1
00:00:00,150 --> 00:00:05,310
Hang on before rushing in to start our first Nessus scan. I'd like to show you how to create our own

2
00:00:05,310 --> 00:00:06,370
policies.

3
00:00:06,610 --> 00:00:13,860
Policies allow you to create custom templates defining what actions are performed during a scan in the

4
00:00:13,860 --> 00:00:15,210
Nessus web interface

5
00:00:15,210 --> 00:00:17,090
click "Policies" at the left side.

6
00:00:17,100 --> 00:00:22,260
You see that. Good. Click the "Create a new policy" link inside the Policies page.

7
00:00:22,260 --> 00:00:24,150
Now here we have a lot of scanners.

8
00:00:24,390 --> 00:00:31,900
So in "Advance Scan" all the options are chosen by us without any guidance or recommendation.

9
00:00:32,400 --> 00:00:40,440
"Basic Network Scan" is generally suitable for any host.
"Internal PCI Network" scan is designed for internal

10
00:00:40,440 --> 00:00:50,510
scans. And it's based on PCI DSS standards. PCI DSS, Payment Card Institute and Data Security Standards.

11
00:00:50,530 --> 00:00:53,920
Simply one of the most important information security standards.

12
00:00:53,980 --> 00:01:00,430
So it looks like the days when this video was captured that Spectre and Meltdown are the really new

13
00:01:00,430 --> 00:01:01,720
vulnerabilities.

14
00:01:01,720 --> 00:01:07,770
So here there is scan specialized for Spectre and Meltdown vulnerabilities.

15
00:01:07,780 --> 00:01:11,000
This clearly shows how up to date Nessus is.

16
00:01:11,140 --> 00:01:14,650
Here there's another scanner specific for web applications.

17
00:01:15,280 --> 00:01:27,590
So let's configure our own scan. Click "Advanced Scan". First, give a name for your policy.

18
00:01:27,620 --> 00:01:29,870
Now go to "Discovery" section.

19
00:01:30,140 --> 00:01:33,080
So we're in the "Host Discovery Page".

20
00:01:33,080 --> 00:01:38,110
Here we have a "ping the remote host" option and the settings of the ping.

21
00:01:38,360 --> 00:01:44,030
If we're going to use the data we collected with Nmap we can close this ping scan because we already

22
00:01:44,030 --> 00:01:50,640
have the lists of the hosts. Click "Port Scanning" to configure port scanning options.

23
00:01:50,820 --> 00:01:54,540
The default value of the port scan ranges, well, default.

24
00:01:54,670 --> 00:02:00,080
That means Nessus will scan the ports which is in its nessus-services file.

25
00:02:00,090 --> 00:02:04,150
Now I go to the terminal screen re-analyze and nessus-services file.

26
00:02:04,350 --> 00:02:06,550
Let's find the file first.

27
00:02:06,840 --> 00:02:09,410
Use the "find" command to find the file.

28
00:02:09,449 --> 00:02:17,390
/ means that the search will begin from the root directory.  "-name" shows the name of the search file

29
00:02:18,230 --> 00:02:19,930
and hit enter.

30
00:02:20,060 --> 00:02:20,930
And here it is.

31
00:02:21,290 --> 00:02:24,990
You can stop the search using “ctrl + c” keys

32
00:02:25,030 --> 00:02:32,240
I use "less" command to see the content of the file. Here are the ports, protocols and the default services

33
00:02:32,240 --> 00:02:34,240
which use these ports.

34
00:02:34,310 --> 00:02:40,580
I want to see the number of the lines of nessus-services file to understand how many ports are scanned

35
00:02:40,580 --> 00:02:49,360
by default. "Cat" command with a file name, pipe, type "wc" to see the word count. The first number

36
00:02:49,360 --> 00:02:56,110
is the number of lines, a second one is the number of the words and the last one is the number of the characters.

37
00:02:56,300 --> 00:03:04,520
So, we can say that 9,000 ports are scanned by default. Which is the total of both TCP and UDP ports.

38
00:03:04,730 --> 00:03:12,920
But what if you want to see the number of TCP ports scanned by default. You can use "grep" before "wc" type

39
00:03:12,920 --> 00:03:17,140
“cat filename | grep tcp | wc” .

40
00:03:17,160 --> 00:03:20,230
You will see the number of TCP port scanned by default.

41
00:03:21,240 --> 00:03:24,250
There are about 4600 TCP ports.

42
00:03:24,460 --> 00:03:32,650
If you want to scan all ports, you should type 165535 in port scan range field.

43
00:03:32,670 --> 00:03:37,400
So here are the options to use SSS service for local port enumerators.

44
00:03:37,770 --> 00:03:39,510
So let's have a short break here.

45
00:03:39,540 --> 00:03:45,510
If you have some credentials to scan some services in depth you can define those credentials before

46
00:03:45,510 --> 00:03:46,610
the scan.

47
00:03:46,650 --> 00:03:54,530
So here select the "Credentials" tab and you see some services when you click the "SSH", for example, you

48
00:03:54,530 --> 00:03:59,870
will see the credential options. But let's remove this for now.

49
00:03:59,870 --> 00:04:03,240
Now turn back to settings by clicking its tab.

50
00:04:03,350 --> 00:04:09,770
We were in discovery port scanning page and here the port scanning options. SYN scan is selected

51
00:04:09,770 --> 00:04:10,780
by default.

52
00:04:11,000 --> 00:04:16,040
If you like you can select TCP and/or UDP scans as well.

53
00:04:16,040 --> 00:04:19,230
Now go to the "Advanced" section.

54
00:04:19,279 --> 00:04:27,440
Safe checks are enabled by default so we can select "Scan IP addresses in a random order" to make the

55
00:04:27,440 --> 00:04:29,520
scan a little more stealthy.

56
00:04:29,930 --> 00:04:31,860
Let's look at the performance options.

57
00:04:31,910 --> 00:04:40,980
We can reduce the number of Max simultaneous host per scan to avoid delays and network traffic max number

58
00:04:40,980 --> 00:04:45,230
of concurrent TCP sessions per host is not defined by default.

59
00:04:45,570 --> 00:04:49,170
We can define an upper bound to keep the hosts safe.

60
00:04:49,270 --> 00:04:56,220
And again we may define a maximum number of concurrent TCP sessions per scan to keep the network traffic

61
00:04:56,220 --> 00:04:56,850
safe.

62
00:04:56,850 --> 00:05:02,980
Now look at the tabs on the top of the new policy page and you'll see the "Plugins" tab.

63
00:05:03,420 --> 00:05:07,610
Right so here we have tons of plugins used in Nessus scans.

64
00:05:07,710 --> 00:05:12,790
If you click one of the plugin families you'll see all the plugins of that family.

65
00:05:12,930 --> 00:05:18,470
You see the total number of plugins that are plugin family and here are the plugins.

66
00:05:18,570 --> 00:05:25,890
You can click on "enabled" next to a plugin to disable it or if you want to disable an entire plugin

67
00:05:25,890 --> 00:05:32,730
family entirely, for example, denial of service click on "enabled"  label next to the name of the plugin

68
00:05:32,730 --> 00:05:34,770
family. Click "Save".

69
00:05:35,190 --> 00:05:37,160
And now we have our own scan policy.