Nessus Vulnerability Scanning and Management Lab
In this project I created a Windows 10 VM using VMWare and exposed it do a number of vulnerabilities including deprecated software. I then use Tenable Nessus Essentials to perform both a credentialed and non-credentialed vulnerability scan. After reviewing the results and identifying vulnerabilities, I performed a series of remediation steps to secure my virtual environment and protect against potential attacks.
Below I'll walk you through the series of steps I performed in order to complete this project.
To begin this project, I first downloaded VMWare Workstation 17, as this is where my virtual lab enviornment would be.
On the Tenable website, I downloaded Tenable Nessus 10.6.4 for Windows and began to set it up with my information and activation code.
Through the Microsoft website, I proceeded to download a Windows 10 ISO file that I would use as my disk image to spin up my virtual machine in VMWare.
Next, in VMWare I selected "Create a new virtual machine" and selected the Windows 10 ISO file. I also performed the following configurations.
- 50 GB Disk Space
- 2048 MB of virtual memory
- 2 processors
- Bridged Network Adaptors
After successfully setting up Windows on my virtual machine, I typed "ipconfig" in Command Prompt" to get the IPv4 address of my VM.
Once I had the IP address of the VM, I pinged it using the "ping" command on my local machine
As seen in the image, the ping request timed out.
I needed my machine to be reachable in order to run a scan against it, so to resolve this issue I disabled the Windows firewall in my VM.
Once Windows Firewall was disabled, I ran ping again to see if it was able to go through.
In the image we can see that the ping request is able to successfully go through and recieve a reply from the VM.
Now that I knew my VM could be reached with ping, it was time to run my firt non-credentialed vulnerability scan to gather any information I could.
To do this I selected the "Basic Network Scan" option and input the target IP address which is the address I pinged previously.
After a few minutes I could see my scan results.
Here we see very little results, nothing super critical or important. Next, I wanted to run a credentialed scan to see the difference in results and create a baseline.
In the Services app, I enabled and started remote registry in order to allows the scanner to connect to my VMs registry and crawl through it to look for insecure configurations.
Next, I opened the Advanced Sharing Settings and made sure my file and printer sharing were enabled.
My next step was to open User Account Control and change notifications to never notify. Typically this isn't good to do, but since we aren't on the domain, we need to do these hacks to scan the computer.
Finally, I opened Registry Editor and added a key that further disabled account control for the remote account I used to connect to the VM during the scan. To do this I went to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System > Create a new DWORD value called "LocalAccountTokenFilterPolicy" > changed the value to 1
Now that all of these configurations are in place, I went back to Nessus and modified my existing scan settings using my VMs Window credentials.
Once I saved these credentials, I re-ran my scan. After a few minutes my results were ready.
In order to add vulnerabilities to my VM that I can later remediate, I proceeded to install a very old version of Mozilla Firefox on my VM.
After Firefox was successfully installed, I re-ran my scan in Nessus.
In the image we can see significantly more vulnerabilities than before. Navigating to the remediations tab, I can see the solution provided is to update Firefox.
To remediate the vulnerabilities found in the scan, I went in my VM and performed some patch management with Firefox by updating it to the latest software version. After doing this, I also went into Windows Update and allowed Windows to install all updates it had. Once that was complete I restarted my machine.
After performing my remediations, I ran one final scan in Nessus.
My results showed that I successfully remediated the previous vulnerabilties and restored my VM to the security baseline set earlier.
This project truly enhanced my skills in vulnerability management and allowed me to gain hands on experience with Nessus, one of the industry leading vulnerability scanners. In this project I was able to run credentialed and non-credentialed scans against a VM hosted in VMWare. I was also able to identify vulnerabilities and successfuly remediate them, improving the overall security of my virtual enviornment.
Thank you for taking the time to read through these detailed steps of my Vulnerability Management Lab.