dEscription
This project involved using Tenable Nessus Essentials to identify and remediate an SMB signing vulnerability. The vulnerability posed a risk of man-in-the-middle (MITM) attacks. This post outlines the steps taken to scan, investigate, and fix the issue using Nessus and Windows security policies.
Tools and Technologies Used
- Tenable Nessus Essentials
- Windows Group Policy Editor
- Command Prompt
Environments Used
- Windows 11 Pro
Steps
1. Download and Install Tenable Nessus Essentials
- Downloaded and installed Tenable Nessus Essentials.
- Launched the tool and completed the configuration process.
2. Setting Up the Scan
- Created a custom scan targeting my local IP address.
- Used the
ipconfigcommand in Command Prompt to identify the correct IP.
3. Scan Results
- The scan identified a CVSS-rated 5.3 vulnerability: SMB Signing Not Required, which could lead to potential MITM attacks.
Scan Results:
4. Expanded Results for SMB Signing Not Required
- Performed a detailed analysis of the SMB signing vulnerability.
5. Investigation and Fix
- Based on Nessus recommendations, I enabled the Microsoft network server: Digitally sign communications (always) in the Local Security Policy.
Local Security Policy Settings:
Enabling SMB Signing:
6. Issue After System Restart
- A system restart caused by a Microsoft update resulted in no scan results.
- Discovered that the local IP address had changed, causing the Nessus scan to fail.
7. Solution
- Updated the Nessus scan configuration with the new IP address.
- Reran the scan, which confirmed that the SMB signing issue was resolved.
Conclusion
This project demonstrated the effectiveness of Tenable Nessus in identifying vulnerabilities and the importance of enforcing SMB signing to mitigate risks. It also highlighted troubleshooting techniques involving system and network configuration.