This repository contains the deliverables for the PC vulnerability scanning task, demonstrating the ability to perform basic vulnerability assessments using free security tools.
The primary objective of this task was to identify common vulnerabilities on a personal computer using a free vulnerability scanner and document the findings.
- Vulnerability Scanner: Tenable Nessus Essentials
- Target: Local machine (IP Address:
220.185.154.170)
- Nessus Essentials Installation: Tenable Nessus Essentials was installed on the system.
- Scan Policy Configuration: A custom scan policy named "Cett policy" was used for the scan.
- Target Definition: The scan target was configured to
220.185.154.170. - Scan Execution: A full vulnerability scan was initiated.
- Report Generation: Upon completion (on June 1, 2025, at 23:39:16 IST), Nessus generated a detailed vulnerability report.
The scan identified a total of 36 vulnerabilities on the target system. The breakdown by severity is as follows:
- Critical: 2
- Medium: 2
- Low: 1
- Info: (Multiple 'Info' level findings, inferred from total count and listed severities)
Based on the Nessus scan report, the following critical vulnerabilities were found on the target system:
-
Microsoft SQL Server Unsupported Version Detection (remote check)
- Severity: Critical
- CVSS v3.0: 10.0
- Description: The scan detected a Microsoft SQL Server instance running an unsupported version. Unsupported software is a significant security risk as it no longer receives crucial security updates and patches from the vendor, making it highly susceptible to known and future exploits. The CVSS score of 10.0 indicates that this vulnerability is extremely severe and could allow unauthenticated, remote attackers to gain complete control over the server.
- Proposed Mitigation: The primary mitigation strategy is to immediately upgrade the Microsoft SQL Server to a version that is currently supported by Microsoft. Implement a regular patching schedule to ensure the SQL Server and its underlying operating system are always up-to-date with the latest security fixes. If the SQL Server is not required, it should be decommissioned to eliminate the attack surface.
-
SSL Version 2 and 3 Protocol Detection
- Severity: Critical
- CVSS v3.0: 9.8
- Description: The host was found to be configured to support the SSLv2 and/or SSLv3 cryptographic protocols. Both SSLv2 and SSLv3 are deprecated and known to have severe security weaknesses, including susceptibility to man-in-the-middle attacks and the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack for SSLv3. Continued support for these protocols allows attackers to force connections to downgrade to insecure versions, compromising data confidentiality and integrity.
- Proposed Mitigation: Disable the use of SSLv2 and SSLv3 protocols on all services and applications running on the scanned host. Configure servers and applications to exclusively use strong, modern TLS versions, specifically TLS 1.2 or TLS 1.3. This typically involves modifying server configuration files (e.g., Apache, Nginx, IIS, Java application servers, etc.) and ensuring client applications also support modern TLS.
- Nessus Scan Summary (This screenshot shows the vulnerability summary and types.)
- Nessus Vulnerabilities List (This screenshot clearly lists the identified vulnerabilities by severity.)
- Nessus Scan Completion Details (This screenshot might show the scan completion details or another part of the Nessus interface.)
kb_220.185.154.170.txt(Nessus Knowledge Base/Log File)
This task provided valuable hands-on experience with vulnerability scanning using Nessus Essentials. It highlighted the importance of regularly scanning systems to identify and remediate security weaknesses, especially those related to outdated software versions and insecure cryptographic protocols. Addressing the identified critical issues, particularly the unsupported Microsoft SQL Server version and the use of insecure SSL/TLS configurations, would significantly enhance the security posture of the scanned system. Proactive patching and configuration hardening are essential practices for maintaining a secure computing environment.
Concepts:
- Vulnerability Scanning
- Penetration Testing
- CVSS (Common Vulnerability Scoring System)
- Remediation
- False Positives
- Risk Assessment
- Patch Management
- Secure Configuration
- Deprecated Protocols (e.g., SSLv2/v3)
Potential Interview Questions:
- What is vulnerability scanning, and how does it differ from penetration testing?
- What are some common vulnerabilities you might find in personal computers or servers?
- How do vulnerability scanners like Nessus detect issues?
- Can you explain what CVSS is and why it's important for prioritizing vulnerabilities?
- How often should vulnerability scans be performed on a system?
- What is a "false positive" in the context of vulnerability scanning, and how would you handle one?
- How do you prioritize vulnerabilities for remediation after a scan?
- Why is running unsupported software (like an old SQL Server) a critical security risk?
- What are the risks associated with supporting outdated SSL/TLS protocols, and how do you mitigate them?