Level Up InfoSec - My First Time Using Nessus Essentials

My First Time Using Nessus Essentials

04/11/2021

Something I learned last month during PancakeCon was that Tenable has a free version of their vulnerability management software Nessus. The free version is called Nessus Essentials. Three weeks ago I decided to download it and try it out. The free version has a limit of scanning only 16 IP addresses which is more than I would need making this perfect for my home network.

To download this it requires some registration information including first and last name and also an email address. You then receive a link to download it and the activation code gets sent to the email address. The install process was very simple. I activated the software with my code and in a few easy clicks I have it ready to go.

The first thing I tried was a host discovery scan on my network. It found four devices which is what I was expecting. One device was my windows 10 computer that I had Nessus installed on. Another was the pfSense firewall I use to protect my home network. I decided to do a basic network scan on all of these devices but I mostly wanted to see the results from my firewall and workstation.

On my firewall I found one critical vulnerability, four medium vulnerabilities, one low vulnerability and 40 info vulnerabilities. On my Windows 10 computer I found one medium vulnerability and twenty five info vulnerabilities. The first thing I did was click on the one critical priority for my firewall. The description I read said that I was using an unsupported operating system. I logged into the firewall and found that there was an update ready. A new version of pfSense was released in February. Since I had other things going on at that moment that required my firewall to be online I decided to update later that night.

I wanted to look at results from my workstation as well. The most severe result was the one medium vulnerability. The description said that SMB signing was not required and that I should enable this in my policy settings. It was a very simple change to make and the next time a vulnerability scan ran for my workstation it did not show SMB signing vulnerability in the results.

I decided I wanted to keep using this product and scheduled weekly scans that happen while I am asleep. This has enabled me to log in whenever I have time to see what is currently an issue and remediate issues that exist in my home environment over the past three weeks.

Overall I really like how easy it is to use Nessus and really enjoy using it. I know there is plenty more for me to learn and try on Nessus. I am looking forward to it.

If you want to try Nessus Essentials you can download it here.