Using Nessus To Scan Systems To Identify Vulnerabilities And Implement Solutions

In the 21st century, were seeing more and more jobs and tasks becoming automated as technology advances. Everything from Cashiering, to Art, to even Coding. Even the Cybersecurity field has it’s own automated tools to help do our jobs! One such tool that Cybersecurity Professionals use to help them find Vulnerabilities in all of their systems is called Nessus Essentials made by a company called Tenable.

As always, let me start with a general overview of the technology that I’m working with. Then I can start explaining my project and gradually go into more detail on how everything works!

What is Nessus Essentials?

I called Nessus Essentials a Vulnerability Scanner, but what exactly is that and how does it work?

Think of a Thief scouting out a house he’s trying to break into. He’s posted in his car across the street with a pair of binoculars trying to scope out any way that he might be able to get in, and writing down anything he finds that can help him. He sees a window left open of the first floor, a key left under the mat someone used, and the family seems to be gone between 8:00 A.M. and 5:00 P.M. The Thief makes a list of everything he sees and plans to use it later.

This is what Nessus does! You can point it at a computer and, like the thief, it will start making a list of every single vulnerability it can see from the outside. Like an outdated operating system, a default password, a weak password like “Password1”, open ports on the computer, etc… This saves so much time since you dont have to log into the computer and do all of this manually, but this is just the tip of the iceberg.

Lets go back to our thief from earlier. Instead of just lurking next to the house in his car, he put on a suit, walked up to the front door, and used a bit of Social Engineering to convince the family that he was a home inspector from their insurance company, and he convinces them to let him in and look around to make sure that everything “was up to code”. In reality, he’s learning where their safe is, what type of security system they have, any blind spots their cameras may have, or seeing that they leave their back door unlocked.

unlock, hacker, thief-6159921.jpg

As you may have guessed, Nessus can do this too! Its called a Credentialed Scan. Essentially you can give Nessus the Username and Password for a computer, and it can log itself in and get to work inspecting far more than it was able to from the outside. It can inspect every program a computer to see if something is outdated and vulnerable, any missing updates it might need, and find any unsecure information like passwords. Then, like before, it creates a list of everything it’s found and presents it to the user. Additionally, if Nessus knows how to fix the flaws it finds in the systems, it will give an explanation of how to fix the issue it finds.

Installing Nessus On My Home Computer:

Typically when I do these projects, I like to create a new Virtual Machine for everything I’m doing (Check out my Active Directory lab where I give a brief explanation of what Virtual Machines are if you aren’t sure). However, Nessus seems like a great tool for me to use personally to make sure that all of my home computers are as secure as possible. So for the actual Nessus scanner, I am going to be installing it on my home computer. However I still will create a Virtual Machine that I will be running scans on to ensure that everything is set up correctly.

Installing Nessus can be a bit strange for anyone use to getting a new icon on their desktop whenever they install a program. The first step is pretty normal, first you need to go to the Nessus Download Page, and go through the steps it gives to install it. Now for the strange part, instead of that icon I mentioned, it actually brings you to a new webpage. However, Its address may look a bit strange if you aren’t familiar with http protocol. For those curious, the address is “https://localhost:8834/#/”. What’s happening behind the scenes is that Nessus created a website on your own computer that lets you interact with it!

This Instillation process can take a very long time, so you may want to get up and get some coffee if you’re following along at home. (It took me 24 minutes)

Setting Up The Virtual Machine To Be Scanned:

As a quick recap, I am using Oracle Virtual Box to set up my Virtual Machine (VM for short). I get a Windows 10 installer off of Microsoft’s website and I can use it to install Windows on my Virtual Machine. However, by default Windows Defender does block scans like these. This is because, like most tools, Nessus can be used with bad intentions and can be used by hackers to try to find ways to break into systems without permission!

That’s why we need to go into the Windows Defender and disable the Firewall, this will let Nessus find the VM to run the scan. That’s the major change, but there are a few minor changes that need to be made still. (I wont go into too much detail, but if a computer is not on a Domain, you need to activate the Remote Registry service and add in a Registry Key DWORD)

Launching the Scan:

Now all that’s left is to tell Nessus the IP Address of the system we want to scan, which in this case is the Virtual Machine we just set up. Since it’s on the same network all we need to do is tell it what the IP Address of the VM is. There are a few ways to do this but one of the easiest is to open up command prompt on the VM and type “ipconfig”, and the line that says “IPv4 Address” is what were looking for. We can copy that address into Nessus and we can start our basic scan! Going back to our thief analogy, this is him posted out in his car looking at the house from afar since he has no way inside.

Now all we need to do it click Save at the bottom and click the Start button for the scan we just made! This gives us the below results.

Now the scan found a few things, but it certainly wasn’t able to find a majority of the issues. Nor was it able to warn us about the outdated version of Windows that we had installed. However, I’m sure you know how we can fix that at this point. We can run the Credentialed Scan! Inside of the setup for the scan, there’s a place to put our username and password for the VM. Once given the credentials, we can run the scan once again and receive much more thorough results. I’ll click the top vulnerability grouping, and then the top vulnerability in that group, and show them below just to show how detailed and helpful this is!

Default Scan Page

Clicking on the first Mixed result grouping gives us this information

Clicking on the first Critical result gives us this information.

As you can see, especially from the circle on the left of the pictures, we have a much longer list of vulnerability’s that Nessus found that we can patch. However, a majority of these issues stem from 2 things. The first being that the install of Windows 10 is outdated, Microsoft does not keep an up to date installer on their website. The second major issue is that Internet Explorer, the default web browser that came with Windows for years, has been dropped from Microsoft support. This means that it is no longer receiving security patches for all of the new vulnerabilities that are discovered that can let hackers break into you computer through Internet Explorer. (For anyone worried, there’s no need. Microsoft has a new web browser called Microsoft Edge that is still receiving updates.)

Thankfully, since we haven’t installed much on this Virtual Machine, there’s not much to patch! I disabled Internet Explorer from the computer, and when I navigated to the Windows Update screen there were about a half dozen updates waiting for me to start, with another dozen waiting after that. So I hit the update button and left my computer alone to preform its updates.

If you finished your coffee from earlier, you may want to get a refill. This is going to take as long as the Nessus Install.

With that, I successfully made this computer safer to use. Bringing the Thief analogy back one more time, I made sure that all of my windows were closed and locked, that key under the mat was removed, and one of the family members started coming home a random day of the week for lunch so the house wasn’t empty all day every day.

So hopefully, if you took anything away from this article, make sure that you click that Update button when you see it. It usually only takes a few seconds for you, and it will probably make that Thief move on to someone else’s house that hasn’t hit that button yet.

My Thoughts On Learning Nessus:

So of course, no practical computer is going to only have an outdated version of Internet Explorer and nothing else installed on it. This was just an easy way to see what Nessus could do. In reality most computers have dozens of programs on them that could all be outdated. But thankfully, even if its more work, it’s still the same exact process of running a scan, finding issues, and remediating them.

Overall, Nessus Essentials is a FANTASTIC piece of software that I personally think that almost everyone should learn how to use! It’s relatively easy to set up, free, and you can even run it on the computer that you installed it on, just type “localhost” instead of an IP Address. So if your home just has one family computer, you can still make sure that everything on there is as safe as can be.

Personally, after writing this, I’m going to set up a weekly automated scan for my computer that can let me know if anything needs to be patched.

Leave a Comment

Your email address will not be published. Required fields are marked *