Using Nessus

Machine1:- 192.168.253.1

Nessus scan provides all the vulnerabilities that are related to a machine in the network. Nessus
is useful in determining the vulnerabilities related to a machine. Vulnerabilities are categorized in
High, Medium and Low by Nessus. The machine has to be able to connect the Nessus running or
it should be on the same network to determine the Nessus scan and provide vulnerability report.
In this case, the IP address 192.168.253.1 related to a windows machine is scanned and the report
is as shown in the figure above. The Nessus report does not only include the vulnerabilities but
also includes the information about the devices like Link-Local Multicast Name Resolution
(LLMNR) Detection, NetBIOS Multiple IP Address Enumeration, Service Detection, VMware
Virtual Machine Detection, OS Identification, Windows NetBIOS / SMB Remote Host
Information Disclosure, Microsoft Windows SMB Service Detection, and even also Nessus SYN
scanner. It is showing a medium vulnerability in the machine for SMB Signing Disabled.

It also shows the detail information via plugin ID and it also provides the links which can contain
detailed information about the vulnerability so that a user can be well aware of that.
The vulnerability SMB Signing Disabled which is showing is for the SMB server where sign in
is not required remotely. Due to this vulnerability an attacker can get the access to SMB server
and attack through that exploit. More info of SMB servers can be gathered firm the links which
is listed in the plugin ID page.
(Source: http://www.tenable.com/plugins/index.php?view=single&id=57608)
Machine2:- 192.168.253.129

The second machine with the IP 192.168.253.129 is actually a Virtual machine running on
VMWare on Linux Operating system. As like above machine it also contains various information
about the machine vulnerabilities which are unaffected and it also lists 2 vulnerabilities, 1 High
and 1 Medium vulnerability. It lists the information like HSTS Missing from HTTPS Server,
Netstat Connection Information, Time of Last System Startup, Device Hostname, OpenSSL
Detection, Enumerate IPv4 Interfaces via SSH, Service Detection, netstat portscanner (SSH), OS
Identification, SSL Certificate Information.

It shows a High vulnerability Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities. This
vulnerability says that the machine is running with the older version of a Nessus which is prior to
Nessus 6.8 version release. The older versions has many vulnerabilities like a buffer overflow in
the XML parser and other XSS scripting vulnerabilities which can be exploited to hack a
machine. And exploitation of these vulnerabilities are higher.
(Source: http://www.tenable.com/plugins/index.php?view=single&id=92465)

It has a Medium vulnerability SSL Certificate Cannot Be Trusted. This vulnerability is shown
because a signature is missing in the server X.509, this makes the server less authentic due to
missing a signature or a certificate. Usually it implies that a server is rather misconfigured or it is
intentional.
(Source: http://www.tenable.com/plugins/index.php?view=single&id=51192)
Machine3:- 192.168.31.1

The third machine with the IP address 192.168.31.1 is a windows machine running on the same
network. This vulnerability scanning report shows the following information about the machine:
Device Type, Common Platform Enumeration (CPE), Ethernet Card Manufacturer Detection,
Nessus Scan Information, OS Identification, Microsoft Windows SMB Service Detection, Open
Port Re-check, Microsoft Windows SMB NativeLanManager Remote System Information
Disclosure, DCE Services Enumeration, and Windows NetBIOS / SMB Remote Host
Information Disclosure.

However this report does not signify any vulnerability in the machine, so the machine is
considered to be a secured machine with no vulnerability on it.
References:

Nessus Plugin ID | Tenable Network Security. (n.d.). Retrieved July 25, 2016, from
http://www.tenable.com/plugins/index.php?view=single&id=57608

Nessus Plugin ID | Tenable Network Security. (n.d.). Retrieved July 25, 2016, from
http://www.tenable.com/plugins/index.php?view=single&id=92465

Nessus Plugin ID | Tenable Network Security. (n.d.). Retrieved July 25, 2016, from
http://www.tenable.com/plugins/index.php?view=single&id=51192