During this week we discussed how we can scan systems using nmap and other tools.
Here’s another graphical utility that you can use at home, Nessus Home.
After downloading and running Nessus Home on your home network, what did you find? Did you find anything out of the ordinary, that you didn’t expect?
Vince Kelly says
After downloading and running Nessus Home on your home network, what did you find? Did you find anything out of the ordinary, that you didn’t expect?
I had problems getting Nessus 7.2.1 to output a display on a physical PC that I had installed it on, (the scans ran with no problem but there was just no output that got displayed after it ran). I ended up installing the Nessus 7.0 appliance as Hyper-V VM sitting on an isolated Ethernet segment and using Windows8.1 to log into it.
I had configured 3 VMs on that segment: the Nessus 7.0 appliance VM, a Windows8.1 VM (that I was also using to connect to the Nessus appliance VM) and a Ubuntu 14.04LTS VM that was configured as the router for that segment.
I started out by doing a simple “Device Discovery” scan – Nessus successfully discovered all three boxes. It also showed no Critical, high, medium or low vulnerabilities (ie., the Vulnerability pie chart was all blue) for the Nessus appliance VM
I then launched a “Basic Network Scan” for the entire segment. Although the scan didn’t return any ‘Critical’ or ‘High’ alerts for any of the three VMs, it did show the following:
– 2 medium (yellow), 2 low (green) and 27 Info (blue) vulnerabilities for the Ubuntu 14.04 router.
– There were 2 medium (yellow) and 39 Info vulnerabilities for the Windows8.1 VM (a bit ironic that the Windows VM was slightly more secure than the Linus VM:)
A drill-down on each of the vulnerability medium alrets for the VMs showed the following:
Medium alerts for the Ubuntu VM:
– One of the vulnerabilities flagged was that “IP Forwarding” was enabled (which was expected given that it’s the exit point for the segment).
– The other medium vulnerability that Nessus flagged with the Ubuntu VM was that it was using Weak SHH algorithms – specifically the ‘Arcfour’ stream cipher. Nessus also complained about the Ubuntu VM SSH server having CBC mode ciphers enabled and weak MAC algorithms enabled.
Medium alerts for the Windows8.1 VM:
– Nessus flagged 2 medium vulnerabilities: SMB Signing being disabled and it detected the presence of a Telnet Server.
The only thing that I found out of the ordinary was that I had configured the Windows8.1 VM to turn on a Telnet Server in the past and had simply forgotten to turn it off when I had finished. The Nessus appliance picked that up right away.
Duy Nguyen says
Vulnerability Finding: Medium Impact
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
Solution
Enforce message signing in the host’s configuration. On Windows, this is found in the policy setting ‘Microsoft network server: Digitally sign communications (always)’. On Samba, the setting is called ‘server signing’. See the ‘see also’ links for further details.
Getting the application to register on my VM Kali box was troublesome. The Tenable website was very confusing to navigate for creating a new account and activation codes. Once I was able to do all that I keep getting ‘Insecure Connection’ error and was unable to register my install on the Kali box.
I was able to do everything on my windows 10 main laptop and ran the scan. There were not many vulnerabilities identified. I did not get a chance to customize any type of scans but just ran the Basic Network scans. Most of the findings were just Info type vulnerabilities and 1 Medium level vulnerability.
Looking further into this, the SMB protocol can be used on top of other protocols. This protocol is used for file sharing, printer sharing, and other Windows services access. This definitely should’ve been protected. One of the exploited that uses SMB is WannaCry ransomware.
Brandan Mackowsky says
While running Nessus on my home network, I didn’t find much more than a few moderate issues when running a simple discovery scan. What did catch my attention, however, was me forgetting to turn off my Norton security during the initial scan and how quickly Norton was to react as if my computer were being attacked. Norton claimed that my computer was attempting to attack the system through an intrusion attack so it was interesting to see the block Norton would put in place as well as the remediation efforts that kicked off as the scan tried to scan my local machine based on the IP. Norton seemed to treat the connection path as an attack and eventually blocked direct access to the Nessus Home Platform. What was unique in this was seeing how the Norton Security System reacted during what it thought was a potential breach of my system though an intrusion attack.