Lab 3 | Using Vulnerability Assessment Tools



Lab 3 | Using Vulnerability Assessment Tools

This labs theme was around utilizing OpenVAS and MBSA vulnerability scanners to allow us to view where our system is weak to attacks. 

We started up scans in both OpenVAS & MBSA, both provided to offer a rather simple process that resulted in the desired scan for our environment.



The first result back was from MBSA showing that our WIN10-WS carried a severe risk whilst also showing that WIN2016-DC & WIN2016-MS could not complete their scan which also alludes to a problem.

Shown below are the results for WIN10-WS, comparatively to the tutorial I did not get the same issues that were described although I had a couple others that reared their head due to previous activity in the last lab, firstly automatic updates are disabled, having this disables is a poor decision especially in a network environment where users who are not aware and do not have automatic updates enabled will simply never get updates to their OS, this can leave them with operating systems that are significantly out of date without security patches that fix vulnerabilities discovered by malicious entities over time.

WIN10-WS also carries multiple administrator accounts from the previous lab, this is more of a minor security risk as it could be intentional but as we can see if the domain admin was not aware of this then this security report would be notifying them of a security breach.


Below is the security report for our WIN2016-DC, our domain controller.

We can see that our domain controller has the guest account enabled, this is generally poor practice as it allows anyone to log into the domain controller and execute scans. Having such an exploit possible on a server that is responsible for active directory is not advised as it is an extremely critical system to a domain environment.


Next, we are looking at the report produced by greenbone, although the scan was only 1% complete at the time we can see that it has provided us with relevant details already including one high-severity vulnerability within port 445 on the 10.1.0.1 machine. This software appears to provide the different perspective than MBSA which speaks to the importance of using multiple software to assess your security posture instead of relying upon one source.


Below circled in red is a possible filter option that allows us to check if our system is vulnerable to a specific known exploit, this may come into play if there is news of a new widespread exploit that is relevant to your system, this feature would allow you to verify your systems integrity against this and take proper action if required.

Lab Questions

Ex 3 | 5

Click View existing security scan reports. What issue would you need to log from viewing this output?

I would pay attention to both the severe risk and the incomplete scan reports as both are of concern, severe risk more than an incomplete scan.

Ex 3 | 9

Browse through the remainder of the report. Apart from enabling Automatic Updates, is there anything that should be changed to improve the security posture?

 There are multiple actions we can take to improve security posture including:

  • Limiting the system to only one administrator account
  • Setting user passwords to expire over a period of time
  • Ensuring users have strong and secure passwords, not simple

Critical Thinking & Analysis

This lab has taught me about the importance of using software to assess your security posture, through this, we were made aware of potential holes in our system that we would not have been made aware of unless we manually looked through our system whilst also knowing what to look for. There is also great merit in using multiple programs to assess this as they may have different specialities or levels of depth when assessing your system, greenbone provided a far more in-depth look into the potential vulnerabilities whilst MBSA covered more of the basic windows settings related exploits.

Comments

Post a Comment

Popular posts from this blog

Lab 7 | Implementing Public Key Infrastructure

Image
Lab 7 | Implementing Public Key Infrastructure The following lab is designed to help us become more familiar with the basic concepts of cryptography and partake in the process of implementing a public key infrastructure.   We started by inspecting elements inside the certificate authority, interesting to learn was that the certificate authority contains a certificate the authenticates itself, issued by itself. If subordinate CA's were produced they would instead have certificates issued by this CA instead of themselves, I also learnt that root CA's are typically kept offline unless they have actions they need to perform, this further solidifies a networks security posture. We inspecting multiple elements of a certificates authorities & the lab text gave informative information on many of them. Next, we undertook the tasks of implementing a certificate ourselves. We created a certificate in our VM that is hosting the classroom website, ...
Read more