Vulnerability management is a crucial practice in information security, involving a cyclical process of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. This practice helps organizations maintain a low overall risk level. To gain practical experience in vulnerability management, I set up a virtual environment for conducting vulnerability scans. This environment included Nessus Essentials, VW Workstation Player, and a Windows 10 virtual machine. By setting up the Windows 10 environment within a virtual machine, I was able to conduct vulnerability scans and remediation exercises in a safe and controlled manner, without risking any harm to a live system.
Prior to initiating the vulnerability scanning process, I ensured that there was connectivity between the local machine and the virtual machine. To achieve this, I first obtained the IPv4 address of the virtual machine and attempted to ping it from the local machine. Initially, the ping request timed out, indicating that there was likely a firewall blocking the connection. In order to establish the necessary connectivity, I chose to temporarily disable the firewall on the virtual machine to allow the ping request to go through from the local computer. It’s worth noting that this action may not be recommended in a production environment, and any such decision should be made based on the other controls in place and the overall security requirements of the organization.
After confirming the connectivity between the virtual machine and the local machine, a new scan was created using Nessus. This initial scan was a basic, non-credential scan. The results of the scan identified a total of 17 vulnerabilities, with one vulnerability having a medium impact. In addition, the scan provided information on 31 aspects that we should be aware of to better secure our system.
After the basic scan was completed, the next step was to perform a credential scan. To do this, the virtual machine was configured to allow authenticated scans. The first step was to enable the remote registry of the virtual machine, which allowed the scanner to connect to the machine and search for any insecure configurations. Next, it was verified that the file and printer sharing settings were enabled, and a key was added to the registry editor to disable user account control for the remote account used to connect to the virtual machine during the scan. By doing this, the scan could proceed without any unnecessary interruptions or prompts.
After implementing these changes, the machine was now prepared to undergo the credential scan. To accomplish this, the appropriate username and password credentials were provided.
The scan produced results that were similar to those obtained previously but with an increased number of information items. Specifically, the scan generated 41 information items, compared to the previous scan’s 31.
The medium-level vulnerability was related to the lack of signing on the Server Message Block (SMB) protocol used by Windows to share files, printers, and other resources between computers. To remediate this vulnerability on the Windows 10 VM SMB signing was enabled as a security mechanism to ensure the integrity of SMB packets during transit and a new DWORD value named to require SMB encryption was implemented. Finally, Microsoft releases security patches and updates to fix vulnerabilities and improve the security of Windows 10. So, the latest updates were installed on the machine to keep the system secure.
Following the implementation of the new security mechanisms, the scan was rerun and the number of vulnerabilities was reduced to just three. Notably, the medium-level vulnerability was successfully eliminated, thanks to the new measures put in place.