How To Use Nessus To Scan A Network For Vulnerabilities

 

Vulnerabilities

When it comes to network security, most of the tools to test your network are pretty complex. Nessus isn’t new, but it definitely bucks this trend. It’s incredibly easy to use, works quickly, and can give you a quick rundown of your network’s security at the click of a button.

how to hack a phone How to Hack Your Ow

 

n Network and Beef Up Its Security with Kali Linux

Kali Linux is a security-focused operating system you can run off a CD or U

 

SB drive, anywhere. With …

Read more Read

This post is part of our Evil Week series at Lifehacker, where we look at the dark side of getting things done. Sometimes evil is justified, and other times, knowing evil means knowing how to beat it. Want more? Check out our evil week tag page.

how to hack a phone Welcome to Lifehacker’s Seventh Annual Evil Week

It’s that time of year again: As Halloween approaches, it’s time to unleash our dark side. Welcome…

Read more Read

If someone wanted to hack your local network, the first thing they’d do is run a vulnerability scan, then they’d run a penetration test. A vulnerability scan digs through the various devices on your network and looks for potential holes, like open ports, outdated software with known vulnerabilities, or default passwords on devices. If they find anything, a hacker would test those vulnerabilities, then find a way to exploit them. Testing these vulnerabilities is a two-step process because a scan just reveals the possibility of problems, a penetration test verifies that the problem is actually exploitable.

Nessus is commercial software made to scan for vulnerabilities, but the free home version offers plenty of tools to help explore and shore up your home network. It also point you to a variety of different tools to then penetration test a network if you want to learn more. Here’s how to use it.

Step One: Download and Install Nessus

In order to download Nessus, you’ll first need to sign up for an online account so you can download the software and get an activation code.

 

  • Head to the Nessus Home landing page, enter a name and email address, and then click the Register button. You’ll want to use a real email address here because Nessus sends you an activation code that you’ll need in a step later.
  • Click the Download button, then download Nessus for your operating system. It’s available for Windows, Mac, and Linux.
  • Once the download is complete, run the installer package and follow the on-screen instructions to finish installation.

 

Nessus creates a local server on your computer and runs from there, so don’t be surprised that the installation process is a little different than you’re used to.

Step Two: Set Up Your Nessus Account and Activation Code

Once Nessus is installed, point your web browser to: https://localhost:8834/ This is where we’ll complete the signup process and activate your copy of Nessus.

 

  • When you launch Nessus for the first time, you get a “Your connection is not secure” warning from your browser. Click “Advanced” and then “Proceed to localhost” to bypass this warning.
  • Create an account on the Account Setup screen, leave the Registration as “Home, Professional, or Manager,” and then enter the Activation Code from your email. Click “Continue.”

 

Next, Nessus will download a number of tools and plugins so it can properly scan your network with updated utilities. This can take a few minutes, so grab a cup of coffee and make yourself comfortable.

Step Three: Start a Vulnerability Scan

It’s time to actually test your network. This is the fun part. Nessus can actually scan for quite a few different problems, but most of us will be content using the Basic Network Scan because it offers a good overview.

 

  • Click the “New Scan.”
  • Click “Basic Network Scan.”
  • Name your scan and add a description.
  • In the “Targets” field, you’ll want to enter IP scanning details about your home network. For example, if your router is at 192.168.0.1, you’d want to enter 192.168.0.1/24. This will make it so Nessus scans all the devices on your network (unless you have a ton of devices this is probably as high as you’d need to go). If you’re not sure about the local IP address for your router, here’s how to find it.
  • Click “Save.”
  • On the next screen, click the Play icon to launch the scan.

 

Depending on what and how many devices you have on your network, the scan takes a while, so sit back and relax while Nessus does its work.

Aside from the Basic Network Scan, you can also run an Advanced Scan that includes more parameters to narrow your search, a Badlock Detection scan, which hunts down a security issue with SAMBA, a Shellshock scan that looks for vulnerabilities in old Linux or Mac machines, a DROWN scan that looks for computers hosting sites susceptible to DROWN attacks, and a few other more acute scans. Most of these issues will also get picked up with the Basic Network Scan, but if you’re doing anything beyond just maintaining a normal home network, like running a private server that’s exposed to the Internet, then you’ll want to double-check that everything is up-to-date using the more specific scanning modes. The rest of us will be fine with the Basic Network Scan.

Step Four: Make Sense of the Results

Once Nessus finishes, you’ll see a bunch of color-coded graphs for each device (referred to as hosts) on your network. Each color of the graph signifies the danger of a vulnerability, from low to critical.

Your results should include all the devices on your local network, from your router to your Wi-Fi-enabled printer. Click the graph to reveal more information about the vulnerabilities on each device. Vulnerabilities are listed as “plugins,” which is just Nessus’ way of discovering vulnerabilities. Click on any plugin to get more information about the vulnerability, including white papers, press releases, or patch notes for potential fixes. You can also click the Vulnerabilities tab to see an overview of all the potential vulnerabilities on the network as a whole.

Take a second to click the link on each vulnerability, then read up on how a hacker could exploit it. For example, I have an old Apple TV with an ancient firmware installed because it’s never used. Nessus found it and marked it as a “High” priority vulnerability, then links to Apple’s own security update page for more information. This lets me know that a hacker can exploit the Apple TV’s firmware by setting up a fake access point. The vulnerability page also helpfully lists exactly what software one would need to penetration test and hack that vulnerability. For example, Nessus lists Metasploit as the toolkit needed to exploit this weak point and with that knowledge, you can search Google for instructions on how to take advantage of the vulnerability.

There’s a chance some of these vulnerabilities will be a bit obvious. For example, Nessus picks up on any device still using a default password or points out when a computer or device is running an outdated firmware. Most of the time though, you probably won’t understand what the heck you’re looking at with these results.

Step Five: What to Do Next

Nessus gives you all this data, but what exactly are you supposed to do with it? That depends on which vulnerabilities Nessus finds.

After your scan is complete, click the Remediations tab. Here, you’ll find the biggest potential security holes in your network. In my case, alongside that Apple TV, this includes an ancient version of Adobe AIR installed on my laptop, an old version of Firefox, a Raspberry Pi running an old version of Apache, and a few others. All of these issues are easily remedied by either updating or deleting old software. You might think you’re vigilant about updating your software, but so do I, and yet I still had plenty of weird old software I never use sitting around creating potential access points for a hacker. You mileage will of course vary here, but regardless of your results, Nessus provides the information you need to close any holes.

While all this might sound a little scary, it’s worth noting that while Nessus gives you a lot of the potential ways into a network, it’s not a foolproof guide. On top of needing to be in your network in the first place (which of course, isn’t terribly complicated), they’d also need to know how to actually use the variety of the exploitation tools Nessus suggests.

While the exploit on my Apple TV could potentially grant someone access to the device, that doesn’t necessarily mean they’d be able to do anything once they’re there. Regardless, as an end-user who’s simply trying to shore up a network, Nessus is a great starting point for finding the most obvious vulnerabilities that could make you an easy target, or to just explore your home network. With very limited searching on Google, Nessus will lead you to tons of different hacking tools and a wide variety of software, so dig in and learn as much as you can.

Link Exchange | Products And Prices
The list of link building products and prices currently offerd at LinkMarket.Net.
Blog Search: The Source for Blogs

Protect Your Network & Respond To Security Threats Today. Free Trial.

security threats-AP Reports EPA’s Pruitt Spent Millions On Security, Travel

Security ThreatsEnvironmental Protection Agency chief Scott Pruitt’s concern with his safety came at a steep cost to taxpayers as his swollen security detail blew through overtime budgets and at times diverted officers away from investigating environmental crimes.

Altogether, the agency spent millions of dollars for a 20-member full-time detail that is more than three times the size of his predecessor’s part-time security contingent.

EPA spokesman Jahan Wilcox cited “unprecedented” threats against Pruitt and his family as justification for extraordinary security expenses such as first-class airfare to keep him separate from most passengers — a perk generally not available to federal employees.

But Pruitt apparently did not consider that upgrade vital to his safety when taxpayers weren’t footing the bill for his ticket. An EPA official with direct knowledge of Pruitt’s security spending said the EPA chief flew coach on personal trips back to his home state of Oklahoma.

The EPA official spoke on condition of anonymity for fear of retaliation.

New details in Pruitt’s expansive spending for security and travel emerged from agency sources and documents reviewed by The Associated Press. They come as the embattled EPA leader fends off allegations of profligate spending and ethical missteps that have imperiled his job.

Shortly after arriving in Washington, Pruitt demoted the career staff member heading his security detail and replaced him with EPA Senior Special Agent Pasquale “Nino” Perrotta, a former Secret Service agent who operates a private security company.

The EPA official knowledgeable about Pruitt’s security spending says Perrotta oversaw a rapid expansion of the EPA chief’s security detail to accommodate guarding him day and night, even on family vacations and when Pruitt was home in Oklahoma.

Perrotta also signed off on new procedures that let Pruitt fly first-class on commercial airliners, with the security chief typically sitting next to him with other security staff farther back in the plane. Pruitt’s premium status gave him and his security chief access to VIP airport lounges.

The EPA official said there are legitimate concerns about Pruitt’s safety, given public opposition to his rollbacks of anti-pollution measures.

But Pruitt’s ambitious domestic and international travel led to rapidly escalating costs, with the security detail racking up so much overtime that many hit annual salary caps of about $160,000. The demands of providing 24-hour coverage even meant taking some investigators away from field work, such as when Pruitt traveled to California for a family vacation.

The EPA official said total security costs approached $3 million when pay is added to travel expenses.

Wilcox said Pruitt has faced an unprecedented number of death threats against him and his family and “Americans should all agree that members of the President’s cabinet should be kept safe from these violent threats.”

A nationwide search of state and federal court records by AP found no case where anyone has been arrested or charged with threatening Pruitt. EPA’s press office did not respond Friday to provide details of any specific threats or arrests.

Pruitt has said his use of first-class airfare was initiated following unpleasant interactions with other travelers. In one incident, someone yelled a profanity as he walked through the airport.

But on weekend trips home for Sooners football games, when taxpayers weren’t paying for his ticket, the EPA official said Pruitt flew coach.

The source said Pruitt sometimes used a companion pass obtained with frequent flyer miles accumulated by Ken Wagner, a former law partner whom Pruitt hired as a senior adviser at EPA at a salary of more than $172,000. Taxpayers still covered the airfare for the administrator’s security detail.

Walter Shaub, who until last year ran the federal Office of Government Ethics, said it is a potential ethics violation for Pruitt to accept the airline tickets, even if Wagner didn’t pay cash for them. Federal officials are barred from accepting gifts from employees that have a market value of more than $10.

“It would be a very serious ethics problem, indeed, if Pruitt accepted airline tickets from a subordinate,” Shaub said.

The EPA administrator has come under intense scrutiny for ethics issues and outsized spending. Among the concerns: massive raises for two of closest aides and his rental of a Capitol Hill condo tied to a lobbyist who represents fossil fuel clients.

At least three congressional Republicans and a chorus of Democrats have called for Pruitt’s ouster. But President Donald Trump is so far standing by him.

A review of Pruitt’s ethical conduct by White House officials is underway, adding to probes by congressional oversight committees and EPA’s inspector general.

Pruitt, 49, was closely aligned with the oil and gas industry as Oklahoma’s state attorney general before being tapped by Trump. Trump has praised Pruitt’s relentless efforts to scrap, delay or rewrite Obama-era environmental regulations. He also has championed budget cuts and staff reductions at the agency so deep that even Republican budget hawks in Congress refused to implement them.

EPA’s press office has refused to disclose the cost of Pruitt’s security or the size of his protective detail, saying doing so could imperil his personal safety.

But other sources within EPA and documents released through public information requests help provide a window into the ballooning costs.

In his first three months in office, before pricey overseas trips to Italy and Morocco, the price tag for Pruitt’s security detail hit more than $832,000, according to EPA documents released through a public information request.

Nearly three dozen EPA security and law enforcement agents were assigned to Pruitt, according to a summary of six weeks of weekly schedules obtained by Democratic Sen. Sheldon Whitehouse of Rhode Island.

Those schedules show multiple EPA security agents accompanied Pruitt on a family vacation to California that featured a day at Disneyland and a New Year’s Day football game where his home state Oklahoma Sooners were playing in the Rose Bowl. Multiple agents also accompanied Pruitt to a baseball game at the University of Kentucky and at his house outside Tulsa, during which no official EPA events were scheduled.

Pruitt’s predecessor, Gina McCarthy, had a security detail that numbered about a half dozen, less than a third the size of Pruitt’s. She flew coach and was not accompanied by security during her off hours, like on weekend trips home to Boston.

Pruitt was accompanied by nine aides and a security detail during a trip to Italy in June that cost more than $120,000. He visited the U.S. Embassy in Rome and took a private tour of the Vatican before briefly attending a meeting of G-7 environmental ministers in Bologna.

Private Italian security guards hired by Perrotta helped arrange an expansive motorcade for Pruitt and his entourage, according to the EPA official with direct knowledge of the trip. The source described the Italian additions as personal friends of Perrotta, who joined Pruitt and his EPA staff for an hours-long dinner at an upscale restaurant.

Perrotta’s biography, on the website of his company, Sequoia Security Group, says that during his earlier stint with the Secret Service he worked with the Guardia di Finanza, the Italian finance police.

The EPA spent nearly $9,000 last year on increased counter-surveillance precautions for Pruitt, including hiring a private contractor to sweep his office for hidden listening devices and installing sophisticated biometric locks for the doors. The payment for the bug sweep went to a vice president at Perrotta’s security company.

The EPA official who spoke to AP said Perrotta also arranged the installation of a $43,000 soundproof phone booth for Pruitt’s office.

At least five EPA officials were placed on leave, reassigned or demoted after pushing back against spending requests such as a $100,000-a-month private jet membership, a bulletproof vehicle and $70,000 for furniture such as a bulletproof desk for the armed security officer always stationed inside the administrator’s office suite.

Those purchases were not approved. But Pruitt got an ornate refurbished desk comparable in grandeur to the one in the Oval Office.

Among the officials who faced consequences for resisting such spending was EPA Deputy Chief of Staff for Operations Kevin Chmielewski, a former Trump campaign staffer who was placed on unpaid administrative leave this year.

The prior head of Pruitt’s security detail, Eric Weese, was demoted last year after he refused Pruitt’s demand to use the lights and sirens on his government-owned SUV to get him through Washington traffic to the airport and dinner reservations.

5 Common Browser Security Threats, And How To Handle Them

The web browser is inarguably the most common portal for users to access the internet for any given array of consumer or business purposes. Innovative advances have allowed many traditional “thick client” apps to be replaced by the browser, enhancing its usability and ubiquity. User-friendly features such as recording browsing history, saving credentials and enhancing visitor engagement through the use of cookies have all helped the browser become a “one stop shopping” experience

However, the browser also has the potential to betray the user through the very same options which are intended to make life easier since it serves as a ripe target for the theft of confidential data because it holds so many proverbial eggs in its basket.

Security intelligence organization Exabeam conducted some recent research to analyze dozens of popular websites such as Google, Facebook, Amazon, and others to determine what kind of user data is stored when interacting with these entities. They found a significant amount of user information kept both on local storage and in the browser.

As a result, Exabeam released a recent blog post which outlines some of the ways your browser can be used against you along with recommended techniques to stay safe.

Here is a summary of their findings along with some other tips for protection:

1. Accessing browser history

security threatsYour browser history is a veritable map of where you go on the internet and for what purpose. And it’s not only possible to tell where you’ve been, but when you’ve been there, establishing your behavioral patterns.

Knowing you access certain sites can lead to phishing attacks against you to obtain your credentials for those sites (assuming you haven’t stored this information in the browser), establishing your purchasing habits (for instance if you are a football fan and visit NFL sites, your credit card company isn’t likely to raise an eyebrow if a slew of charges for football merchandise start showing up on your compromised credit card) or even blackmail if the site(s) in question prove illegal or unethical, or allegations thereof can be made.

Recommendations:

Clearing the browser cache is a good way to flush potentially damaging information, especially after engaging in confidential activities such as conducting online banking. This can be performed manually or set to do so automatically such as when closing the browser (Google the details for your browser version and operating system to carry out this and the other recommendations as the steps involved may be subject to change).

Use incognito mode (private browsing) since no harvestable data is stored (if you must use a public system, always make sure to do so with incognito mode).

SEE: Nine ways to disappear from the internet (free PDF) (TechRepublic)

2. Harvesting saved login credentials

Saved logins paired with bookmarks for the associated sites you visit are a deadly combination. Two mouse clicks might be all it takes for a criminal to have access to your banking/credit card website. Some sites do use two-factor authentication, such as texting access codes to your mobile phone, but many of them utilize this on a one-time basis so you can confirm your identity on the system you’re connecting from. Unfortunately, that system is then deemed trusted, so subsequent access may go entirely unchallenged.

Saved credentials associated with your email account is basically like Kryptonite to Superman in a scenario like this. An attacker who can get into your email can reset your password on almost any other website you access. And keep in mind they might not need to be on your system to do so – if they obtain your email address and password they can work at leisure from any other system they choose.

security threatsJust taking a series of screenshots (or even utilizing the camera on a mobile phone) can allow an attacker on your system to record all of your saved passwords. Firefox lets you view these quite easily. While Chrome at least requests your logon password to do so, as stated resetting this is quite easy with administrative access (which can be simple to obtain thanks to password reset utilities such as Offline NT Password and Registry Editor).

Recommendations:

Don’t save credentials in the browser. Instead, take advantage of free password managers such as KeePass or Password Safe to store passwords (never write them down) via a central master password. These password managers can securely store all your website passwords. A password manager can even access a saved URL and login for you, adding to the convenience and security of your information.

3. Obtaining autofill information

Autofill information can also be deadly. Chrome can save your home address information to make it easier to shop online, but what if your device fell into the wrong hands? Now an attacker knows where you live – and probably whether you’re home.

Recommendations:

Turn off autofill for any confidential or personal details.

SEE: Password management policy (Tech Pro Research)

4. Analyzing cookies

Cookies (files stored locally which identify users/link them to sites) are another potential attack vector. Like the browsing history, they can reveal where you go and what your account name might be.

As with #1, incognito mode can also come in handy here.

Recommendations:

Disabling cookies is touted as a potential solution, but this has been a problematic “fix” for years since many sites depend on cookies or at least severely limit your functionality (or possibly annoy you with nagging prompts) if these are turned off.

Instead, purging cookies periodically can help protect you, though be prepared to enter information repeatedly as prompted by websites.

5. Exploring the browser cache

The browser cache involves storing sections of web pages for easier access/loading on subsequent visits, which can outline where you’ve been and what you’ve seen. Malware can be tailored to prey upon cache data as well.

Exabeam also considered location history and device discovery to be risky elements in their blog post, stating these could expose user location and other devices used.

Recommendations:

As with #1 and #4, incognito mode can also come in handy here, or manually clear the cache as needed, particularly after sensitive operations.

Some other suggestions

I strongly support setting and utilizing complex passwords on your devices which are rotated periodically, and always encrypt local storage devices, especially on portable systems, to reduce the risk of access to browser data.

Use physical security such as cable locks for laptops, and always lock the screen of your systems when not in use (I do this on my home Windows PC as well). Don’t share machines/passwords with other people.

Take advantage of two-factor authentication where possible and set up recovery accounts where possible for your website accounts, and specify your mobile number and security questions for password resets. Be on the lookout for suspicious activity like emails about new accounts or password resets you didn’t request.

Some sites like Facebook can tell who is currently logged into your account (go to Settings then Security and Login), so check these details periodically – especially if anything out of the ordinary is going on.

Exabeam also recommends utilizing anti-malware software which is routinely updated along with several browser-related options (Google your browser and operating system version for the specific details on how to enact these as settings may change).

Users should also consider changing browser settings to further protect their privacy, or at least analyzing them to be aware of what options are currently enabled/disabled. There are guides online for Chrome, Firefox, Internet Explorer, Safari and Opera.

Also see: istock-681625520.jpg

Image: iStock/fizkes

 

How Experts View Cybersecurity Threats In Businesses: Part 1

Data breach problems have occurred several times during the last few years. They have affected big businesses and even government agencies and political organizations. It is true that getting connected is increasingly necessary. However, the risks of cybersecurity threats in businesses are also growing expotentially. More businesses are at stake, not only the customer data, but also the intellectual property, company reputations, as well as asset safety.

We certainly still remember the attack of WannaCry ransomware that happened several months ago. Databases of many hospitals in different countries were encrypted, thus denying the access by the owners. Likewise, some cases of data breach from credit card companies also happened lately. Unfortunately, several cybersecurity threats in businesses are overlooked by the owners. When the attacks happen, they are not able to mitigate the risks fully.

Cybersecurity Threats in Businesses in the Experts’ Eyes

Don Steinberg from KPMG Voice lately published his interviews with three experts in cybersecurity industry on Forbes website. They provided some insights on cybersecurity threats in businesses. They are Tony Buffomanto from KPMG, Gadi Evron – CEO of Cymmetria (a cybersecurity service provider), and Leonard Brody – the creator of The Great Rewrite.

cybersecurity threats in businesses

Information Security Threats Since 2017

The first question of the interview is about information security threats, which have occured since 2017. According to Brody, the cyber attacks have been more technologically sophisticated. As a result, the attacks are broader and more things become the potential victims. On the other side, Evron views the wider cyber attacks are the results of failure to consider the security aspects of the new types of technology. He even predicts that the medical sector will become the targets in the next three or five years.

Similarly, Buffomante notes the shift from personal information attacks, such as credit cacrd information or Social Security numbers to more destructive ones. His special concerns go to medical devices, implantable and wearable devices.  In other words, there will be more cybersecurity threats in businesses. The account owners or subscribers are required to have personal code to login to their accounts on online store or  online payment systems. The attackers may use the machine learning technology to steal the customer information.

Overlooked Vulnerabilities

When asked about the most overlooked aspects in web-based businesses, Buffomante points out to the security associated with privileged user accounts. Imagine what the hackers can do if they get access to the super-user privileged accounts managed by a business. He said that many tools owned by the businesses were poorly deployed, thus living the privileged accounts at stakes.

Evron mentioned the security problems in internal network. Sometimes, the businesses owners overlook the possibility that attackers get access into the internal network. If this is the case, there will be very little chance to recover from the damage caused by the hackers. Brody showed similar concerns that many businesses fail to anticipate the internal security attacks.

Buffomante, Evron, and Brody provided us with some insights on the cybersecurity issues. The businesses may overlook important security aspects when building their infrastructure. Do not miss their views on cybersecurity threats in businesses in the interviews conducted by Don Steinberg from KPMG on the next post http://www.blog-search.com 

Link Exchange | Products And Prices
The list of link building products and prices currently offerd at LinkMarket.Net.
Blog Search: The Source for Blogs