and then the scanner will kind of go into the machine more deeply and like look through the registry and the file system and like more things and the reason for this is you can kind of discover more vulnerabilities if you have like deprecated software or insecure services or something like this running this is what this kind of credential the credentials page is for but right now we're just going to do like a basic network kind of port scan it's not going to be too deep just want to make sure we can scan it and get some kind of information back so we have our ip address and we will just say save we'll remove this credentials oops and then just say save and then this is our this is our scan um it's not running it's just kind of like a scan that's configured that we can run in the future so we'll just go ahead and click launch now and launch the scan and i believe you can you can kind of sometimes see the progress of it like if you click it you can see you know what it has done so far it makes like little logs and then the findings will kind of be on this page but we can just go back click back to my host and then back to my scans and we'll just kind of wait for this to finish cool so we can now see that our scan has finished over here um says like today and there's like a check mark so we can just kind of click this to look at the individual results for it and you can see like down here like blue is info green is low medium it's yellow etc and depending on the organization you work for like a lot of people a lot of orgs like won't even depending on what they are a lot of orgs won't even like really touch medium or lows because they have like so many criticals and highs that kind of take precedence and because we didn't use any credentials for our scan we don't really see that much of what might be actually vulnerable inside the vm but we do see like some things here so we can click we can click vulnerabilities up here and just kind of look through these a tiny bit we can see like smb signing is not required if that's something that your org cares about you can kind of read about it here more and consider like implementing implement implementing the solution to kind of remediate this vulnerability there's other kind of interesting things in here trace route information it's listed as info means it means it's not could not necessarily be a vulnerability but just something you should be aware of that you can see tracer information which means like icmp is accepted on this on this particular host and down here we can see target credential status by authentication protocol and it says like nessus was not able to successfully authenticate to the remote target because we didn't actually provide any credentials and we can see that down here um smb was detected on port 445 means it's listening on 445 but we didn't provide any credentials that's a kind of vulnerability that's a vulnerability scan some basic results so the next thing we're going to do is we're going to we're going to set up the virtual machine to be able to accept authenticated scans and then we're going to provide some credentials to nessus and then we're going to try to rescan the virtual machine with credentials and then kind of compare the results of the new scan which with these ones that we're looking at here so we'll go back to my scans actually we'll go back to the virtual machine here and then we'll open up services.msc and there may be better ways to do what i'm doing like especially if you're in like a corporate environment um i got these steps from nessus the things that they recommend to actually do credentialed scans against windows hosts that are not on the domain so that's that's kind of what we're using here so i'm just going to first i'm going to enable the remote registry remote registry which will allow the scanner to connect to this computer's registry and like kind of crawl through the registry and look for insecure configurations like maybe deprecated cypher suites that might be enabled you kind of enable and disable those in the registry so i'm just going to enable remote registry so our scanner can connect to the registry so i enabled it and i turned it on and then next we're going to be careful when you close this you don't close the actual vm i'm just closing like the window inside i'll close the firewall and next thing i'll enable file and printer sharing so oh it looks like it's possibly already on turn on sharing so anyone with network uh i don't think public folder sharing needs to be on i was going to turn this on but it looks like it's on already turn on network discovery file and printer sharing oh looks like it's already on if yours are not on just make sure to turn the file and printer printer sharing on and then we will go to user account control and this is not good to do um but our computer is not on the domain so we have to do these kind of hack things to be able to scan it so i'll disable this say okay so yes and then we're going to open the registry and then add a key that's supposed to allow the remote account to like connect in and next we're going to connect to the registry and add a key that's supposed to i guess further disable user account control for the remote account we're going to use it to connect to this computer during our scan so just go to start and type reg edit again i got this documentation from nessus i'll put a link to in the description so we will browse to a local machine here so we'll go to local machine software microsoft windows current version policies system and then inside here we'll create a d word called local account token filter policy so local account token filter policy local account token filter policy say enter and then we'll set this value to 1 and we'll close this and we'll go ahead and restart our virtual machine at this point cool and then we'll log in remember our username i made mine admin and then whatever your password is just make sure you don't forget it and we should be ready to scan our computer now we're going to edit the scan that we made so go back to nessus essentials and then we will oh so check this box next to the scan and go to more and then go to configure and then we're going to add a set of credentials to this and we're going to add a windows credentials so we're going to use password and remember our username is admin so if you go to the vm and go to cm cmd and type like who am i um the name is the name is admin right so we'll say admin and then whatever you made the password and i believe i believe we can like leave all these things as default if it breaks i mean maybe we can come back and configure or if it doesn't work we can check it so we'll save this as it is so saved and we'll go back and back to scans and then we'll we'll run this scan one more time when this finishes we'll compare the results with the first scan and technically we should see more results with this one because we enabled credentialed scanning and we kind of configured the vm to accept remote scan so we'll see what happens so i'll just pause this and i'll come back i'll pause the video and come back when it finishes okay it's been a few minutes and it looks like our scan is finished here so we will click on this and we can see like immediately remember last time we we had like one medium and a bunch of infos now we have like seven criticals 38 highs and you know four mediums and a whole bunch more infos it's pretty interesting so before we like really dive into the vulnerabilities and all this i'll just click on history over here really quick and this is the current one and you can see the vulnerabilities down here um you can see you know five percent criticals etc and then if we click on our first scan we can see like we didn't use credentials for this so we couldn't look at the file system or the registry or any other running services or or any of that so you can see this there's like a big difference in doing credentialed scan versus like uncredentialed scans so this kind of like solidifies the importance of running credential scans whether or not you're like scanning cisco devices or like linux machines or like windows machines or macs or whatever if you can use credentials um you can really like discover more vulnerabilities so i'll just click on the vulnerabilities tab here first and we'll just kind of like look at these a little bit we can see like um this this is essentially the list of findings and some of the these are mixed so if we click on this for example we can see it's like a combination of like mostly criticals and highs and you can see it's like mostly edge mostly edge which can probably be remediated from like updating running windows updates essentially and you can kind of look at these individual ones and and dive uh more deep into them to see like what the actual thing is and like how to fix it uh so we can go back a little bit we'll back up a little bit more so vulnerabilities around edge around windows around a bunch of other stuff um if we click on remediations this tab kind of gives us like a high level like instructions on how to like remediate most of the findings from like a really high level basically just like run windows updates is what i'm is what i'm seeing here um so security updates install this kb to fix a bunch of other ones and then all this is pretty much windows updates and this vpr top threats these vpr vpr top threats is essentially what tenable is like recommending we prioritize to remediate probably based on um cvss score and like whatever other metrics they use so like i would say um before like if i were doing this in like a an organization like the first thing you want to do is like make sure you have third-party patching and like windows os patching like set up properly and like properly being like tested and deployed on regular intervals so you don't have to like kind of go through and deal with these like individual vulnerabilities the related that are related to things that can be easily fixed by like augment automated patching and stuff like this so before um i start like remediating these and fixing them i'm gonna install some like deprecated software on this computer like a really old version of firefox and then we're gonna kind of run another scan and then observe the results from that as well so i'm gonna get this old version of firefox i'll put a i'll put a link to it in the description i was gonna say i'm worried about doing that but i'll put a link to it in the description it's really old from six years ago apparently so we'll just download this uh firefox 3612. and make sure to do this make sure you're doing this in the virtual machine don't accidentally do it on your on your computer and that's what i'm actually doing so make sure to go to the virtual machine so we'll open up edge in our virtual machine and then we'll paste oh no i can't paste it i'm just gonna search like download deprecated firefox i shouldn't i shouldn't use the word deprecated i'll say download old firefox and i think i can click here and do it if you want to downgrade directory i'll go to directory of all old ones and then i'll get 3612. this is random by the way you can get any old version that you want i'm just using this one because i i did it already um win32 uh en us and i'll get this so we'll open this and then install this super old version of firefox we'll say next standard sure and then sure we can launch it i guess uh yeah why not cool so this is old old firefox so now we have an old firefox on our computer so we'll close this this is our virtual machine remember here's firefox and then so we will go back to our scans here this is on our host machine and this is nessus so we'll go back to our scans and we don't need to change our scan anymore we'll just click launch and it will just run another scan it will do the same thing scan all scan the common open ports inspect the registry inspect the services and then inspect the file system it's going to discover this old deprecated version of firefox there's like a million vulnerabilities in it probably so hopefully we'll we'll see that reflected in the scan results when this finishes here in a couple of minutes okay it's been a couple more minutes and our scan is finished so we can click on this again and we'll see like our our vulnerabilities like went up to 68 critical now so before we kind of dive into these again we'll check out the history just so we can see like a trend in these so this is the first one in the bottom here we can see only info no credentials provided second one is our credentials provided and we you know we have a little bit more we have some criticals discovered in some highs and then we installed firefox like a really old one and then this is our current scan there's like a bunch more criticals whole bunch of criticals so we'll go to the um rem the vulnerabilities tab here and then we can kind of see this one at the very top mixed with firefox and total count of like 141 so if we click on this it's just absolutely chuck full of criticals just because that version of firefox is like so old it has so many vulnerabilities and it's not like you have to like go through like fix each one of these one at a time you can either just like upgrade firefox to the latest one or just like completely uninstall it and it will remediate the vulnerabilities so we can click remediations we pretty much see the same thing as last time except for um at the very top now we have a recommendation to upgrade firefox and then again this vpr top threats we have this uh kind of firefox in here again history first scan no credentials second credentials default windows install third scan firefox old firefox whole bunch of whole bunch of vulnerabilities that need to be remediated so the next step we're going to we're just going to try to remediate as many of these vulnerabilities as we can by doing like really simple things like we're just going to uninstall firefox totally and then we're going to just essentially like run windows updates until there's no more updates to that need to happen essentially so we'll go to our virtual machine here and then we can go to appwiz.cpl that's like a kind of shortcut to go to the this thing so we can go to firefox i'm just going to uninstall it to be honest uninstall firefox and then i'll go to windows update and let's see i guess i'll just manually check for updates i'll leave the settings to like whatever they are and then you can do this too just keep like running windows updates and res you might have to like restart and then run it again then restart and run it again i'll pause this and i'll i'll just kind of like let the updates happen then i'll come back to it again okay it updated for a while and it's asking for a restart so just go ahead and restart and repeat the process okay when it comes back up just go ahead and log in again and go to up windows updates again and just click check for updates one more time just to make sure okay it looks like it's installing some more so i'll go ahead and pause this and kind of let this continue so it actually looks like the updates are done so we'll go back to nessus go back to my scans and we'll run our scan one more time so we should expect to see a lot of the remediations done there should be a lot less highs and criticals like firefox should be gone like all the windows updates should be no longer required but we will let this finish and then check it out in a couple of minutes or for you it will be instantly because i'll edit this out so our last scan has finally finished so let's check this out so we'll click on this and before we like really dive in deep we can kind of see there's some some highs and some criticals and highs but we'll go to history over here and this is our current scan and this is the last scan right here before we uninstalled firefox and before we updated windows so we can see there's quite a bit more mediums quite a bit more sorry there's quite a bit more criticals quite a bit more highs so current after after removing firefox and running windows updates and then b4 so there's quite a bit less and this this scan right here this is the default install of windows and then this is the current one after updating windows so current or default and then current so we can kind of dive into these like a little bit it looks like the remaining vulnerabilities um most of them are around microsoft edge it looks like maybe windows update didn't update edge for some reason uh we can check this one a bunch of highs um i can't read these microsoft 3d viewer base 3d code something maybe this is some like native app that's installed oh yeah it is so it looks like there's some like random stuff that's still on this virtual machine that maybe it's like out of date or or something like this and you can just kind of look through this i won't like do any further remediations because this video is getting kind of long so but maybe you could consider you know figuring out exactly like how to update microsoft edge or like uninstall it if you're allowed to do that like i don't know but yeah it's pretty interesting um to kind of experiment with this and like install like really old stuff or me maybe even like get a hold of like a windows xp iso and install windows xp right and scan that and see what kind of like swiss cheese scan results like come back it's like going to be absolutely full of holes but yeah that is vulnerability management those are kind of like the really kind of the core components of vulnerability management just like scanning and remediating scanning and remediating but you know a lot more goes into it because you have to have like you know when you work at a big organization you usually will make some kind of standard and like policies and procedures and you have to kind of bring all the departments in and work with the individual groups to like get credentials for all their individual resources or maybe you use like a domain account to scan everything and it it gets a little bit more complicated when you're in a large organization but this is this is pretty much the guts of it just like scanning stuff finding vulnerabilities and then essentially remediating them you want to automate it as much of it as you can as possible like like updating like the third-party apps like windows update and in this kind of thing and you want to have like a secure build standard so like make sure the build is like already like remediated and like secure enough before it goes into production to kind of reduce the amount of vulnerabilities that get introduced but now that you've kind of like watched this you have a pretty good idea i would say of how vulnerability management works so you can you know practice this a bunch and consider like reading up on how to implement vulnerability management on like a large organization then you can like put something on your resume that might look something like this and then go ahead and start applying to jobs that are looking for like vulnerability management engineers or vulnerability management analysts or like whatever they're calling him because it's a relatively like straightforward process it's pretty easy technically speaking like the hard part about vulnerability vulnerability management usually comes from like dealing with the humans and like getting everyone to like coordinate that's like really difficult yeah i hope you enjoyed this um you thought if you thought it was interesting you know i'd appreciate if you liked and consider subscribing and if you have any questions or comments criticism please like let me know in the comment section i 100 read all the comments every time i respond to everybody's comment if you feel like supporting me i do have a patreon but other than that thank you so much for watching and we will see you in the next video bye [Music] you
Info
Channel: Josh Madakor
Views: 2,846
Rating: undefined out of 5
Keywords: nessus vulnerability scanner, nessus, vulnerability scanner, how to use nessus, josh, josh madakor, vulnerability management, vulnerability, nessus essentials, vulnerability remediation, remediation, nessus tutorial, vulnerability management tutorial, vulnerability tutorial, remediation tutorial, cyber, cybersecurity, cyber security, cyber security tutorial, vulnerability management lab, nessus example, how do you set up nessus, nessus demo, nessus vulnerability scanner tutorial
Id: lT6Px9zJM3s
Channel Id: undefined
Length: 28min 21sec (1701 seconds)
Published: Thu Oct 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.