Welcome to the Vulnerability Management Lab with Tenable! This repository contains the resources and steps from a hands-on lab that demonstrates the fundamentals of vulnerability management using Tenable’s vulnerability scanning tools. This lab is designed for cybersecurity enthusiasts and professionals looking to deepen their understanding of vulnerability management and how to use it effectively to secure systems.
This lab is designed to be cloud-based and accessible from any computer. The lab provides actionable skills for your cybersecurity journey, with practical steps to enhance your resume and boost your job prospects. The Tenable Vulnerability Management cloud console was used as the main operating interface and the Tenable Scan Engine as well as the Scan Target were both hosted on Microsoft Azure virtual machines.
-
Introduction to Vulnerability Management:
- What is software vulnerability management?
- Understanding vulnerabilities, scan engines, and remediation.
- Overview of compliance standards like DISA/STIG, CIS, etc.
-
Hands-On Steps:
- Setting up a virtual machine (VM) for scanning.
- Configuring a Tenable vulnerability scanner.
- Performing compliance checks (e.g., DISA/STIG).
- Identifying vulnerabilities and compliance issues.
- Creating and remediating vulnerabilities.
- Observing results and documenting remediation efforts.
-
Tools Used:
- Azure (for VM setup with free credits).
- Tenable Vulnerability Management (free trial available).
- LogN Pacific Cyber Range (optional, preconfigured environment).
Environment Setup:
- Configure a VM in Azure.
- Prepare the VM for vulnerability scanning.
Scan Configuration
- Configure a credentialed Tenable scan to look for all the basic vulnerabilities + DISA Windows 10 STIG v3r2
Initial Scan:
-
Perform an initial vulnerability and compliance baseline scan.
-
Review and analyze scan results including failed STIGs. For this lab, we will focus on the following STIGs to Fail/Remediate:
- STIG ID WN10-AU-000505 (Increase size of Security Event Log) - Initial Fail
- STIG ID WN10-SO-000025 (Rename Guest Account) - Initial Fail
- STIG ID WN10-SO-000010 (Disable Guest Account) - Initial Pass
Simulate Vulnerabilities:
- Introduce vulnerabilities such as outdated software (Firefox v110) or misconfigured settings (Enabled Guest Account)
- Intentionally FAIL: STIG ID WN10-SO-000010 by enabling the Guest Account
- Perform a second scan to detect changes.
Remediation:
- Fix vulnerabilities and compliance issues (e.g., uninstall outdated software, modify registry settings to increase security event log size, disable Guest account, rename Guest account, fully update Windows).
- Perform a final scan to confirm remediation.
Document Results:
- Scan 1: You can see the initial vulnerability baseline with the first scan
- Scan 2: A spike occurred when we introduced a deprecated version of Firefox
- Scan 3: A dip in vulnerabilities is observed after removing Firefox
- Scan 4: A final dip takes place after fully updating Windows
This lab not only provides hands-on experience with vulnerability management but also equips you with practical skills that can enhance your cybersecurity resume. By completing the lab, you'll gain familiarity with:
- Real-world vulnerability identification and remediation.
- Compliance frameworks such as DISA/STIG.
- Effective use of Tenable’s tools.