Cybersecurity-Vulnerability-Management-Project

Set up a secure Azure network with an OpenVas Vulnerability Scanner VM.

Create our Free Azure Account

Sign up: https://azure.microsoft.com/en-us/free/
Login: https://portal.azure.com

Prepare Vulnerability Management Scanner

• https://portal.azure.com → Go to the Marketplace → “OpenVAS secured and supported by HOSSTED”

• “Start with a pre-set configuration” → Pick the weakest one
  

  • “Continue to Create VM”
    
  • Resource Group: Vulnerability-Management
    
    • VM Name: OpenVAS (Take note of the region and Vnet–consider East US 2)
      
    • Authentication: Username → azureuser / Cyberlab123!
      
    • Monitoring: Disable Boot Diagnostic (don’t need it)
      
    • Create → Create
      
    • After the VM has been created, SSH into it With PowerShell (windows) or Terminal (MacOS) using the credentials you created earlier
      
    • Don’t touch anything, you’ll notice the “Your openvas is deploying, please wait”
      * Wait until it says “hossted stage done”
      

  

  • It should show the web app URL and default username and password at this point, attempt to go to the URL in the browser and login with the username and password. If it doesn’t work, try admin/admin:

    

    • After you get logged in, reset the admin password from the original, to: Cyberlab123!

• https://portal.azure.com/

• Search for Virtual Machines and create a new Virtual Machine

  • Resource Group: Vulnerability-Management
  • VM Name: Win10-Vulnerable
  • Region: Same as the OpenVAS VM (East US 2)
  • Virtual Network: Same as OpenVAS (this is important)
  • Image: Windows 10 Pro
  • Size: Any size with 2 vCPUs
  • Username: azureuser / Cyberlab123!
  • Networking: Same Vnet as OpenVAS
  • Create the VM

• After the VM has been created, ensure you can RDP into it with the credentials you created.

• After logging in, make the VM vulnerable:

  • Disable the Windows Firewall
  • Old Software
    • Install an Old Version of FireFox: Firefox Setup 97.0b5
    • Install an Old Version of VLC Player: vlc-1.1.7-win32
    • Install an Old Version of Adobe Reader: 10.0_AdbeRdr1000_en_US_1_
  • Restart the VM

• Leave the VM for now

Configure and OpenVAS to Perform First Unauthenticated Scan against our Vulnerable VM:

• Login to OpenVAS → Assets → Hosts → New Host
  

  • Add the Client VM PRIVATE IP Address.
    

• Create a New Target from the Host, name it “Azure Vulnerable VMs”.
  

  • Take note of the credentials. We will add SMB credentials later.
    

• Create a new Task

  • Name & Comment: “Scan - Azure Vulnerable VMs”
  • Scan Targets → “Azure Vulnerable VMs”
  • Save the Task

• “Start” the “Scan - Azure Vulnerable VMs” Task
  * Take note of the Status:

  

• Once the scan is finished, click the date under “Last Report” to see the results
  * Take note of Tabs, specifically the “Results” tab. Even though we installed a super old version of Firefox,
  note that it does not show up here.
  * Note that this is because we aren’t running a credentialed scan so the scanner could not discover it.
  We will configure credential scans next

  Make Configurations for Credentialed Scans (Within VM):

  • Disable Windows Firewall
  • Disable User Account Control
  • Enable Remote Registry
  • Set Registry Key

• Launch Registry Editor (regedit.exe) in “Run as administrator” mode and grant Admin Approval, if requested
  

• Navigate to HKEY_LOCAL_MACHINE hive
  

• Open SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System key
  

• Create a new DWORD (32-bit) value with the following properties: Name:
  LocalAccountTokenFilterPolicy Value: 1
  

• Close Registry Editor
  

• Restart the VM.

  Make Configurations for Credentialed Scans (OpenVAS):

  • Go to Configuration → Credentials → New Credential
    
    • Name / Comment → “Azure VM Credentials”
    • Allow Insecure Use: Yes
    • Username: azureuser
    • Password: Cyberlab123!
    • Save

• Go to Configuration → Targets → CLONE the Target we made before
  

  • NEW Name / Comment: “Azure Vulnerable VMs - Credentialed Scan”

  • Ensure the Private IP is still accurate

  • Credentials → SMB → Select the Credentials we just made: Azure VM Credentials

  • Save

    Execute Credentialed Scan against our Vulnerable Windows VM:

    • Within Greenbone / OpenVAS, go to Scans → Tasks
    • CLONE the “Scan - Azure Vulnerable VMs” Task, then Edit it:
      • Name / Comment → “Scan - Azure Vulnerable VMs - Credentialed”
      • Targets: Azure Vulnerable VMs - Credentialed Scan
      • Save

  • Click the Play button to launch the new Credentialed Scan, wait for it to finish

    • It will take longer than the last one. Wait for it to finish

  • After the credentialed scan finishes, you can immediately see the difference in findings:

    

  • Check SMB Login under “Results”

  • Further inspect the individual vulnerabilities and see all the Criticals from the out-of-date FireFox

    • Remove the Filter (upper right)

Remediate Vulnerabilities:

• Log back into your Win10-Vulnerable VM

• Uninstall Adobe Reader, VLC Player, and Firefox

• Restart the VM

  Verify Remediations:

  • Re-initiate the “Scan - Azure Vulnerable VMs - Credentialed” scan and observe the results.

Remember:

• Remember that creating vulnerabilities involves making the system insecure, so it's essential to isolate your lab environment from production networks.
  This can be done using virtual machines and a separate, isolated network.
  Also, ensure that students understand the implications of their actions and the importance of ethical conduct in cybersecurity.