How to Identify Vulnerabilities - Ft. Nessus Vulnerability Scanner
Introduction :
In today's article, we are going to learn how to identify vulnerabilities and exploits on any server. In our test case, we have a windows server 2012 and we will be using Nessus which is a vulnerability scanner to scan for any known vulnerabilities present on the machine.What is Nessus Vulnerability Scanner?
Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. In our case, we have a test machine which is installed with windows server 2012 and we are going to test it.How to use Nessus Vulnerability Scanner?
Step 1: Get Nessus installed and fire it up!
Nessus usually is installed on localhost and thus localhost in browser followed by the port number works well to access Nessus. You may have to log into Nessus with the username and password that is provided while installation.
Step 2: New Scan in Nessus
You can start a new scan by clicking on the new scan buttons. You can also create multiple scans depending on your requirements.
Step 3: Scan Type and Settings.
You may have to enter scan details like the name of the scan, description of the scan and even targets. This includes the IP address of the target/s
Step 4: Scan Type
Depending on your package, you can select the type of scan that you are willing to run. You may have to upgrade the package in order to run some special scans.
Step 5: Scan Results
Once the scan is complete, you will be greeted with the scan completed message. You can click on the vulnerabilities tab to see a list containing all the vulnerabilities present on the machine. The red/critical vulnerabilities are something that needs to fix on priority.
Step 6: Detailed Report
You can also click on the name of the vulnerability to find a detailed report about the vulnerability and the available fix. In most cases, a windows update may fix the vulnerability completely.
