Hat tip to LifeHacker for posting about Nessus.
I figured I’d give it a go on my network, and see what could be found. I’ve worked in a previous life with Security Remediation, and while not fun it’s a necessary evil now. I do this for fun, and I know as my lovely fiancee tells me repeatedly, I am a giant nerd.
The download and installation was simple enough, and I spent more time downloading and installing Windows Server 2016. I’m hoping to have a Foreman Installation up and running soon that will automate my Windows Installs. It’s easy enough to template a Windows 2016 VM with vSphere, but I’d like to learn another skill with Foreman and Puppet.
Installation was straightforward
- Create an Administration Account
- Enter your key. Hint remember to put the Dashes in as the GUI does not add them for you.
- Download the Nessus Definitions and initialize, note this takes a while.
It took a good twenty minutes between download and initialization.
Pretty simple, select New Scan and Pick one. I chose Basic Scan, told it to hit my entire subnet, and away it went.
The scanner works pretty quickly and by clicking on the Name, and you can see the results in real time. I do have a fair amount of vulnerabilities to look into, some of which I know about and some of which I wouldn’t. It’d be a fun exercise to try to clean and secure my environment.
Some are also useless. For example, the below Warning popped up. All the devices are Routers or other networking gear so you would expect that to be the case. I guess it’s good to have if the device turns out to be a server. It’s also nice to see that Nessus tells you how to fix the vulnerability.
Sometimes Nessus does its best but fails pretty miserably. I’ll give it credit that the device below is indeed a printer.
Total scan time for about 30 devices, which are a mix of Linux, Solaris, and Windows, with a mix of other network devices, took about 30minutes.