1 00:00:00,150 --> 00:00:01,200 All right, welcome back, everyone. 2 00:00:01,230 --> 00:00:09,480 This decision is about Nessa's scouter, and this Narcisco is the tune you would find when you work 3 00:00:09,480 --> 00:00:16,280 with the multinational organization who make use of NASA's scanner for performing and scanning their 4 00:00:16,290 --> 00:00:20,910 organization assets against the 100 different vulnerabilities as well. 5 00:00:22,130 --> 00:00:24,330 This is how the dashboard really looks like. 6 00:00:24,780 --> 00:00:27,870 And this is you can see there are multiple colors. 7 00:00:28,050 --> 00:00:31,290 That's where you see the vulnerability listed one way or the other. 8 00:00:31,740 --> 00:00:32,690 What do you see in the red? 9 00:00:32,700 --> 00:00:34,470 That's the high priority for us. 10 00:00:34,860 --> 00:00:37,920 Are you seeing the orange to medium now? 11 00:00:37,960 --> 00:00:44,640 It's want to be discounting to of course, we know that and use biosecurity auditors and large business 12 00:00:44,990 --> 00:00:45,860 like businesses. 13 00:00:46,290 --> 00:00:49,640 Why a security auditor use it to serve for their customer. 14 00:00:49,800 --> 00:00:56,070 So security auditors are the independent security auditor who works for the organization, who works 15 00:00:56,070 --> 00:00:57,240 for different organizations. 16 00:00:57,360 --> 00:00:57,720 OK. 17 00:00:58,140 --> 00:01:02,910 So as I told you earlier, there could be internal auditor and external auditors as well. 18 00:01:03,090 --> 00:01:03,410 All right. 19 00:01:03,500 --> 00:01:10,020 So these these auditors, security auditors comes to your organization and they start scanning all the 20 00:01:10,020 --> 00:01:13,550 organization and get to know that these are the weaknesses you have and everything. 21 00:01:13,560 --> 00:01:13,780 Right. 22 00:01:14,070 --> 00:01:21,170 So usually mid-sized businesses make use of it who cannot really afford the, you know, scanners for 23 00:01:21,220 --> 00:01:23,310 four annual bases or so. 24 00:01:24,090 --> 00:01:24,410 All right. 25 00:01:24,690 --> 00:01:31,800 And the Skansen network on the entire network for our it is firewalls, everything. 26 00:01:31,800 --> 00:01:32,810 And do the network. 27 00:01:33,030 --> 00:01:40,800 You can get to know about the routers, Cisco, Juniper or any other routers that we have. 28 00:01:41,550 --> 00:01:47,170 If that has anyone, nobody in the network as well, maybe the citizens, but maybe Cisco Arista's, 29 00:01:47,220 --> 00:01:54,870 which is or maybe it's the extreme network to just maybe such as is usually in messages. 30 00:01:54,870 --> 00:01:59,190 We won't be having much of the world, liberty or organization don't really go for those. 31 00:01:59,490 --> 00:02:06,090 But in case of Manaslu, just like Cisco and Brandon switches, it can perform the scanning and get 32 00:02:06,360 --> 00:02:08,610 get to know if there's any weaknesses. 33 00:02:08,700 --> 00:02:12,510 There's any vulnerability in those are just switches. 34 00:02:13,020 --> 00:02:13,670 All right. 35 00:02:14,040 --> 00:02:15,600 And of course, the Web application. 36 00:02:16,290 --> 00:02:24,090 So it could be our cloud based application hosted on the cloud online or it could be unprime internally 37 00:02:24,090 --> 00:02:32,520 use application maybe for the Atari mess or maybe Internet portal application as a private application 38 00:02:32,520 --> 00:02:32,820 as well. 39 00:02:32,830 --> 00:02:37,670 We can scan those applications and we can get to know if we have any weaknesses of vulnerability. 40 00:02:38,160 --> 00:02:42,290 Now, you know, no one ever debate based on oost stopped. 41 00:02:42,300 --> 00:02:44,160 And one of the weaknesses is. 42 00:02:45,120 --> 00:02:45,540 All right. 43 00:02:45,720 --> 00:02:49,650 And along with finding them, one of them really is it is also useful for finding. 44 00:02:50,040 --> 00:02:53,340 Finding is also ScanSource compliances as well. 45 00:02:53,340 --> 00:02:55,440 Maybe for ISO twenty seven thousand one. 46 00:02:55,800 --> 00:03:02,580 We can also make use it for Sock's for Arkadiusz Scan, which is medially for the payment organization, 47 00:03:02,580 --> 00:03:05,820 to either process store credit card information. 48 00:03:06,060 --> 00:03:13,860 They come, they have to they have to comply with Arkadiusz and they can make use of bcos plugins which 49 00:03:13,860 --> 00:03:17,850 are available on the tool to scan for their different assets. 50 00:03:18,240 --> 00:03:24,470 They can also make use of songs ISO twenty seven thousand one, you know, framework as well. 51 00:03:24,480 --> 00:03:31,490 In fact, nest in this framework as well, TSF or other special publications as well. 52 00:03:32,220 --> 00:03:36,450 So we'll talk about all those publications and in fact compliances. 53 00:03:36,450 --> 00:03:39,900 We have discussed some of them in the past sections already. 54 00:03:40,200 --> 00:03:43,250 And there's also give you an idea about some of the best practices. 55 00:03:43,260 --> 00:03:51,690 So let's say if you have configured some timelike value on the router for maybe four, maybe maybe ICMP 56 00:03:51,690 --> 00:03:55,620 barcodes or keep a lot of messages so it can recommend you. 57 00:03:55,830 --> 00:04:02,670 OK, go for this much of a value, maybe this much of a millisecond or a 10 seconds or 15 second. 58 00:04:02,860 --> 00:04:09,780 So the spool also helps you to go with some best practices and best practice configurations. 59 00:04:09,780 --> 00:04:16,320 In fact, right now, the Nessus that enable the product comes with three licenses. 60 00:04:17,070 --> 00:04:19,860 When it comes to these scanning, it could be Nessus. 61 00:04:19,860 --> 00:04:25,980 Essentially this is free with which we can perform scanning for 16 IP addresses. 62 00:04:26,380 --> 00:04:30,530 And this is for medially for testing so far learning as well. 63 00:04:30,810 --> 00:04:37,920 If you want to test yourself in your home lab and just like the way you're going to be going to be doing. 64 00:04:37,950 --> 00:04:45,270 You can start doing this, but you can only scan up to 16 IP addresses that could be hosted routers 65 00:04:45,280 --> 00:04:49,650 such as anything but just 16 IP addresses Nessus professional. 66 00:04:49,950 --> 00:04:59,100 It can scan for unlimited IP addresses and the scans for maybe and any any any application, no searches 67 00:04:59,100 --> 00:04:59,750 or whatever it is. 68 00:05:00,180 --> 00:05:08,250 It can scan for unlimited devices and enable that IO is majorly used for cloud hosted applications so 69 00:05:08,250 --> 00:05:09,540 it can be hosted in the cloud. 70 00:05:09,900 --> 00:05:16,050 It does actually hosted in the cloud and from the external server, Affinia itself will be scanning 71 00:05:16,050 --> 00:05:17,070 our internal network. 72 00:05:17,340 --> 00:05:21,040 So in that situation, we don't really have to get the license. 73 00:05:21,060 --> 00:05:23,210 We don't really have to install it somewhere. 74 00:05:23,460 --> 00:05:30,420 We don't have to take care of firewalls and other stuff and, you know, firewall blocking any ports 75 00:05:30,420 --> 00:05:36,510 on all this stuff and being able to be sure that, you know, it has the scan process will be coming 76 00:05:36,510 --> 00:05:41,610 in from the online, from the server, from the external public networks. 77 00:05:42,240 --> 00:05:46,350 So we just have to play the cards with the external firewall only. 78 00:05:46,560 --> 00:05:46,860 Right. 79 00:05:47,160 --> 00:05:54,540 So these are the different licenses, although the the I'm the funnel cloud based application was very 80 00:05:54,540 --> 00:05:56,420 seamless and pretty popular popularism. 81 00:05:57,060 --> 00:06:03,060 But just to get started, we can you can you can make use of NASA's decision to try it out in the lab. 82 00:06:03,960 --> 00:06:09,710 And this is professional is pretty much used by the security auditor, ASBA, to install it and get 83 00:06:09,720 --> 00:06:13,390 started with the scanning and they get the report as well at the end. 84 00:06:13,830 --> 00:06:14,150 Right. 85 00:06:14,220 --> 00:06:15,960 So this is all about Nessus. 86 00:06:16,230 --> 00:06:21,300 From the next session on what we'll be talking about, we can I will be actually getting started with 87 00:06:21,300 --> 00:06:21,430 it. 88 00:06:21,720 --> 00:06:22,110 All right. 89 00:06:22,110 --> 00:06:23,190 So we'll see you then.