1
00:00:00,150 --> 00:00:01,200
All right, welcome back, everyone.

2
00:00:01,230 --> 00:00:09,480
This decision is about Nessa's scouter, and this Narcisco is the tune you would find when you work

3
00:00:09,480 --> 00:00:16,280
with the multinational organization who make use of NASA's scanner for performing and scanning their

4
00:00:16,290 --> 00:00:20,910
organization assets against the 100 different vulnerabilities as well.

5
00:00:22,130 --> 00:00:24,330
This is how the dashboard really looks like.

6
00:00:24,780 --> 00:00:27,870
And this is you can see there are multiple colors.

7
00:00:28,050 --> 00:00:31,290
That's where you see the vulnerability listed one way or the other.

8
00:00:31,740 --> 00:00:32,690
What do you see in the red?

9
00:00:32,700 --> 00:00:34,470
That's the high priority for us.

10
00:00:34,860 --> 00:00:37,920
Are you seeing the orange to medium now?

11
00:00:37,960 --> 00:00:44,640
It's want to be discounting to of course, we know that and use biosecurity auditors and large business

12
00:00:44,990 --> 00:00:45,860
like businesses.

13
00:00:46,290 --> 00:00:49,640
Why a security auditor use it to serve for their customer.

14
00:00:49,800 --> 00:00:56,070
So security auditors are the independent security auditor who works for the organization, who works

15
00:00:56,070 --> 00:00:57,240
for different organizations.

16
00:00:57,360 --> 00:00:57,720
OK.

17
00:00:58,140 --> 00:01:02,910
So as I told you earlier, there could be internal auditor and external auditors as well.

18
00:01:03,090 --> 00:01:03,410
All right.

19
00:01:03,500 --> 00:01:10,020
So these these auditors, security auditors comes to your organization and they start scanning all the

20
00:01:10,020 --> 00:01:13,550
organization and get to know that these are the weaknesses you have and everything.

21
00:01:13,560 --> 00:01:13,780
Right.

22
00:01:14,070 --> 00:01:21,170
So usually mid-sized businesses make use of it who cannot really afford the, you know, scanners for

23
00:01:21,220 --> 00:01:23,310
four annual bases or so.

24
00:01:24,090 --> 00:01:24,410
All right.

25
00:01:24,690 --> 00:01:31,800
And the Skansen network on the entire network for our it is firewalls, everything.

26
00:01:31,800 --> 00:01:32,810
And do the network.

27
00:01:33,030 --> 00:01:40,800
You can get to know about the routers, Cisco, Juniper or any other routers that we have.

28
00:01:41,550 --> 00:01:47,170
If that has anyone, nobody in the network as well, maybe the citizens, but maybe Cisco Arista's,

29
00:01:47,220 --> 00:01:54,870
which is or maybe it's the extreme network to just maybe such as is usually in messages.

30
00:01:54,870 --> 00:01:59,190
We won't be having much of the world, liberty or organization don't really go for those.

31
00:01:59,490 --> 00:02:06,090
But in case of Manaslu, just like Cisco and Brandon switches, it can perform the scanning and get

32
00:02:06,360 --> 00:02:08,610
get to know if there's any weaknesses.

33
00:02:08,700 --> 00:02:12,510
There's any vulnerability in those are just switches.

34
00:02:13,020 --> 00:02:13,670
All right.

35
00:02:14,040 --> 00:02:15,600
And of course, the Web application.

36
00:02:16,290 --> 00:02:24,090
So it could be our cloud based application hosted on the cloud online or it could be unprime internally

37
00:02:24,090 --> 00:02:32,520
use application maybe for the Atari mess or maybe Internet portal application as a private application

38
00:02:32,520 --> 00:02:32,820
as well.

39
00:02:32,830 --> 00:02:37,670
We can scan those applications and we can get to know if we have any weaknesses of vulnerability.

40
00:02:38,160 --> 00:02:42,290
Now, you know, no one ever debate based on oost stopped.

41
00:02:42,300 --> 00:02:44,160
And one of the weaknesses is.

42
00:02:45,120 --> 00:02:45,540
All right.

43
00:02:45,720 --> 00:02:49,650
And along with finding them, one of them really is it is also useful for finding.

44
00:02:50,040 --> 00:02:53,340
Finding is also ScanSource compliances as well.

45
00:02:53,340 --> 00:02:55,440
Maybe for ISO twenty seven thousand one.

46
00:02:55,800 --> 00:03:02,580
We can also make use it for Sock's for Arkadiusz Scan, which is medially for the payment organization,

47
00:03:02,580 --> 00:03:05,820
to either process store credit card information.

48
00:03:06,060 --> 00:03:13,860
They come, they have to they have to comply with Arkadiusz and they can make use of bcos plugins which

49
00:03:13,860 --> 00:03:17,850
are available on the tool to scan for their different assets.

50
00:03:18,240 --> 00:03:24,470
They can also make use of songs ISO twenty seven thousand one, you know, framework as well.

51
00:03:24,480 --> 00:03:31,490
In fact, nest in this framework as well, TSF or other special publications as well.

52
00:03:32,220 --> 00:03:36,450
So we'll talk about all those publications and in fact compliances.

53
00:03:36,450 --> 00:03:39,900
We have discussed some of them in the past sections already.

54
00:03:40,200 --> 00:03:43,250
And there's also give you an idea about some of the best practices.

55
00:03:43,260 --> 00:03:51,690
So let's say if you have configured some timelike value on the router for maybe four, maybe maybe ICMP

56
00:03:51,690 --> 00:03:55,620
barcodes or keep a lot of messages so it can recommend you.

57
00:03:55,830 --> 00:04:02,670
OK, go for this much of a value, maybe this much of a millisecond or a 10 seconds or 15 second.

58
00:04:02,860 --> 00:04:09,780
So the spool also helps you to go with some best practices and best practice configurations.

59
00:04:09,780 --> 00:04:16,320
In fact, right now, the Nessus that enable the product comes with three licenses.

60
00:04:17,070 --> 00:04:19,860
When it comes to these scanning, it could be Nessus.

61
00:04:19,860 --> 00:04:25,980
Essentially this is free with which we can perform scanning for 16 IP addresses.

62
00:04:26,380 --> 00:04:30,530
And this is for medially for testing so far learning as well.

63
00:04:30,810 --> 00:04:37,920
If you want to test yourself in your home lab and just like the way you're going to be going to be doing.

64
00:04:37,950 --> 00:04:45,270
You can start doing this, but you can only scan up to 16 IP addresses that could be hosted routers

65
00:04:45,280 --> 00:04:49,650
such as anything but just 16 IP addresses Nessus professional.

66
00:04:49,950 --> 00:04:59,100
It can scan for unlimited IP addresses and the scans for maybe and any any any application, no searches

67
00:04:59,100 --> 00:04:59,750
or whatever it is.

68
00:05:00,180 --> 00:05:08,250
It can scan for unlimited devices and enable that IO is majorly used for cloud hosted applications so

69
00:05:08,250 --> 00:05:09,540
it can be hosted in the cloud.

70
00:05:09,900 --> 00:05:16,050
It does actually hosted in the cloud and from the external server, Affinia itself will be scanning

71
00:05:16,050 --> 00:05:17,070
our internal network.

72
00:05:17,340 --> 00:05:21,040
So in that situation, we don't really have to get the license.

73
00:05:21,060 --> 00:05:23,210
We don't really have to install it somewhere.

74
00:05:23,460 --> 00:05:30,420
We don't have to take care of firewalls and other stuff and, you know, firewall blocking any ports

75
00:05:30,420 --> 00:05:36,510
on all this stuff and being able to be sure that, you know, it has the scan process will be coming

76
00:05:36,510 --> 00:05:41,610
in from the online, from the server, from the external public networks.

77
00:05:42,240 --> 00:05:46,350
So we just have to play the cards with the external firewall only.

78
00:05:46,560 --> 00:05:46,860
Right.

79
00:05:47,160 --> 00:05:54,540
So these are the different licenses, although the the I'm the funnel cloud based application was very

80
00:05:54,540 --> 00:05:56,420
seamless and pretty popular popularism.

81
00:05:57,060 --> 00:06:03,060
But just to get started, we can you can you can make use of NASA's decision to try it out in the lab.

82
00:06:03,960 --> 00:06:09,710
And this is professional is pretty much used by the security auditor, ASBA, to install it and get

83
00:06:09,720 --> 00:06:13,390
started with the scanning and they get the report as well at the end.

84
00:06:13,830 --> 00:06:14,150
Right.

85
00:06:14,220 --> 00:06:15,960
So this is all about Nessus.

86
00:06:16,230 --> 00:06:21,300
From the next session on what we'll be talking about, we can I will be actually getting started with

87
00:06:21,300 --> 00:06:21,430
it.

88
00:06:21,720 --> 00:06:22,110
All right.

89
00:06:22,110 --> 00:06:23,190
So we'll see you then.