Vulnerability Management Lab

In this project I created a basic virtual machine in VMware (although this could be done locally) and installed Nessus which is a vulnerability scanner\detection tool that can be used at home or in an enterprise environment.

this tool is very simple to use so I downloaded some old software (Firefox 2015) that likely had discovered vulnerabilities and chose the ‘basic network scan’ option against the IP address of the VM.

-As this is old software, many vulnerabilities were detected.

-In Nessus. the recommendation was obviously to update to the latest version of Firefox. To imitate a real situation I updated to the latest version of Firefox and insured all windows updates were completed before running another scan to confirm remediation.

As above this confirms that many vulnerabilities were remediated which would be a successful exercise in a real situation. overall this project introduced me to the capabilities of Nessus and the importance of Security best practices including ensuring all applications are safe and up to date. in my Job we use Microsoft Defender for a similar use where it scans the entire network constantly and provides a security score based on detected vulnerabilities. However Nessus appears to be more useful for single machines and I enjoyed the simplicity and ease of the application.