<span class="text_page_counter">Trang 1</span><div class="page_container" data-page="1">

<b>GROUP 3:</b>

<b>Lê Đức ThắngNguyễn Tấn PhongNguyễn Ngọc KhơiPhạm Hữu HồNguyễn Lê Ngun</b>

</div><span class="text_page_counter">Trang 2</span><div class="page_container" data-page="2">

<b>I)What is Security Assessment?</b>

1. Components of Security Assessment2. What to Do with Security Assessment

<b>II) Nessus</b>

1.

Key features of Nessus

2.

Benefits of using Nessus

<b>IV) WES-NG</b>

1. Key Features2. Benefits3. Usage

4. Conclusion

<b>V) Ubuntu</b>

1. Vulnerability Overview

<b>VI) Security Assessment Methods</b>

1. Types of Security Assessment Methods2. Steps in a Security Assessment Process3. Benefits of Security Assessment Methods4. Choosing the Right Security Assessment Method

<b>VII) Information security assessment tools</b>

<b>VIII) Conclusion</b>

</div><span class="text_page_counter">Trang 3</span><div class="page_container" data-page="3">

<b>I) What is Security Assessment?</b>

Security assessment involves a systematic examination of an organization's security posture to ascertain the effectiveness of its protective measures. This process typically includes evaluating technical controls, such as firewalls and antivirus software, as well as nontechnical elements like policies, procedures, and employee awareness. The goal is to identify potential security gaps and vulnerabilities that could be exploited by malicious actors.

<b>Key Elements of Security Assessment:Technical Controls:</b>

Firewalls: Evaluation of the configuration, effectiveness, and rule sets of firewalls to ensure they provide robust protection against unauthorized access.

Antivirus Software: Assessment of antivirus solutions to verify their capability to detect and mitigate known and emerging threats.

<b>Objective of Security Assessment:</b>

Finding possible security holes and vulnerabilities that malevolent actors could exploit is the main goal of security assessments. Organizations seek to understand their overall security posture and make informeddecisions to strengthen their resistance against cyber threats by looking at both technical and non-technical aspects

<b>Components of Security Assessment: </b>

<b>Vulnerability Assessment: A vulnerability assessment is a systematic process of identifying, quantifying, </b>

and prioritizing vulnerabilities in a system, network, or application. These vulnerabilities could be potential entry points for attackers to exploit.

<b>Penetration Testing: Penetration testing, also known as ethical hacking, involves simulating realworld </b>

cyberattacks on a system or network to assess the effectiveness of security measures and uncover potential weaknesses.

<b>Security Audits: Security audits involve a systematic evaluation of an organization's adherence to </b>

established security policies, procedures, and regulatory requirements. This process ensures that the organization aligns with recognized standards and practices.

</div><span class="text_page_counter">Trang 4</span><div class="page_container" data-page="4">

<b>Risk Assessment: Risk assessment involves the analysis of potential risks and their impact on business </b>

operations. This process informs strategic decisionmaking and aids in the development of risk mitigation strategies.

Incorporating these components into a holistic security assessment strategy enables organizations to proactively address vulnerabilities, enhance their security posture, and make informed decisions in the face of evolving cyber threats.

<b>What to Do with Security Assessment: </b>

<b>1. Identify Weaknesses:</b>

Objective: The goal of pinpointing vulnerabilities in a security assessment is to identify specific weaknesses within an organization's systems, networks, and processes. This process is crucial for targeted improvement, enabling organizations to focus their resources on addressing the most critical security risks effectively.

Action Steps:

1. Leverage security assessments to conduct indepth analyses.

2. Prioritize weaknesses based on a risk assessment, considering severity and potential impact.3. Initiate remediation efforts, addressing the most critical vulnerabilities first.

<b>2. Risk Mitigation:</b>

Objective: Identifying and understanding risks is a crucial aspect of security assessments, but the real value lies in the ability to develop and implement effective strategies to mitigate these risks. Here's a detailed breakdown of how organizations can develop strategies to reduce and manage identified risks:Action Steps:

a. Collaborate with relevant stakeholders to design and implement risk mitigation plans.b. Establish a risk management framework, incorporating continuous monitoring and regular

a. Utilize security assessments as a tool for demonstrating compliance and due diligence.b. Regularly review and update policies and procedures to align with changing regulatory

</div><span class="text_page_counter">Trang 5</span><div class="page_container" data-page="5">

implementation of relevant regulations.

<b>4. Continuous Improvement:</b>

Objective: Evolve security measures to adapt to emerging threats. To ensure that security measures remain effective in the face of evolving and emerging cyber threats, organizations must adopt a proactiveapproach to continuously enhance and adapt their security posture.

Action Steps:

a. Conduct periodic security assessments to stay ahead of evolving cyber threats.b. Use assessment results as a feedback loop for refining and improving security policies,

procedures, and training programs.

c. Engage in threat intelligence sharing and stay informed about the latest cybersecurity trends.

<b>5. Incident Response Planning:</b>

Objective: Enhance the organization's ability to respond effectively to security incidents.Action Steps:

a. Integrate assessment findings into incident response plans, ensuring they reflect the current threat landscape.

b. Conduct regular tabletop exercises to test and refine incident response procedures.c. Establish clear communication channels and escalation paths during incidents.

<b>6. Employee Training:</b>

Objective: Cultivate a securityconscious culture through targeted training. Instilling a robust conscious culture within the organization is essential for bolstering overall cybersecurity resilience. Targeted training plays a pivotal role in raising awareness, educating employees, and fostering a collective sense of responsibility toward maintaining a secure work environment.

</div><span class="text_page_counter">Trang 6</span><div class="page_container" data-page="6">

a. Incorporate security assessments into vendor onboarding processes.b. Establish clear security requirements for thirdparty relationships.c. Periodically reassess and audit the security practices of external entities.

In conclusion, security assessments offer a thorough understanding of the security environment within an organization, taking into account employee awareness, technical controls, policies, and procedures. Organizations can strengthen their defenses against evolving cyber threats by proactively identifying and addressing potential vulnerabilities through the implementation of security audits, vulnerability assessments, penetration testing, and risk assessments.

Nessus is a vulnerability scanner developed by Tenable, Inc. It is one of the most popular vulnerability scanners on the market, and it is used by organizations of all sizes to identify and remediate vulnerabilities in their networks. Nessus can scan a wide range of devices, including servers, workstations, mobile devices, and IoT devices. It can also scan cloud environments, such as AWS, Azure, and GCP.

1<b>) Key features of Nessus include:</b>

Comprehensive scanning: Nessus can scan for a wide range of vulnerabilities, including missing patches, misconfigurations, and weak passwords.

Agentless scanning: Nessus can scan devices without the need for installing an agent on each device. This makes it ideal for scanning large and distributed networks.

Remote scanning: Nessus can scan devices remotely, which means that you can scan devices from anywhere in the world.

Reporting: Nessus provides a variety of reports that can help you to track your progress and identify trends.

Integration: Nessus can integrate with other security products, such as firewalls and intrusion detection systems.

<b>2) Benefits of using Nessus include:</b>

Reduced risk of security breaches: Nessus can help you to identify and remediate vulnerabilities before they can be exploited by attackers.

Improved compliance: Nessus can help you to comply with security regulations, such as PCI DSS and HIPAA.

Reduced costs: Nessus can help you to save money on security costs by identifying and remedying vulnerabilities before they cause downtime or data breaches.

<b>3) Pricing:</b>

</div><span class="text_page_counter">Trang 7</span><div class="page_container" data-page="7">

edition is the most affordable option, and it is suitable for small businesses and organizations with limited IT resources. The Professional edition is a more powerful option, and it is suitable for larger organizations with more complex IT environments.

Overall, Nessus is a powerful and versatile vulnerability scanner that can help you to improve the security of your organization.

Additional information:

Nessus is available for Linux, Windows, and macOS.Nessus can be deployed on-premises or in the cloud.

Nessus is supported by a large community of users and developers.

<b>4) Nessus scan report</b>

<b>A. Perform a vulnerability assessment in Nessus</b>

<b>1. Install Nessus and setup in Kali linux</b>

Go to Nessus with version in the image for kali linux because <b>Nessus Debian Linux</b> is a version of Nessus optimized and compatible with the Debian operating system, which includes Kali Linux.

<b>=> This ensures that Nessus will work well on Kali Linux and take full advantage of the operating system's </b>

features and capabilities.

</div><span class="text_page_counter">Trang 8</span><div class="page_container" data-page="8">

install Nessus: dpkg -i Nessus-10.6.3-debian10_amd6.deb

<b>Start Nessus: After installation, start the Nessus service by running the following command: /bin/systemctl start nessusd.service </b>

<b>Access Nessus Web Interface: Open a web browser and visit https://localhost:8834. You will be </b>

prompted with a security warning, as the default Nessus SSL certificate is self-signed. Accept the security warning and proceed to the Nessus web interface.

<b>Set Up Nessus: Follow the on-screen instructions to complete the initial setup of Nessus. This </b>

involves creating an administrator account, setting a password, and configuring the necessary settings.

<b>Activate Nessus: To activate Nessus, you need to obtain an activation code. Go to the Tenable </b>

website ( and register for a new Nessus Essentials account. After registration, you will receive an activation code via email. Enter the activation code in the Nessus web interface to activate your installation.

</div><span class="text_page_counter">Trang 9</span><div class="page_container" data-page="9">

practice to manually update the plugins to ensure you have the most up-to-date vulnerability checks. In the Nessus web interface, go to the "Scanners" section and click on the "Feed" tab. Click the "Update" button to update the Nessus plugins.

<b>B. Setup a vulnerability scan </b>

<b>1. 1st scan of Ubuntu client</b>

The Policies save time by eliminating the need to manually configure scan settings for each individual scan. Once you have created a policy, you can simply select it for future scans, reducingthe setup time and effort required. And it can be customized to meet specific requirements. You can create different policies for different types of

scans, such as internal network scans, web application scans, or compliance scans.

</div><span class="text_page_counter">Trang 10</span><div class="page_container" data-page="10">

description for the scan.

Configure the target: Specify the target for the scan, which can be an IP address, hostname, or range of IP addresses. You can also define additional options such as the scan type (e.g., basic network scan) and port range. In this situation i set the target to the ip of the ubuntu client

Start the scan: Once you have configured the scan settings, start the scan by clicking on the "Scan" or similar button.

The results show that conducting scans without credentials has limitations and may not provide a complete picture of the security posture of the scanned systems. because Without credentials, the scanning tool may not be able to authenticate and gain deeper access to the target systems and it may not reveal all the services, applications, or vulnerabilities present on the target systems. Some services or vulnerabilities may only be exposed or detectable through authenticated scans.

<b>2. Doing a Credentialed Scan for ubuntu clients</b>

</div><span class="text_page_counter">Trang 11</span><div class="page_container" data-page="11">

<b>SSH Credentials: SSH credentials typically consist of a username and password or an SSH key pair </b>

(public and private key). SSH keys offer stronger security than passwords and are recommended for production environments.

<b>Windows Credentials:Windows credentials are used for authenticating and accessing </b>

Windows-based systems in a network scan. Windows credentials include a username and password associated with a Windows user account on the target system.

=> In this situation we use SSH because the system we want to scan is Unix-based systems:

<b>1st way to do this is to provide a key pair for authentication:</b>

First open ubuntu terminal and type: <b>ssh-keygen -t rsa , </b> then we will receive a key pair in the default save file

the paraphrase will be set empty

use <b>ls .ssh </b>command to make sure the key pair <b>id_rsa</b> and <b>id_rsa.pub </b>are in the .ssh Next is to make sure the ssh and ufw service is working properly in both virtual machine

</div><span class="text_page_counter">Trang 12</span><div class="page_container" data-page="12">

Also make sure that the .ssh directory is created in kali linux

After that write this command to send the keys pair to the kali linux machine:

<b>scp .ssh/id_rsa.pub :/home/kali/.ssh/authorized_keys </b>

</div><span class="text_page_counter">Trang 13</span><div class="page_container" data-page="13">

After the key pair are successfully deliver, go to the ssh tab and add the key file

<b>2nd way to do this is to provide a root username and password for authentication:</b>

This is more faster than make a key pair and less eror:

</div><span class="text_page_counter">Trang 14</span><div class="page_container" data-page="14">

allowing the scanning tool to gather additional information and perform a more accurate evaluation of the target systems' security posture.

Go to Host tab and click launch:This will be the result

We can see that there is a big different in the result when there are alot of vulnerability that have been found after we setup credential

</div><span class="text_page_counter">Trang 17</span><div class="page_container" data-page="17">

<b>3. Assess and give solution for ubuntu client</b>

The report identifies a total of 68 vulnerabilities affecting Ubuntu 16.04 ESM, 18.04 ESM, 20.04 LTS, 22.04 LTS, and 23.04. These vulnerabilities are grouped by severity:

<b>Critical (44):</b> These vulnerabilities are the most severe and have the highest potential for exploitation. They should be addressed immediately.

<b>High (17):</b> These vulnerabilities are serious and should be addressed as soon as possible.Medium (6): These vulnerabilities are moderate and should be addressed in a timely manner.Low (1): These vulnerabilities are the least severe and should be monitored closely.

<b>Most Severe Vulnerabilities</b>

<b>The most severe vulnerabilities identified in this report are:</b>

<b>Linux kernel vulnerabilities (16): These vulnerabilities could allow attackers to take control of </b>

affected systems.

<b>Vim vulnerabilities (11): These vulnerabilities could allow attackers to execute arbitrary code </b>

on affected systems.

<b>Ghostscript vulnerabilities (10): These vulnerabilities could allow attackers to crash affected </b>

systems or cause other denial-of-service attacks.

Besides There are also a error code to find detailed information from the development:Example for the OpenSSH vulnerability <b>USN-6242-2</b>

</div><span class="text_page_counter">Trang 18</span><div class="page_container" data-page="18">

<b>Impact of Vulnerabilities:</b>

The exploitation of these vulnerabilities could lead to a variety of negative consequences, including:

<b>Remote code execution (RCE): This allows attackers to execute code on affected systems as if </b>

they were the system's owner.

<b>Privilege escalation: This allows attackers to gain control of accounts with higher privileges </b>

than their own.

<b>Denial-of-service (DoS) attacks: This prevents legitimate users from accessing or using </b>

affected systems.

<b>Data breaches: This allows attackers to steal sensitive data from affected systems.</b>

These consequences could have a significant impact on the confidentiality, integrity, and availability of affected systems.

<b>Analysis of Vulnerabilities</b>

Each vulnerability identified in this report has been analyzed in detail. The analysis includes the following information:

<b>CVSS score: This score indicates the severity of the vulnerability, with higher scores indicating </b>

more severe vulnerabilities.

<b>Severity: This classification indicates the potential impact of the vulnerability, with Critical </b>

being the most severe and Low being the least severe.

<b>Package: This identifies the package that is affected by the vulnerability.</b>

<b>Potential impact: This describes the specific consequences that could result from the </b>

exploitation of the vulnerability.

<b>=> Solutions for Vulnerabilities</b>

</div>