Nessus is a vulnerability scanner developed by Tenable and there are two versions of it: Nessus Home and Nessus Professional. In this blog, I will guide you through the process of performing a VA against your network using Nessus Home. However, organizations should not be the only ones conducting VAs against their network average home users should also conduct vulnerability assessment against their network. It is recommended that you conduct a VA against your organization’s network every quarter, and if your organization follows certain policy and standards, such as PCI DSS, VA is a requirement. VA is a process of identifying security vulnerabilities in a system. If you work in the field of Information Technology, you have probably heard of Vulnerability Assessment (VA). In order to do that, I recommend creating a service account for Nessus to use.Part One of a Two-Part series Introduction Blank passwords: A user account may use a blank password to authenticate on the domainīefore setting up an Active Directory Starter Scan with Nessus, you’ll need to provide Nessus with Domain Admin credentials in the form of ADSI.Primary Group ID integrity: A potential backdoor using the Group ID has been found on a user account.Dangerous trust relationship: No security mechanism has been activated on a trust relationship allowing lateral movement across AD domains.Kerberos KRBTGT: The Kerberos master key is too old and could be used as a backdoor.Null sessions: The Anonymous or Everyone group is part of the “Pre-Windows 2000 Compatible Access” allowing null session attacks.Unconstrained delegation: Unconstrained delegation is allowed on a computer account allowing potential credential theft.Non-expiring account password: A user account may never renew its password.Kerberos pre-authentication validation: The Kerberos pre-authentication is disabled on one user account leading to potential credential theft.Weak Kerberos encryption: The Kerberos encryption is too weak on one user account leading to potential credential theft.Kerberoasting: A Domain admin or Enterprise admin account is vulnerable to the Kerberoasting attack.For some reason, it is difficult to find detailed information on this template, however, according to a blog post from Tenable, this scan runs the following ten checks on your Active Directory configuration: Included in Nessus is a scan template called “Active Directory Starter Scan”. While Tenable does have a separate Active Directory security product called Tenable.ad, one capability of Nessus (as well as their enterprise solution Tenable.io) that is very rarely talked about is scanning the Active Directory configuration for vulnerabilities. The Nessus vulnerability scanner from Tenable is a widely known tool for conducting vulnerability assessments of networks and devices, such as workstations, network gear, and servers.
0 kommentar(er)
