We’re going to test the patch levels of a Windows 10 evaluation build installation, followed by a CIS Windows 2012 R2 compliance audit scan. Nessus Professional v6.8.1 is being used for both scans. We’re going to provide a run through of how to carry out an authenticated scan to ascertain the patch levels of a desktop operating system, followed by a compliance audit scan of a server, both of which Nessus has in-built templates for. Whatever the requirement, an authenticated scan using administrative credentials can provide detailed insight into the security posture of an asset when compared against a baseline. This activity may be part of a build review, that assesses a system’s base configuration in order to identify weaknesses in the source build it was created from, or maybe even as part of a compliance audit, like PCI DSS requirement 2.2, where a system’s configuration can be assessed against known baselines, for example the Centre for Internet Security’s (CIS) Windows Server 2012 R2 benchmark.
This post will walk you through using Tenable’s Nessus to perform a credentialed patch audit and compliance scan.
0 kommentar(er)
