Vulnerability Management: Scanning And Remediation

Objective

The objective of this lab was to establish an environment conducive to scanning machines within a network for vulnerabilities. A dedicated Windows 10 virtual machine instance was deployed as the target system, while the host machine hosted the Nessus Essentials vulnerability scanner. Network scans were conducted on the susceptible target machine from the host, mimicking real-world scenarios. This practical exercise gave me significant insights into vulnerabilities, scanning techniques, and network security protocols.

Skills Learned

• Proficiency in using Nessus Essentials for vulnerability scanning, including optimizing scan parameters.
• Analytical skills to interpret scan results and prioritize vulnerabilities by severity.
• Understanding of network protocols and their associated vulnerabilities.
• Awareness of compliance requirements for vulnerability management.
• Ability to document and report findings effectively.

Tools Used

• 𝗡𝗲𝘀𝘀𝘂𝘀 𝗘𝘀𝘀𝗲𝗻𝘁𝗶𝗮𝗹𝘀 - A vulnerability assessment solution that includes remote and local (authenticated) security checks.
• 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝘅𝗰𝗲𝗹 - A spreadsheet program to save and analyze numerical data.
• 𝗩𝗶𝗿𝘁𝘂𝗮𝗹𝗕𝗼𝘅 - Software that provides isolated environments for development and experimentation.

Demonstration Video

Steps

• Nessus Essentials vulnerability scanner is installed on the host machine

• Checking the IP address of the target Windows 10 Virtual machine and pinging to confirm connectivity

• Performing a basic network scan on the Win10 VM

• Analysis of the result shows that not many vulnerabilities were identified

• Performing the scan again with the system credentials added

• The scan identified more vulnerabilities compared to the one before

• Installing outdated software to make the target machine more exposed

• The scan reveals that the machine is in a critical zone

• Remediating the vulnerabilities by updating the system and software

• Exporting the scan results into an MS Excel file

Return To Homepage