1
00:00:00,210 --> 00:00:05,100
Hang on, before rushing in to start our first Nessus scan, I'd like to show you how to create our

2
00:00:05,100 --> 00:00:06,060
own policies.

3
00:00:06,600 --> 00:00:13,860
Policies allow you to create custom templates defining what actions are performed during a scan in the

4
00:00:13,860 --> 00:00:17,120
Nessus Web interface click policies at the left side.

5
00:00:17,130 --> 00:00:21,960
You see that good click the create a new policy link inside the policies page.

6
00:00:22,200 --> 00:00:26,070
Now here we have a lot of scanners, so an advance scan.

7
00:00:26,520 --> 00:00:31,590
All the options are chosen by us without any guidance or recommendations.

8
00:00:32,370 --> 00:00:36,390
Basic network scan is generally suitable for any host.

9
00:00:37,280 --> 00:00:43,850
Internal PCI network scan is designed for internal scans and it's based on PCI disc standard.

10
00:00:44,970 --> 00:00:52,320
PORKED Midsouth Payment Card Institute and data security standards simply one of the most important

11
00:00:52,320 --> 00:00:53,820
information security standards.

12
00:00:54,000 --> 00:01:00,060
So it looks like the days when this video was captured, that spectre and meltdown are the are really

13
00:01:00,060 --> 00:01:01,250
new vulnerabilities.

14
00:01:01,650 --> 00:01:07,050
So here there is a scan specialized where specter and meltdown vulnerabilities.

15
00:01:07,740 --> 00:01:11,330
This clearly shows how up this is is here.

16
00:01:11,340 --> 00:01:14,220
There's another scanner specific for Web applications.

17
00:01:15,210 --> 00:01:20,550
So let's configure our own scan, click, advance scan first, give a name for your policy.

18
00:01:27,550 --> 00:01:34,810
Now go to Discovery section, so we're in the host discovery page here, we have a ping, the remote

19
00:01:34,810 --> 00:01:37,540
host option and the settings of the ping.

20
00:01:38,290 --> 00:01:44,020
If we're going to use the data we collected, then map, we can close this ping scan because we already

21
00:01:44,020 --> 00:01:49,600
have the lists of the hosts click port scanning to configure port scanning options.

22
00:01:50,750 --> 00:01:54,410
The default value of the ports gain ranges will default.

23
00:01:54,630 --> 00:01:59,480
That means Nessus will scan the ports, which is in its Nessa's services file.

24
00:02:00,020 --> 00:02:03,560
Now I go to the terminal screen to analyze Inessa services file.

25
00:02:04,330 --> 00:02:05,990
Let's find the file first.

26
00:02:06,770 --> 00:02:13,070
Use the fine command to find the file means that the search will begin from the root directories.

27
00:02:13,990 --> 00:02:22,180
Dasch name shows the name of the search file and hit Enter, and here it is, you can stop the search

28
00:02:22,180 --> 00:02:23,590
using control keys.

29
00:02:24,960 --> 00:02:27,900
I use the less command to see the content of the file.

30
00:02:29,440 --> 00:02:33,520
Here are the ports protocols and the default services which use these ports.

31
00:02:34,150 --> 00:02:40,150
Now I want to see the number of the lines of Nessa's services fail to understand how many ports are

32
00:02:40,150 --> 00:02:41,350
scanned by default.

33
00:02:42,100 --> 00:02:47,050
Cat command with a file name pipe that you see to see the word count.

34
00:02:48,600 --> 00:02:54,000
The first number is the number of lines, a second one is a number of the words, and the last one is

35
00:02:54,000 --> 00:02:55,140
the number of the characters.

36
00:02:56,230 --> 00:03:03,960
So we can say that 9000 ports are scanned by default, which is a total of both TCP and UDP ports,

37
00:03:04,690 --> 00:03:11,530
but what have you want to see the number of TCP ports scanned by default, you can use grep before we

38
00:03:11,540 --> 00:03:16,150
see type cat filename PYT grep TCP pipe.

39
00:03:16,540 --> 00:03:20,170
See, you will see the number of TCP ports scanned by default.

40
00:03:21,210 --> 00:03:28,260
There are about 4600 exports now, if you want to scan for all ports, you should type one through six,

41
00:03:28,260 --> 00:03:31,440
five, five, three, five and ports can range for you.

42
00:03:32,600 --> 00:03:39,050
So here are the options to use S8 service for a local board, a numerators, so let's have a short break

43
00:03:39,050 --> 00:03:39,290
here.

44
00:03:39,470 --> 00:03:45,530
If you have some credentials to scan some services in depth, you can define those credentials before

45
00:03:45,530 --> 00:03:46,280
the scan.

46
00:03:46,610 --> 00:03:53,240
So here, select your credentials tab and you see some services when you click the S.H., for example.

47
00:03:54,340 --> 00:03:58,870
You will see the credential options, but let's remove this for now.

48
00:03:59,800 --> 00:04:02,620
Now turn back to settings by clicking its tab.

49
00:04:03,310 --> 00:04:08,410
We were in Discovery Port scanning page and here the port scanning options.

50
00:04:08,530 --> 00:04:15,670
Since scan is selected by default, if you like, you can select TCP and or UDP scans as well.

51
00:04:16,000 --> 00:04:18,400
Now go to the advanced section.

52
00:04:19,240 --> 00:04:21,280
Safe checks are enabled by default.

53
00:04:23,340 --> 00:04:29,130
So we can select scan IP addresses in a random order to make the scan a little more stealthy.

54
00:04:29,880 --> 00:04:31,560
Let's look at the performance options.

55
00:04:31,860 --> 00:04:38,610
We can reduce the number of Macs simultaneous hosts per scan to avoid delays and network traffic.

56
00:04:40,260 --> 00:04:46,710
Max, number of concurrent TCP sessions per host is not defined by default, we can define an upper

57
00:04:46,710 --> 00:04:48,660
bound to keep the hosts safe.

58
00:04:49,200 --> 00:04:56,250
And again, we may define a maximum number of concurrent TCP sessions per scan to keep the network traffic

59
00:04:56,250 --> 00:04:56,790
safe.

60
00:04:56,820 --> 00:05:02,630
Now look at the tabs on the top of the new policy page and you'll see the plug ins tab.

61
00:05:03,360 --> 00:05:03,570
Right.

62
00:05:03,660 --> 00:05:07,090
So here we have tons of plug ins used in Nessa's scans.

63
00:05:07,620 --> 00:05:11,990
If you click one of the plug in families, you'll see all the plug ins of that family.

64
00:05:12,870 --> 00:05:15,290
You see the total number of plug ins and a plug in family.

65
00:05:15,750 --> 00:05:17,280
And here the plug ins.

66
00:05:18,500 --> 00:05:22,490
You can click on Enabled next to a plug in to disable it.

67
00:05:23,590 --> 00:05:30,490
Or if you want to disable an entire plug in family entirely, for example, denial of service, click

68
00:05:30,490 --> 00:05:34,540
on Enable labeled next to the name of the plug in family click save.

69
00:05:35,110 --> 00:05:37,180
And now we have our own Skåne policy.