Skip to content

Nessus Vulnerability Management Lab

Jump to bottom
Ethan Troy edited this page Nov 6, 2024 · 1 revision

featured

Create a Nessus Vulnerability Management Lab

Overview

Tenable Nessus is one of the most widely used vulnerability scanners on security assessment engagements. Creating a lab environment is a great way to learn how to use Nessus, test configurations, and simulate scans against different devices and systems. This lab will enable you to experiment with Nessus in a controlled setting, providing valuable hands-on experience without the risk of affecting production systems. Additionally, it serves as a useful resource for training purposes, enabling students or team members to practice and learn about identifying and remediating vulnerabilities.

Benefits of This Lab

  • Gain hands-on experience with Nessus scanning in a safe environment.
  • Understand how Nessus works and its outputs, even if you do not perform scans every day.
  • Improve skills relevant to roles in vulnerability management, which is crucial for organizations today.

Lab Objective

Create a vulnerability management lab using an Ubuntu machine and set up Nessus to scan a Windows 10 virtual machine.

Table of Contents

  1. Preparation Steps
  2. Setting Up the Lab Environment
  3. Nessus Scanning
  4. Remediation Steps

1. Preparation Steps

The lab can be performed on most operating systems, but here, we will use an old Dell running Ubuntu. The steps can be adapted for Windows or Mac as needed. If you need detailed instructions for doing this on a PC, check out this helpful video: Setting Up Nessus Lab.

Download Necessary Software

  1. Download VMware Player: VMware Workstation Player
  2. Download Windows 10 ISO: Windows 10 ISO
  3. Download Nessus Essentials: Nessus Essentials

Note: If you are running a Windows host machine, select the appropriate Nessus installer. For Ubuntu, download the Debian package.

2. Setting Up the Lab Environment

Install VMware Player

  1. Make the VMware .bundle file executable: 
    chmod +x VMware-Player.bundle
  2. Install VMware Player by running the bundle script: 
    sudo ./VMware-Player.bundle

Install Nessus Essentials

  1. Install Nessus Essentials on Ubuntu:

    cd Downloads
sudo apt install ./Nessus*_amd64.deb

  2. Start the Nessus service:

    sudo systemctl enable --now nessusd
sudo systemctl status nessusd
sudo ufw allow 8834

  3. Access Nessus in your browser by visiting: https://localhost:8834/#/. Input your activation code, and choose Nessus Essentials.

Set Up Dummy Windows Virtual Machine

  1. Set up a Windows 10 virtual machine in VMware Player using the Windows 10 ISO.

Ensure Connectivity Between Host and VM

  1. Run ipconfig on the Windows VM to get its IP address.
  2. From your host machine, ping the Windows VM IP address (the initial ping will likely fail).
  3. Lower the firewall settings from within the Windows VM to allow incoming pings.
  4. Ping the IP again, and confirm successful connectivity.

Note: Some additional configuration steps might be needed, but in the past two lab runs, they were not necessary due to the Windows VM's pre-configuration.

3. Nessus Scanning

Basic Scan

  1. Use the IP address of the Windows VM as the target for a basic Nessus scan. This initial scan helps establish a baseline of vulnerabilities.

Credentialed Scans

  1. Perform a credentialed scan by adding the Windows VM user credentials in the Nessus scan configuration.

  1. To allow Nessus to perform deeper scans, enable Remote Registry from the Windows Services interface.

  1. Open Registry Editor and add a DWORD:
    • Create LocalAccountTokenFilterPolicy and set its value to 1.

  1. Restart the Windows VM and run the credentialed scan again to see more detailed results.

Why Credentialed Scans? Credentialed scans provide a deeper view of system vulnerabilities, simulating what an attacker could see if they had stolen valid credentials.

Install Deprecated Software on Dummy Windows VM

  1. Why Install Deprecated Software? This step mirrors real-world scenarios where old software can create vulnerabilities. Download and install an older version of Firefox: Firefox 3.6.12.

  1. Run another scan to observe the increased vulnerabilities caused by outdated software.

Try This: Look at the findings in Nessus and identify which deprecated components are contributing to high-risk vulnerabilities.

4. Remediation Steps

  1. Remediate Vulnerabilities: Use the findings from your Nessus scan to practice remediation:
    • Remove Deprecated Software: Uninstall old Firefox.
    • Update Software: Ensure Windows, Chrome, and any other software are updated to the latest versions.
    • Patch Vulnerabilities: Address vulnerabilities highlighted by Nessus, especially high-risk ones.

Deep Dive: For some CVEs (Common Vulnerabilities and Exposures), you may need to conduct additional research to understand the remediation steps fully.

Example Remediation

  • For vulnerabilities related to deprecated software, download and install the latest version from the official vendor's website.
  • For Windows services with weak configurations, ensure proper security settings are applied (e.g., disabling unnecessary services).

Important: Always test your remediation actions in a lab environment before applying them to production systems to avoid potential disruptions.

Summary

By completing this lab, you gained hands-on experience with setting up a vulnerability management environment using Nessus. You practiced conducting both basic and credentialed scans, identified system vulnerabilities, and took steps to remediate them. These skills are invaluable for anyone pursuing a career in vulnerability management or cybersecurity.

Feel free to experiment further by adding more virtual machines to your lab or by simulating more complex network environments!

Reflection Question: How might you expand your lab environment to simulate a larger corporate network, and what additional tools could be useful for scanning and vulnerability management?

Clone this wiki locally