Saturday, December 24, 2011

Vulnerability Assessment for Personal Computers


According to The Free On-line Dictionary of Computing (n.d.), a vulnerability is a bug or feature of a system that exposes it to possible attack or a flaw in the system’s security.  As time goes on, it is very difficult to be up-to-date on the latest vulnerabilities for any individual.  Notably, with the amount of zero-days being released and third-party software’s possibly opening new port(s) to your computer.  There are a variety of vulnerability scanners for an individual to use to assess their system for any flaws to patch.  The following blog post will discuss four great individual scanners but put these scanners together will create a synergy that will become greatly beneficial to the user.
First is Nessus by Tenable at http://www.tenable.com/products/nessus.  It is free for home users and according to their website, the product features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture.  When I use this product, the output is incredible easy to read and understand.  They label each vulnerability as high, medium, or low according to their criticality and ease of being exploited.
Nessus uses plug-ins that is vital to the program to scan for vulnerabilities in your system.  The plug-ins are continuously updated.  It is similar to the signatures anti-viruses use to monitor new viruses on your computer.
The installation documentation is straight forward.  You may find it here in PDF format at http://static.tenable.com/documentation/nessus_4.4_installation_guide.pdf.  The product is available for Windows and Linux.  In high-level terms, to install Nessus, you need to complete the following steps:
1.       Download the installer from www.nessus.org.
2.       Register for a key on the Nessus website by submitting your e-mail address.  Nessus will e-mail you a unique product key that can be used to register the product.
3.       Install the program.
4.       Create a Nessus user to access the system.
5.       Update the plug-ins.
Nessus runs using client/server type architecture.  Once set up, the server runs quietly in the background, and you interact with the server through a browser.  Once you have installed the Nessus server, you can access it by opening a browser and entering https://127.0.0.1:8834 in the URL.  You use the username and password you created when installing the program.
From there, you set up a scan policy.  There are some pre-configured policies you may run or you can manually set up a custom policy.  I usually don’t stray much from the pre-configured policy since I only scan my desktop computer and laptop.  Continue clicking “Next” until you reach the end of completing your policy and click the “Submit” button.  Go to the menu and click “Scan” and enter a name for your scan.  Select the pre-configured policy or the custom-made policy that you just went through and enter the IP addresses that you want scan and click “Launch Scan.”  When the scan completes, you may click on “Reports” on the menu and you will be able to view the results from the scan along with recommendations for any flaws found in your system.
Next is Microsoft Baseline Security Analyzer (MBSA).  This tool is absolutely amazing for the Microsoft operating system and products.  Overall, Nessus is a better vulnerability scanner in my opinion but to determine the true security posture of your Windows system, MBSA will administer a detailed report.  You may download the program at http://technet.microsoft.com/en-us/security/cc184924.aspx.  Microsoft explains the product as ("Microsoft baseline security,”):
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.
Although Microsoft website explains that it produced the product for IT professionals to help small and medium sized businesses, I believe it can immensely help individuals secure their personal computers.  I use the tool about once a month and the accuracy of the report is great.
Click “Scan a computer.” Enter the IP address of your computer.  You may find the IP address by going to start/run or type ‘cmd’ in the search box/type ‘ipconfig’ and press enter.  Enter the IPv4 address and click “Start Scan” at the bottom right of the screen. 
If an error comes up because a certain service is not running, click start and type “services.msc” in the search box or in “Run” and hit enter.  Find the service, “Server” to start the service and you can be certain by looking in the status column that it has started.  I believe this service is started by default but I disable the service for my desktop.  Repeat the previous steps to start the scan over.  The end result will allow you to download a PDF report to review.  The report will give you statuses on Windows updates, their own software updates (e.g. Office), system standard compliances (depending on the software installed), administrative vulnerabilities (e.g., passwords, firewall, file system, etc.), and additional vulnerability assessment.  It is an incredible tool for Microsoft Windows and their products.
So far, Nessus is for your system, MBSA is for Windows operating system and Microsoft products. Lastly are Secunia and FileHippo for third-party softwares (i.e., that does not include Microsoft).  Secunia has a product called Personal Software Inspector (PSI) and is free to download at https://secunia.com/vulnerability_scanning/personal/.   The product patches insecure programs and helps safeguard your data and PC against cybercriminals.  According to Secunia website, it is a security scanner which identifies programs that are insecure and need updates. It even automates the updating of many of these programs, making it a lot easier to maintain a secure PC.  FileHippo is a similar program to Secunia PSI.  It scans your computer and list which programs are in need of an update.
Secunia PSI and FileHippo take the worries out of wondering if third-party software is in need of an upgrade.  Today, users download so many software’s, it is understandably difficult to update each one or worse, to leave some of them unpatched for a period of time.  Download and use these tools to your advantage and keep your personal computer safe by adding the extra layer of security.  J
1.       Microsoft baseline security analyzer mbsa legacy product solution. (n.d.). Retrieved from http://technet.microsoft.com/en-us/security/cc184924.aspx
2.       Free computer security - personal software inspector (psi) - secunia. (n.d.). Retrieved from https://secunia.com/vulnerability_scanning/personal/
3.       Vulnerability. (n.d.). The Free On-line Dictionary of Computing. Retrieved December 23, 2011, from Dictionary.com website: http://dictionary.reference.com/browse/vulnerability

The video entails the use of Nessus, MBSA, Secunia, and FileHippo.  It is meant to demonstrate their functionality and how each one serves a different purpose to helping users become safer on the Internet.
I will be using Nessus through BackTrack 5 to scan my Windows 7 machine.  I have already registered for Nessus, so that part will not be shown.  For MBSA, Secunia, and FileHippo, I will be using my personal computer to scan itself.
As you will see in the video, each product produces different results.  FileHippo stated that my computer was up-to-date but Secunia found third-party software that was needed to be patched.  One product is not better than the other; I believe both products are needed for personal computers.  For MBSA, it takes time to scan the computer and download updates.  Be patient and the results will come.  Nessus is a great tool, not much to comment.  It is laid out great and easy to follow.
Thank you for reading and/or watching the video.  Look to the right for my other personal profiles.  I have accounts for: Twitter, Facebook, LinkedIn, YouTube, and I plan to sign up for Google+.  Please follow or continue to follow.  Thank you.

Note: IE won't play Vimeo (at least on my computer), so I will post both YouTube and Vimeo.  Firefox users, I prefer Vimeo.  IE users have to use YouTube, the direct link to the video.