In this chapter, we will cover the following:
- Introducing compliance scans
- Selecting a compliance scan policy
- Introducing configuration audits
- Performing an operating system audit
- Performing a database audit
- Performing a web application scan
In this chapter, we will cover the following:
In this chapter, we will be going through various recipes on the significance of Nessus for performing various audits, such as a credentialed scan, and performing policy compliance audits, such as an operating system audit, a database audit, and an application audit. This is a crucial part of a white box assessment for network security, as this allows an internal administrator or auditor to understand the security posture of the systems in the organization.
An entire compliance scan or audit is different from a typical vulnerability scan; it is completely dependent on the plugins and the Nessus audit file. We have already covered the basics on how to download and update the plugins in Chapter 2, Understanding Network Scanning Tools. We will now uncover further details about plugins and the Nessus audit file. In this recipe, we will look how to select the correct baseline policy from the set of policies that come preloaded in Nessus, in order to perform a configuration audit for a Linux host.
Each plugin consists of syntax to check for a specific vulnerability for a version or multiple versions of the software, services, and operating...
A configuration audit is an information security procedure where you prepare a baseline configuration, and then compare this with the current configuration to perform a gap analysis, later working on closing those gaps to get as close as possible to the baseline configuration. This process of closing the gaps and achieving a maximum hardened state is called risk or vulnerability mitigation.
Most companies and organizations rely on strong configurations to ensure security in their systems. A well hardened and patched system is a nightmare for a hacker to break into. As many companies opt to move their operations to the cloud, configuration plays a great role in security now more than ever. A simple lapse in a network device, allowing default users to log in, would help a hacker gain access to a whole network in minutes.
A regular application has...
In the previous recipes, we have learned a great deal about the need for configuration audits and their contribution toward more secure networks. In this recipe, we will be looking at using the compliance scan feature of Nessus to perform a configuration audit of an operating system.
The Getting ready section for this recipe is same as the Getting ready section of the Selecting a compliance scan policy section. This recipe will also require you to have studied and practiced the previous recipes in this chapter.
In the previous recipes, we have seen a great deal about the need for a configuration audit and its contribution toward more secure networks. In this recipe, we will be looking at using the compliance scan feature of Nessus to perform a configuration audit of a MariaDB database.
The Getting ready section for this recipe is same as the Getting ready section of the Selecting a compliance scan policy section. Further, instead of using the Metasploitable virtual machine as the test setup, we are going to use the Kali Linux operating system. You can download the Kali Linux ISO from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/. Download and unzip the...
Nessus also supports web application scans. This can be used to audit and identify vulnerabilities in web applications.
Nessus plugins are effective enough to identify critical vulnerabilities from the OWASP Top 10. Nessus provides options for the user to provide authentication details in order to perform a detailed scan and report various vulnerabilities. As a part of web application tests, Nessus also scans for vulnerabilities in application servers, web servers, and databases; that is, end-to-end vulnerability scanning.
The Getting ready section for this recipe is same as the Getting ready section of the Selecting a compliance scan policy section. This recipe will also require...