No matter how hard you work, no matter how much you patch, no matter how many security controls you apply, you're not going to know that you're really out of the woods until you check. And that is what a vulnerability assessment is all about. vulnerability assessment is an action we do. And we use vulnerability assessment tools to actually go about that process. So what I want to do in this episode is actually go through some of the tools we use to perform a vulnerability assessment. Now the challenge we run into is that today's infrastructures are complicated.
Not only do we have our local area networks, we have wireless, we've got cloud servers, we've got phones, we've got all kinds of stuff that can make a aggressive vulnerability assessment very, very challenging. However, there's a lot of tools that are incredibly simple when it comes to vulnerability assessment. Let me show you right here. So here I'm just running trace route. If you take a look, I've done a trace route on www dot total seven.com. And if you look out, you can see you know what my internal land address is, you can see what my forward facing IP addresses my public address.
That's why I've got it grayed out. And you can also see things like for example, I'm using Comcast. So even a simple tool like trace route gives me a lot of good information about the network. And I can use that as a tool to be part of my assessment. Now, simple tools like this are great, but a lot of times we find ourselves in a situation where we want to use scanning tools. Now we use the word scanner fairly loosely here.
A lot of times you'll hear the word port scanner, or port analyzer. These are all fairly inter connecting terms. But let's take a look at a couple of them. The first one I want to show you is called the advanced IP scanner. Now, this is a wonderful freeware tool. It's been around forever and What I've done is I've had it go through and scan this network because I ran the traceroute.
So I know what the internal network ideas. So I've gone ahead and run that. And tools like this will actually not only let me see the systems, but it'll tell me what kind of Nic I got in there MAC address, IP address, whatever the windows name is for that particular system. And I can even get a pull down like this. And I can see that this particular system is running a web server and it's sharing a couple of folders. Now, is this a good thing or a bad thing?
I don't know. But I'm gonna have to go to that system and actually check it out. Now, Port scanners are not unique to Windows. In fact, probably one of the most famous ones out there is the cool n map. So I've got a map running over here on my Linux box. So in maps a bit of a challenge because n map to simply call it a port scanner is almost unfair.
It's an incredibly powerful network discovery tool, unfortunately, and map takes a little bit of learning so you can see you have to type in these fairly esoteric commands. I'm basically telling em map to go out there, find everybody on the network and tell me what open ports are running. And as you go through it, you can see it does all kinds of amazing output as it's going through, look at all these open ports, it's discovered. Lots and lots of open ports. It's even got different certificates out there, which I'm going to scroll through, because I know what you guys see in my certificates. But the bottom line is, is that these types of tools, perform network discovery.
Now, network discovery is great. But network discovery by itself is not really a vulnerability assessment. Like if we go back over and take a look at Advanced IP scanner one more time. You see, it's running HTTP, but you'll see that it's running IIS. So it's running the windows web server. So is it running the latest version of iOS?
Are we using good passwords the I don't know that kind of stuff. So what I need is a more advanced tool beyond a simple port scanner that can actually do Go into the system and check this stuff out in detail. Luckily for us, that's a Windows system. And luckily for us, Microsoft provides an amazing tool called the Microsoft baseline security analyzer. So I've already run MBs se on this system. So what we're looking at is the Microsoft baseline security analyzer.
Microsoft has built up the famous Microsoft knowledge base for decades now. And the Microsoft knowledge base is a list of problems within the Microsoft Windows product line. And the types of patches and fixes that Microsoft has applied over yea these many years. So tools like NBS a can actually refer to the Microsoft knowledge database and look at the system that it's run on and make a determination of what vulnerabilities it has. So as we take a look at this, you'll see that it's run a security scan and you can see it has the severity index is red is really bad yellow. Is be aware this is here in green is just informative.
So if you take a look in great detail, you can see it says a security update is missing, or lots of security updates are missing. In fact, if we come down here, automatic updates feature hasn't even been configured. They're absolutely right, because I've turned it off. And they're letting me know that there is a problem. Here's good information. For example, Windows Firewall is enabled.
But there are exceptions configured Well, yeah, there is because I needed this system to run some exceptions for some of the programs that it's running. But what we have here is a tool that knows the Windows operating system knows the applications if the Microsoft applications running on it, and can give us a report that allows us to do a really good vulnerability assessment on this particular system. So tools like NB sa are fantastic when you've got an individual Windows system that you want to check out. The problem that we run into though is what are we going to do if I've got an entire network? What are we going to do if I've got a Not only Windows systems, but Linux boxes, and Cisco routers and wireless access points and all kinds of stuff out there. In that case, we have to turn to what are known generically as vulnerability assessment tools.
Vulnerability assessment tools are incredibly powerful tools that can go out and look at your entire infrastructure. Well, none of them were perfect, but some of them were pretty good. And give you just as we saw with NBS a for one system, it can do it for your entire infrastructure. There's lots of them out there. But when we're talking about a simple normal network one, like here at total seminars, we've got one broadcast domain and we've got an internet service provider connection, we got a couple of wireless access points. For folks like that.
There's probably three tools that you're going to turn to nessus by tenable network security, next spose by rapid seven, and open vas, which is freeware, so it's from the open vas community. Now these are all great tools. To me. They're highly interchangeable. But I want to show you one in particular and that is open vas. Now this is the green bones security assistant, the green bone security assistant is simply the web front end for open vas open vas itself is running somewhere on my network in a virtual machine.
I don't even care about that. But what I do is I can get to it and do whatever I need to through this web interface. Alright, now what I've done is you can see I've actually already scanned one system, open vas would allow me to scan my entire network it would take a while but it could do it. However, I just scammed one system, and I want you to be able to see the output. So let's take a look at the output here. And you'll see just like we saw with NBS a you can see we've got these severity indexes.
But you'll notice that these problems are very, very different. SMB v one unspecified, remote code execution, Shadow brokers. Okay, where do they get all this stuff? Basically what takes place is that organizations like for Example. Let me show you right here, the National Vulnerability Database, create databases of vulnerabilities 10s of thousands of vulnerabilities. And these powerful tools like open vas access these databases which are completely free and open to the public.
And they will scan system, look for problems that are known for a window system. Check those out and then make a determination of what we need to do. So it's a very, very clever way of handling these things. And that's where open vas gets us information. So it is nessus. So does next pose everybody uses the same databases.
The cool part to all this is that a true tool like this isn't going to necessarily fix this stuff. Remember, what we're going to be doing is a vulnerability assessment, not a vulnerability repair. And the only job that these tools have is to let you know that these things are taking place. It's up to you as an IT person to actually Make those fixes