Story Transcript
Vulnerability Assessment with Nessus
Author Dr. Padmavathi Ganapathi Dean-School of Physical Sciences and Computational Sciences Professor Department of Computer Science Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University) Coimbatore-641043 Tamil Nadu INDIA. Co-author Mrs. S. Karthika Assistant Professor Department of Information Technology Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University) Coimbatore-641043 Tamil Nadu INDIA. 1
Vulnerability Assessment with Nessus Author (s) Padmavathi Ganapathi a*, S. Karthika b a
Dean - School of Physical Sciences and Computational Sciences, Professor - Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University), Coimbatore, Tamilnadu, India. b
Assistant Professor, Department of Information Technology, Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University), Coimbatore, Tamilnadu, India.
First Edition 2022 ISBN: 9798886848632
@Copyright (2022): Authors. The licensee is the Publisher (Notion Press).
2
Preface Digitization has taken over the technology sector to a considerable extent. Security becomes the central point of focus for business organizations. Designing active security mechanisms for Data and network infrastructures must be their utmost priority. One of the most effective approaches to secure the network architecture is to analyze vulnerabilities. Vulnerability assessment is the earliest step in defending a System, Network, Database, and application vulnerabilities and misuse. Conducting a vulnerability assessment confirms the efficiency of current security precautions, as well as system updates and upgrades. Not only that, but an absolute assessment also ensures that no vulnerabilities are neglected by providing a systematic methodology for detecting and eliminating security threats. This book is primarily intended to provide comprehensive view about the process of Vulnerability Assessment, its objectives, importance, and the methodology to be carried out. The key objective of the book is to introduce and review different automated tools available to conduct Vulnerability Assessment process. Nessus is one of the automated security scanning tools. This book demonstrates how to work with Nessus to discover vulnerabilities, misconfigurations, and other security weaknesses in any network infrastructure. Kali Linux platform is used to conduct the study. Scanning results generated are presented and the reports generated will be useful for the security professionals to recommend appropriate mitigations and to develop and suggest a security model to handle threats.
PADMAVATHI GANAPATHI Dean-School of Physical Sciences and Computational Sciences Professor - Department of Computer Science Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University) Coimbatore-641043. 3
Acknowledgement The authors would like to thank the authorities of Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University) for their support and encouragement for bringing out a study material useful to the students, research scholars and other cyber security professionals. This book is an outcome of the project sanctioned by DST-CURIE-AI, the Department of Science and Technology Scheme for Women Institution. The authors acknowledge Centre for Cyber Intelligence – a project under Centre for Machine learning and Intelligence, sponsored by DST.
4
Table of Contents Chapter Chapter 1
Particulars Introduction to Cyber Intelligence and Vulnerability Assessment
1.1
Cyber Intelligence and Vulnerability Assessment
1.2
Security Content Automation Protocol (SCAP)
1.3
Most Common Security Vulnerabilities
1.4
Types of Vulnerability Assessments
1.5
Objectives of Vulnerability Assessment
1.6
Importance of Vulnerability Assessment
Chapter 2 2.1 Chapter 3 3.1 Chapter 4
Vulnerability Assessment Methodology Methodology Vulnerability Assessment Tools Types of Vulnerability Assessment Tools Downloading and Installing Oracle VirtualBox, Kali Linux and Nessus
4.1
Downloading and Installing Oracle VirtualBox in Windows 10
4.2
Downloading and Installing Kali Linux on Oracle VirtualBox
4.3
Downloading and Installing Nessus on Kali Linux
4.4
Nessus Essential – Installation guide
Chapter 5
Performing a Scan with Nessus Essential
5.1
Run a Scan using Nessus
5.2
Methodology to run a scan with Nessus
5.3
Steps to run a Discovery Scan
5.4
Steps to run a Basic Scan
5.5
Steps to run a Basic Scan on other host in the network
5.6
Steps to run an advanced Scan in Windows10 machine
5.7
Steps to run an Advanced Scan in Kali Linux Machine
5.8
Steps to run a Network Scan 5
5.9
Steps to run a Ransomeware Scan
5.10
About Section in Nessus
Chapter 6
Report Generation
6.1
Basic Scan Reports
6.2
Advanced Scan Reports Summary Objective Type Questions Activities Answer to the Objective Questions References
**************************************************************************************************
6
Chapter 1 Introduction to Cyber Intelligence and Vulnerability Assessment Introduction Most of the businesses today adopt a sophisticated IT infrastructure as it can help in optimizing the business performance and can provide a competitive advantage. When the business becomes more prominent, the IT infrastructure may become the target for cyberattacks. Cyber Intelligence can provide improved solutions in dealing with cyberattacks. Vulnerability Assessment is one of the use cases of Cyber Intelligence. Vulnerability Assessment is a systematic review process to identify vulnerabilities in system, networks, hardware components such as router, software applications, and other parts of an IT infrastructure. This chapter provides an overview about Cyber Intelligence and Vulnerability Assessment types, objectives and importance of Vulnerability Assessment.
1.1.
Cyber Intelligence and Vulnerability Assessment Cyber attacks are becoming more sophisticated day by day. Hackers are getting smarter and
more inventive with advanced software, and many people are still baffled about how they get over virus scans and firewalls. The various types of cyberattacks are Phishing, Password attacks, DDoS, Man in the Middle attack, Malware, Password attacks, Malvertising, Rogue Software, and Drive-By downloads. A mechanism like CyberSecurity is required to safeguard the users from all of these intrusions and ensure that the data does not fall into the wrong hands. CyberSecurity is a set of procedures used to secure the integrity of the networks, to protect the data and programs from various attacks, damages, or unwanted access. Cybersecurity may aid in risk management and help in preventing cyber attacks, data breaches, and identity theft. Today's CyberSecurity sector faces various obstacles, including constant and sophisticated threat performers, regular flow of irrelevant data and fake alarms from multiple and disconnected security structures, and a severe scarcity of experienced experts. Some business organizations try to integrate threat data streams with their network but are not sure about what to do with those excessive data. Such massive data may add the workload to the analysts and they may lack the skills to decide on what data to be prioritized and what data to be disregarded. These challenges can be addressed by a cyber threat intelligence system. Cyber Intelligence is the knowledge that learns threat data and gives information on adversaries. It helps the users in the detection, prevention, and mitigation of cyberattacks by providing data on attackers, their motivations, and capabilities. Threat intelligence enables firms to be proactive rather than reactive in the face of potential cyber-attacks by providing predictive skills. It is hard to battle cyber-attacks effectively without understanding security weaknesses, threat indicators, and how threats are carried out. Threat 7
intelligence is based on facts and gives context such as who is attacking the IT infrastructure, what’s their motive and skills, and what indicators of system penetration to look for. This kind of information will help the user to make informed security decisions. Security professionals can prevent and contain various cyberattacks quickly by using Cyber Intelligence. Machine learning is used in various processes such as data collection, data processing, incorporate with existing solutions, receive unstructured data from multiple sources, and derive logical inferences by granting context on signs of compromise and threat actors TTP ie.Tactics, Techniques and Procedures. Vulnerability Management is one of the use cases of Cyber Intelligence and can be defined as a process of discovering, classifying, analyzing, prioritizing, treating and reporting security weaknesses in digital assets and network infrastructures. This is a continuous process that requires scanning to examine continuously various vulnerabilities to ensure and fix the flaws. The first step in resolving security flaws is to recognize them primarily. This can be done by Vulnerability Assessment. This process is a one-time security testing procedure to be done with a prearranged start and finish date which helps in finding the gaps and weaknesses in networks, endpoints, and applications. Let us discuss the important terminologies one-by-one.
(i) Vulnerability National Institute of Standards and Technology, US defines vulnerability as “A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.” In other words, Vulnerability is, o
A bug in coding or a weakness in any software design that can be exploited to cause potential damage. The exploitation possibly will take place through an authenticated or unauthenticated attacker.
o
A flaw in security procedures or a weak point in internal controls that may end up with a security breach when exploited
Vulnerability is a weakness in a computer system, or in a server or in a software application that can be exploited by the attackers to attain a target such as data theft, data corruption or denial of service.
(ii) Vulnerability Assessment Vulnerability assessment is the process of discovering potential threats and vulnerabilities in a system, device, application, network and in any other components of the IT infrastructure. To safeguard against various security threats, organizations need to constantly monitor the IT infrastructure.
8
(iii)Vulnerability Management Vulnerability Management can be defined as a process of dynamically identifying and repairing potential security flaws in a network. The main objective is to repair the identified flaws before an attacker utilizes them to compromise security. There are some common steps in Vulnerability Management process. They are, A. B. C. D.
Identifying Vulnerabilities Evaluating the Vulnerabilities Treating the Vulnerabilities Reporting the Vulnerabilities
A. Identifying Vulnerabilities The vulnerabilities can be identified by scanning a system, a network, a database or an application. The scans can be done with the help of Vulnerability scanners, also known as Vulnerability Assessment tools. Vulnerability scanners can detect a wide range of networked systems, including the computer systems like laptops and desktops, all types of servers, firewalls, network components such as routers and switches, databases and other devices such as printers. Different information about Operating System, installed software applications, various user accounts, file system structure, ports that are opened, system configurations, and other features can be obtained from identified computers. This information will be used in associating known vulnerabilities with scanned computers. Vulnerability scanners will make use of a vulnerability database that consists of a list of well-known vulnerabilities to accomplish this association. Vulnerability scans must be configured correctly as part of a vulnerability management solution. B. Evaluating the Vulnerabilities Once the vulnerabilities have been identified, then they must be reviewed in order to address the risks they pose in compliance with the risk management plan of an organization. Each vulnerability will be given different risk ratings and scores by Common Vulnerability Scoring System, which is a kind of Vulnerability Management Solution. The scoring will be helpful to the organization in prioritizing the vulnerabilities. C. Treating the Vulnerabilities After evaluating and designating a risk, the further work is to decide how to address it. Vulnerabilities can be addressed in a variety of methods, including Remediation, Mitigation and Acceptance. Vulnerability management solutions give recommended vulnerability remediation strategies. In some circumstances, a remediation recommendation may not be the best strategy to address 9
vulnerability. In those cases, the best remediation solution must be chosen and provided by the team of security professionals of an organization. D. Reporting the Vulnerabilities Vulnerability management solutions often include a number of configurable reports and dashboards for exporting and displaying vulnerability scan results. This helps IT teams to figure out the remediation strategies which will aid them in fixing the identified vulnerabilities with very minimal amount of time and effort. It also helps the team of security professionals in tracking vulnerability trends in various parts of the network over time and aids in meeting the compliance and regulatory needs of an organization. Vulnerability Assessment is typically a part of a complete Vulnerability Management system. To gather more information for the Vulnerability Management action plan, organizations will probably conduct multiple Vulnerability Assessments. The organizations may use a method called Security Content Automation Protocol (SCAP) for automating vulnerability management and policy compliance evaluation.
1.2.
SCAP
Security Content Automation Protocol is a set of open standards that lists various software weaknesses, security-relevant configuration problems, and product names. Also it measures the computer systems to detect the existence of vulnerabilities and provides mechanisms to designate ranks to the results so that the impact of the identified security issues can be assessed. The high-level components of SCAP are,
CVE - Common Vulnerabilities and Exposures: Each CVE describes a particular vulnerability that could lead to an attack.
CCE - Common Configuration Enumeration: A collection of security configuration concerns for a system that can be utilized to create configuration regulations.
CPE - Common Platform Enumeration: These are standardized ways to describe and identify various types of Operating Systems, devices and applications in the environment.
CVSS - Common Vulnerability Scoring System:
This is a Vulnerability Management
system which assigns severity scores to each defined vulnerability. The severity or risk score can be used to prioritize repair efforts based on the threat. The severity of the score ranges from 0 to 10, with 10 being the most serious.
10
1.3.
Most Common Security Vulnerabilities
Open Web Application Security Project lists out the common vulnerabilities. According to the project report, the common vulnerabilities are,
The following are the few more vulnerabilities listed in the annual Acunetix web application vulnerability report 2021.
11
The Common Vulnerabilities and Exposures (CVE) can be found in the following websites.
www.cvedetails.com
https://cve.mitre.org/
https://nvd.nist.gov/
In www.cvedetails.com website, one can search for a CVE by entering a CVE id, product, vendor or vulnerability type. The vulnerabilities are listed out as,
Vulnerabilities by Date
Vulnerabilities by Type Figure 1.1, 1.2, 1.3, 1.4 and 1.5 show the CVE details by date, year and type.
Figure 1.1 : Screenshot of CVE details
12
Figure 1.2 : Vulnerabilities by Date
Figure 1.3 : Vulnerabilities by year
13
Figure 1.4 : Vulnerabilities by Type
Figure 1.5 : Vulnerabilities by type chart
14
In www.cve.mitre.org website, all the security weaknesses are listed out in three categories. They are,
by Software Development
by Hardware Design
by Research Concepts
Figure 1.6 and 1.7 shows the list of weaknesses by CVE website.
Figure 1.6 : View of List of Weaknesses by CVE website
Figure 1.7 : CVE Home
15