The primary objective of this vulnerability management lab is to gain practical experience in identifying, prioritizing, assessing, remediating, and verifying security vulnerabilities within systems.
- A Computer
- An Internet Connection
Let's try to ping the guest machine from the host.
We see it doesnt work, our request kept timing out. This is because the Firewall on the guest machine is still active at this time. So, for the purpose of this Lab,
I will be turning off the firewall on the virtual machine.
NB: This act is solely for this project lab, it is best practice to keep your firewall running.
These three profiles are to be turned off:
- Domain Profile
- Private Profile
- Public Profile
When we ping it again, we see it works. Consequently, Nessus will be able to reach the host when we begin our scan.
Here I am going to perform an unauthenticated scan against the host, and we will see how it compares to an authenticated scan.
So from my host machine, I will login into Nessus, which I am utilizing for this project.
Click 'create a new scan'
Select 'Basic Network Scan'
Name the system, in my case it's a Windows 10 and insert the IP address in the 'Target' box, then save.
After creation of the scan, Click the little play button to begin scan.
The scan is underway
Once the scan was done, it showed a lot of information to take note of, however for the low and medium severity classifications theres a single vulnerability each.
Firstly, I will configure the guest machine to be able to accept aunthenticated scans and provide Nessus with the credentials for the machine, so it can go into the machine, and have a deeper dive scanning for vulnerabilities.
- Enabling Remote Registry This will allow the scanner to connect to the computer registry and crawl through the registry and search for insrecure configurations.
Changed the 'Startup type' from Disabled to Automatic, applied and then clicked Ok.
Remote Registry is now running.
- Sharing Settings
I made sure that File and Printer sharing is on.
- Disabling User Account Control
- Registry Editor (key addition)
The addition of this key will further disable user account control aiding Nessus to connect in during the scan.
The path I will insert this key: "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
- Restarting the machine, so all the changes made can take effect.
- Windows Update Status
Seeing that the windows is up to date, we wouldn't not be seeing much vulnerabilities being picked up during our scan.
Thus, I will be installing very old versions of Mozilla Firefox and VLC media player (each with multiple vulnerabilities) before running the credentialed scan.
- Softwares Downloaded and Installed.
- Providing Nessus with the credentials.
Selected the scan and configured.
- Performing a new scan after providing the credentials for the guest machine to Nessus. At the end of the scan. We see alot more criticals and highs.
The first image displays the results from the intial scan I did, which was unauthenticated and the second is that for the scan I performed with credentials coonfigured.
A significant bulk of these vulnerabilities can be remediated by uninstalling and/or updating outdated software, and running multiple windows updates unitll there's no more updates to run.
I will address the vulnerabilities for others, however lets look at the contents of the top four mixed results.
- Uninstalling outdated software.
- Updating Softwares
Here are some among others I did update.
- Updating Windows
- Fixing Missing Registry Keys
Thank you!.