With Heartbleed being reported
literately everywhere now is a good time to start checking your home
network for vulnerabilities beyond just heartbleed.
You can use the same tools as the pro's
at home thanks to Tenable Home edition of Nessus with a generous 16
IP licence that should cover most home networks!
I have been using Nessus for over 10
years, I use it a lot in my job and now I can bring that good
practice to my home network too.
The install process is quick and simple
so much so I am not going to write down how to do it but assume you
can mange it on your own :-).
Go here,
http://www.tenable.com/products/nessus-home
signup get an activation code, download and install the relevant
version for your OS.
If you managed to follow the on screen
instructions then you will be able to login to the rich html5 Nessus
server started on your PC.
Once up and running clearly you are
going to scan your network looking for vulnerabilities. BUT I cannot
stress this enough, the best way to get the most value out of Nessus
is to use authenticated scans.
This means Nessus is able to login to
the hosts its scanning to test and audit thoroughly. Below is how to
set this up when the Nessus server and the target of the scan are
both running linux.
We will use ssh authentication with
certificates so there is no password and this is how I did it.
On the Nessus server.
sudo ssh-keygen -t dsa
This will create a public and private
key pair, the public key will be copied to each remote linux machine
you want to scan. The private key remains on the server and should be
kept secure.
Next we need to create a user for
nessus on the remote linux machine
sudo useradd -d /home/nessus -m
nessus
Now because we are authenticating using
certificates this account should not be given a password and the
account should be locked.
As a password has not been set, it
should be locked by default, but check the status of the account.
As root (sudo su)
passwd –S nessus
So the account can run as root add the
nessus user to sudoers
sudo adduser nessus sudo
Now make a location for the public key
cd /home/nessus
mkdir .ssh
From the Nessus server copy the public
key to the remote machine, this is a little annoying, as the location
you need to place the public key in you don't have permission to
write too. A work around is to copy it to a location to can write to
then move it.
sudo scp /root/.ssh/id_dsa.pub
bob@192.168.1.111:/home/bob
Now on the remote linux server we need
to move, rename and change the permission on the public key.
sudo cp /home/bob/id_dsa.pub
/home/nessus/.ssh/authorized_keys
chown -R nessus:nessus
/home/nessus/.ssh/
chmod 0600
/home/nessus/.ssh/authorized_keys
chmod 0700 /home/nessus/.ssh/
Now check your work. From the Nessus
server we are going to run the id command over an ssh session. The
first part of the command is referencing the private key you created
earlier.
ssh -i /root/.ssh/id_dsa
nessus@192.168.1.111 id
All being well you should get back
something like
uid=1001(nessus) gid=1001(nessus)
groups=1001(nessus)
The first time I did this it failed as
I was not referencing the correct private key.
Assuming this worked you can now create
an Authenticated scan within Nessus.
More information on how to setup
authenticated scans for other OS's can of course be found on the
Tenable site.