banner



Home  ›  How To Use Nessus In Windows

How To Use Nessus In Windows

Written By Tuesday, May 24, 2022 Add Comment Edit

How to setup your Windows environment for a Nessus Credentialed patch scan

If you are reading this you may be undergoing a Cyber Essentials Plus inspect, which requires yous to undergo a credentialed patch scan, one of the products which tin can be used is Tenable Nessus.

Your Cyber Essentials certification torso may have asked y'all to configure your environs in preparation for this, this is a requirement and failure to non accept a successful credential patch browse volition result in your audit failing.

This guide walks you through the process of configuring your surround in preparation for an inspect. There are several parts to this configuration and this guide will concentrate using the group policy management tool equally a way of configuring the environment. All the configuration settings can be added to the one Group Policy Object.

If yous don't take Active Directory, so yous can configure all your machines locally using the Local Group Policy Editor functionality.

This guide also assumes that yous are using the congenital in Windows firewall, if you are using another endpoint firewall such as that from your Antivirus vendor, so add exceptions accordingly.

The steps to configure the environment are every bit follows:

  • Create a dedicated Nessus ambassador account which has total local access to Windows machines.
  • Ensuring network profile is configured every bit 'Private'
  • Allow WMI access through the firewall
  • Allow File and Impress Sharing through the firewall
  • Create a 'LocalAccountTokenFilterPolicy' registry entry
  • Configure Remote Registry service

Creating dedicated Nessus business relationship

Create a domain user and group and name them appropriately, and then make the new user is a member of the new grouping.

Expand your GPO and get to Figurer configuration -> Windows Settings -> Security Settings -> Restricted Groups, right click and select 'Add Group' and select the group you have only created. This will open up upwardly the below screen, add together the grouping, if its not already at that place and then select the button Add button and add together 'builtin\administrators'.

Local administrator group

Click OK to salvage.

Ensuring network profile is configured every bit 'Private'

Expand your GPO and go to Calculator Configuration -> Policies -> Windows Settings -> Security Settings -> Network List Manager Policies. Select the network that are using within your business, by default this will exist 'Network'. Click on the 'Network Location' tab and and so change the location type to 'Private'.

Once inverse, click ok to save.

Network Profile

Allow WMI access through the firewall

Go to Estimator Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security. In the right pane, aggrandize Windows Firewall with Avant-garde Security until Inbound Rules visible. Correct-click on information technology.

  • Choose New Dominion …
  • Select Predefined and Windows Direction Instrumentation (WMI) in the listing
  • Click Next
  • Tick all the Windows Management Instrumentation-rules in the list (usually 3 pieces)
  • Click Next
  • Select Allow the Connexion
  • Click Finish

WMI through firewall

Let File and Print Sharing through the firewall

Go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Avant-garde Security. In the right pane, expand Windows Firewall with Avant-garde Security until Inbound Rules visible. Right-click on it.

  • Choose New Rule …
  • Select Predefined and File and Printer Sharing in the list
  • Click Next
  • Tick all the Windows Management Instrumentation-rules in the list (ordinarily iii pieces)
  • Click Side by side
  • Select Allow The Connection
  • Click Stop

File and Print Sharing

Create a 'LocalAccountTokenFilterPolicy' registry entry

Get to Computer Configuration -> Preferences -> Windows Settings -> Registry, correct click on the correct pane and select new -> registry item.

  • For the Cardinal path enter: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • For the value name enter: LocalAccountTokenFilterPolicy.
  • For the value blazon, change to: REG_DWORD
  • For the value data enter: 1

Click OK to relieve.

Registry Entry

Configure Remote Registry service

Go to Computer Configuration -> Preferences -> Control Console Settings -> Services, right click on the right pane and select New -> Service.

  • Alter Startup to Automatic.
  • Select the Service name: Remote Registry
  • Alter Service Activity to automatic
  • Click Ok to salvage

New Service

And that'due south it, in one case one expect for the changes to propagate effectually your surroundings. This will crave a estimator restart to take consequence. You should and so exist ready for your certification torso to perform a scan using Nessus.

Source: https://isgovern.com/blog/how-to-setup-your-windows-environment-for-a-nessus-credentialed-patch-scan/

Posted by: ellismandred48.blogspot.com

0 Response to "How To Use Nessus In Windows"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel