1
00:00:00,210 --> 00:00:05,130
‫Hang on, before rushing in to start our first Nessus scan, I'd like to show you how to create our

2
00:00:05,130 --> 00:00:06,090
‫own policies.

3
00:00:06,600 --> 00:00:13,890
‫Policies allow you to create custom templates defining what actions are performed during a scan in the

4
00:00:13,890 --> 00:00:17,150
‫Nessus Web interface click policies at the left side.

5
00:00:17,160 --> 00:00:21,990
‫You see that good click the create a new policy link inside the policies page.

6
00:00:22,200 --> 00:00:24,030
‫Now here we have a lot of scanners.

7
00:00:24,360 --> 00:00:31,590
‫So in advance scan, all the options are chosen by us without any guidance or recommendations.

8
00:00:32,370 --> 00:00:36,420
‫Basic network scan is generally suitable for any host.

9
00:00:37,270 --> 00:00:43,870
‫Internal PCI network scan is designed for internal scans and it's based on PCI, DFS standard.

10
00:00:45,000 --> 00:00:52,890
‫PCI says Payment Card Institute and data security standards simply one of the most important information

11
00:00:52,890 --> 00:00:53,830
‫security standards.

12
00:00:54,000 --> 00:01:00,090
‫So it looks like the days when this video was captured, that spectre and meltdown are the are really

13
00:01:00,090 --> 00:01:01,290
‫new vulnerabilities.

14
00:01:01,690 --> 00:01:07,080
‫So here there is a scan specialized where specter and meltdown vulnerabilities.

15
00:01:07,770 --> 00:01:11,360
‫This clearly shows how up this is is here.

16
00:01:11,370 --> 00:01:14,250
‫There's another scanner specific for Web applications.

17
00:01:15,240 --> 00:01:20,580
‫So let's configure our own scan, click, advance scan first, give a name for your policy.

18
00:01:27,570 --> 00:01:34,830
‫Now go to Discovery section, so we're in the host discovery page here, we have a ping, the remote

19
00:01:34,830 --> 00:01:37,560
‫host option and the settings of the ping.

20
00:01:38,310 --> 00:01:44,040
‫If we're going to use the data we collected with that map, we can close this ping scan because we already

21
00:01:44,040 --> 00:01:49,620
‫have the lists of the hosts click port scanning to configure port scanning options.

22
00:01:50,780 --> 00:01:54,440
‫The default value of the ports gain ranges will default.

23
00:01:54,660 --> 00:01:59,510
‫I mean, Nessus will scan the ports, which is in its Nessa's services file.

24
00:02:00,050 --> 00:02:03,590
‫Now I go to the terminal screen to analyze Inessa services file.

25
00:02:04,350 --> 00:02:06,020
‫Let's find the file first.

26
00:02:06,800 --> 00:02:13,100
‫Use the fine command to find the file means that the search will begin from the root directory.

27
00:02:14,020 --> 00:02:22,210
‫Dasch name shows the name of the search file and hit Enter, and here it is, you can stop the search

28
00:02:22,210 --> 00:02:23,620
‫using control keys.

29
00:02:24,990 --> 00:02:27,930
‫I use the less command to see the content of the file.

30
00:02:29,470 --> 00:02:33,550
‫Here are the ports protocols and the default services which use these ports.

31
00:02:34,180 --> 00:02:40,180
‫Now I want to see the number of the lines of Nessa's services fail to understand how many ports are

32
00:02:40,180 --> 00:02:41,380
‫scanned by default.

33
00:02:42,100 --> 00:02:47,080
‫Cat command with a file name pipe that you see to see the word count.

34
00:02:48,630 --> 00:02:54,030
‫The first number is the number of lines, a second one is a number of the words, and the last one is

35
00:02:54,030 --> 00:02:55,170
‫the number of the characters.

36
00:02:56,260 --> 00:03:04,000
‫So we can say that 9000 ports are scanned by default, which is a total of both TCP and UDP ports,

37
00:03:04,720 --> 00:03:11,950
‫but what if you want to see the number of TCP ports scanned by default, you can use grep before W.S.

38
00:03:12,610 --> 00:03:16,840
‫type cat filename PYT grep TCP pipe W.S..

39
00:03:17,200 --> 00:03:20,200
‫You will see the number of TCP ports scanned by default.

40
00:03:21,220 --> 00:03:27,880
‫There are about 4600 TCP ports now, if you want to scan for all ports, you should type one through

41
00:03:27,910 --> 00:03:31,450
‫six five five three five in ports can range feel.

42
00:03:32,630 --> 00:03:38,780
‫So here are the options to use S.H. service for a local board, a numerators, so let's have a short

43
00:03:38,780 --> 00:03:39,320
‫break here.

44
00:03:39,500 --> 00:03:45,560
‫If you have some credentials to scan some services in depth, you can define those credentials before

45
00:03:45,560 --> 00:03:46,290
‫the scan.

46
00:03:46,610 --> 00:03:53,270
‫So here, select your credentials tab and you see some services when you click the SS H, for example.

47
00:03:54,360 --> 00:03:58,920
‫You will see the credential options, but let's remove this for now.

48
00:03:59,820 --> 00:04:02,650
‫Now turn back to settings by clicking its tab.

49
00:04:03,330 --> 00:04:08,430
‫We were in Discovery Port scanning page and here the port scanning options.

50
00:04:08,550 --> 00:04:15,690
‫Since scan is selected by default, if you like, you can select TCP and or UDP scans as well.

51
00:04:16,020 --> 00:04:18,420
‫Now go to the advanced section.

52
00:04:19,260 --> 00:04:21,300
‫Safe checks are enabled by default.

53
00:04:23,350 --> 00:04:29,170
‫So we can select scan IP addresses in a random order to make the scan a little more stealthy.

54
00:04:29,920 --> 00:04:31,590
‫Let's look at the performance options.

55
00:04:31,870 --> 00:04:38,650
‫We can reduce the number of Macs simultaneous hosts per scan to avoid delays and network traffic.

56
00:04:40,310 --> 00:04:46,730
‫Max, a number of concurrent TCP sessions per host is not defined by default, we can define an upper

57
00:04:46,730 --> 00:04:48,680
‫bound to keep the hosts safe.

58
00:04:49,220 --> 00:04:56,270
‫And again, we may define a maximum number of concurrent TCP sessions per scan to keep the network traffic

59
00:04:56,270 --> 00:04:56,810
‫safe.

60
00:04:56,840 --> 00:05:02,650
‫Now look at the tabs on the top of the new policy page and you'll see the plug ins tab.

61
00:05:03,380 --> 00:05:03,660
‫Right.

62
00:05:03,680 --> 00:05:07,130
‫So here we have tons of plug ins used in Nessa's scans.

63
00:05:07,650 --> 00:05:12,020
‫If you click one of the plug and families, you'll see all the plug ins of that family.

64
00:05:12,890 --> 00:05:15,320
‫You see the total number of plug ins and a plug in family.

65
00:05:15,770 --> 00:05:17,300
‫And here the plug ins.

66
00:05:18,530 --> 00:05:22,520
‫You can click on Enabled next to a plug in to disable it.

67
00:05:23,620 --> 00:05:30,520
‫Or if you want to disable an entire plug in family entirely, for example, denial of service, click

68
00:05:30,520 --> 00:05:34,570
‫on Enable labeled next to the name of the plug in family click save.

69
00:05:35,140 --> 00:05:37,210
‫And now we have our own Skåne policy.