Hands-on with Nessus

Last night, while doing some online training for Security+ I learned about Nessus Essentials. I have heard about Nessus for years on security podcasts, but always thought it was a paid-for enterprise tool.

During my course, I learned about configuring Nessus Essentials. I was excited when I learned that this was a free tool. I enjoy learning new things and immediately began downloading the software as the training video was running, so I could follow along. Once I had it installed I started my "Host Discovery Scan" to identify all of the machines on my network. Once that was completed, I ran the "Basic Network Scan" to look for vulnerabilities.

I discovered that I had a Critical issue with my VLC Player, which I haven't used in a long time. The issue displayed a CVSS 9.8 so I immediately updated it. That was bad enough, but then I saw that I had another issue with a CVSS 10.0 the issue said Mac OS X XProtect Installed I was unfamiliar with this issue, so I began doing some research.

What I discovered was that the setting on my Macbook that is labeled "Install Security Responses and System Files" was toggled off, so I turned it on. I'm not sure why this occurred, but I did find this article from Apple that instructs users to turn it on both on Macs and iPhones.

I then rebooted my machine and completed another Basic Scan with Nessus. This time, there were no critical issues.

I'm interested in seeing what else I can do with Nessus Essentials. I am glad that there is a free version for people like me to work with and gain knowledge that will help in future careers.

If you have a question or feedback, please email me.