Monday, 26 June 2023

Greenbone Vulnerability Scanner

Greenbone Vulnerability Scanner

What is Vulnerability Management?

"Vulnerability management is an IT security process that aims to find vulnerabilities in the IT infrastructure, classify their severity and, in addition, provide a list of actions to be taken to address the vulnerabilities. The goal is to eliminate vulnerabilities so that they can no longer pose a risk." - taken from the greenbone.net website.

First steps...

In an effort to play with as many tools as I can I decided to install Greenbone Vulnerability Scanner. It’s a tool that has featured in some of the online training platforms I’ve used like Try Hack Me so it was a good choice to try. I’ve already got a Nessus Essentials scanner but seeing how many different tools work can be useful to see which I prefer and which works best for me. This is a bit of a long one so go grab a brew now then strap in….

I kicked off the research by watching a couple of YouTube video’s and installation looked pretty simple so I went ahead and installed a fresh Kali Purple VM on my ProxMox machine. Probably not the best choice of OS as I found out after a few issues but it was the OS used in the videos and it seemed to work for the presenters. GVM is the package used to install the scanner, manager, portal and all the dependencies required to make it work.

Kali Purple

Sometimes it doesn't always work out...

My first attempt failed miserably. I installed Kali and updated it, installed GVM and ran the setup script. After running the “check-setup” script to make sure everything had gone to plan I tried to connect to the Web Portal from a different computer to find that it wasn’t reachable. So, I went back to the Kali VM and launched Firefox to connect to the portal on the loopback address … but that didn’t work either. I had the right address each time and the port number but nothing would connect. Then, I realised a major mistake I’d made … I didn’t take a snapshot of the VM after installing and updating Kali. I was so rushed to get the tool installed and get playing with it I carried out a cardinal sin! Nothing I tried would resolve the issue and after turning to Google for a bit of research I discovered that Kali is NOT a supported OS to run GVM on and people who’d had the same issue as me didn’t seem to get any other answers than “install it on a supported OS”. Well, I’d seen it work on Kali so being as it’s a VM I hit the big delete button and started again.

If at first you don't succeed...

This time I installed Kali, ran the updates and then took a snapshot, I wasn’t going to waste all that time again! After that, I installed GVM and then went and watched some TV whilst the setup ran. Coming back to the VM I had my login password and was feeling hopeful. I ran the check set up script and all looked good. This time, I fired up Firefox, punched in the Loopback address and port and  … Hey Presto! I’m in! 

Greenbone Security Assistant login page

I’d seen some other issues that people had had with GVM so I tried to execute a quick scan and encountered the same as a lot of the others … a “Failed to find config” error. Luckily, there was a YouTube video to help. The fix suggested was to run the feed update scripts to update the feeds and scan configs then everything magically works. NO it doesn’t – well not for me anyway. Back to Google where I found a forum where this very issues was being discussed (and the obligatory “Kali isn’t a supported OS” message was repeated many times. The fix offered was to run individual feed update scripts (instead of the default bulk one that I had done) and then I read the important bit at the bottom … “WAIT!”. Turns out that updating the feeds pulls down the updates, then GVM needs to import them for things to work properly (which it does as part of the script but in the background). You need to check the ‘Administration/Feed Status’ page and wait for all the entries to turn to current. So, I ran the scripts one by one and watched some more TV. On my return I checked the terminal to make sure all was complete and noticed that this time, the scripts seemed to had pulled down incremental files, which may have been what was needed to complete the update. I checked the Scan Configs and BOOM! There they were, all the Feed updates showed as ‘Current’. 

Feed Updates status

Scan Configs

I was so excited to go run my first scan, I almost forgot ….. SNAPSHOT! Snapshot taken and my very first Greenbone scan was under way. The good news … “0’s” across the board 😊.

1st scan running

Scan complete, looking good!

Next steps for me...

I’m planning to move this ProxMox machine to my IOT network so I can scan all of the lovely speakers and camera’s etc I have to see just how secure they are, and if I spot a few older ones with some nice vulnerabilities … well, they may get replaced with new ones and then the old ones used as targets!

Final thoughts and process...

I wouldn’t say that this was a quick project, although it was all done in a day I was hoping for more like a couple of hours but there again, I did come across issues. So, here’s basically the steps needed to install, setup and update the Greenbone Vulnerability Scanner:

Install / use a Linux VM as the base OS – Greenbone suggested on their forum post from May 2022 that “Debian 11 should be fine” but I can confirm that this works on Kali! (Missing scan configuration - Archive / Greenbone Community Edition - Greenbone Community Forum)

  • On the Linux machine, run “sudo apt update” – to make sure your repos are cleaned up and up to date.
  • Now run  sudo apt install gvm  – this installs the GVM program and any dependencies, but you can’t use it yet!
  • Once the install has completed, run  sudo gvm-setup  – this may take a while, grab a brew.
  • Once the setup has completed a system generated password for the ‘admin’ user account will be shown near the end of the setup output. It’s big! Copy it and paste it into a text file and save it. There are ways to get around it if you don’t but it just makes life easier if you do.
  •  Now run  sudo gvm-check-setup -h  – this should only take a couple of minutes, check the output to see if there was any errors, you should get a line at the bottom to say it looks ok.
  • Once the check is complete, run  sudo gvm-feed-update -h  – this will trigger the feed updates … and may take a while … grab a brew! You can also connect to the portal now at: “hxxps://127.0.0.1:9392”, log in with user name “admin” and your system generated password (you did save it didn’t you???) and navigate to ‘Administration/Feed Updates’ to monitor their progress.
  • Once everything is showing as complete, you can try a quick scan to see if it works. If it does, congratulations, you now have a Greenbone Vulnerability Scanner. If it presents an error message then run these additional steps, one at a time:

o   Run  sudo runuser -u _gvm -- greenbone-nvt-sync  and wait for it to complete

o   Run  sudo runuser -u _gvm -- greenbone-feed-sync --type SCAP  and wait for it to complete

o   Run  sudo runuser -u _gvm -- greenbone-feed-sync --type CERT  and wait for it to complete

o   Run  sudo runuser -u _gvm -- greenbone-feed-sync --type GVMD_DATA  and wait for it to complete

o   Now go to the Feed Updates page on the portal and wait for them all to complete ... maybe time for another brew! Possibly some biscuits? Well, you do have the time!

o   Once they’re all complete try a quick scan. If it still doesn't work after this, my only advice is to leave it running and try again later. After that, revert to an earlier snapshot before you installed GVM and start it again … wait … you did take a snapshot right?

 

Thanks for reading,
Rich.

Credits: 

Vulnerability Management | Open Source and GDPR-compliant - Greenbone

Kali Linux 2023.1 Release (Kali Purple & Python Changes) | Kali Linux Blog

Sunday, 25 June 2023

Private VPN Server Install

Having a Home Lab is great ... at home, but what if you want to access it whilst you're out and about? This was my problem so I set about a bit of research. After comparing a couple of offerings I chose WireGuard VPN as it seemed fast, secure and reliable. Best of all it is free and reasonably simple to set up.

WireGuard VPN


I had a spare Raspberry Pi3 knocking around so I installed Raspbian on a MicroSD card, booted, ran the updates and we were ready to go. As this was a going to be a bit of a test and proof of concept for me, I decided to install WireGuard via PiVPN. Installation is guided, setup is relatively easy and administration is simple. 

  curl -L https://install.pivpn.io | bash  

During the install I did need to go out and set up a Dynamic DNS service through a popular web vendor as my ISP uses dynamic IP addresses, meaning that once I'd set up the VPN and the IP changed, I would not be able to access it again until I reconfigured the config files. Not very useful if you're not at home and can't check your public IP. I checked the setting to enable unattended updates so that I didn't need to keep logging into the Pi to manually update and patch it every week. 

I set up a Test user to trial the VPN, installed the Wireguard client on my phone, generated the QR code from the server on the Pi, scanned it via the client, switched it on and ..... NOTHING.

Creating a Test user


A bit more research and head scratching found that I needed to set port forwarding on my router before I could reach the server. I also found that once this worked, I had to enable IPv4 Forwarding on the Pi so that the VPN would work fully. The Pi also needs a static IP address on the internal network to ensure this works which is mention during the install script.

  sudo sysctl -w net.ipv4.ip_forward=1  

After all that, Hey Presto, a working Point to Site VPN connection from the outside world and I could access all my lab machines and files. To keep things secure, I deleted the test account and set new ones up each for my laptop, phone and tablet.

All in all a very worthwhile and incredibly useful project that's taught me about VPN connections and that although things don't always work straight out of the box, with a little persistence and research you can fix it. The PiVPN (using WireGuard) can be set up on various hardware like Raspberry Pi's or even in a virtual machine - anything that will be left on permanently.



Credit to PiVPN - PIVPN: Simplest way to setup a VPN (no affiliation, just a great product and project)

Saturday, 24 June 2023

CompTIA Security+ CE Certification

On May 9th 2023 I successfully passed the CompTIA Security+ CE exam. Here I'd like to share my thoughts and experiences with studying towards and taking the exam.

Passing the Network+ was the first step towards a career in Cyber for me. I believe that you need to have a foundational knowledge of networking and how everything communicates before you can think about how to secure it all. You can read about my experiences with the Network+ here.


What training resources did I use to study for the Security+?

The Security+ cert is a lot more important to me so I wanted to not just be able to pass the exam but to really understand the fundamentals. To do this I used similar resources to study for the exam as I did with the Network+ but then took it further. So here's what I used:

  • The official Study Guide from Sybex. Again I read through the whole book, using the end of chapter practice tests to reinforce the info.
  • Again I used LinkedIn Learning and I watched through the course presented by Mike Chapple. It's still pretty much taken from the book but it's a lot better having the audio and slides to help take it all in. I also watched through his SSCP course as the two are very similar and once of the sections on the SSCP is taken from the Security+ course (he forgot to change the info on one of the slides!)
  • I watched the videos provided by Professor Messer as these gave an alternative take on the topics, providing his own explanations and visual content. These videos were great to help understanding and the reinforce the information being taken in. I would encourage anyone studying for or looking to study for the Security+ to watch them. You can view them all for free on YouTube or visit his site where you can purchase his full course which includes other learning materials. Home - Professor Messer IT Certification Training - CompTIA A+, Network+, Security+ - (no affiliation to Professor Messer or his site / content, I just think it's really good!)
  • Practice tests - I used the ones from Wiley's online Sybex Test Prep site but also did a couple from ITProTV. The ITProTV ones were really difficult in comparison, but I wanted to be challenged more (and I got my wish!). Again, neither really prepare you for the style and content of the questions on the exam.
  • I was also doing a lot on online training platforms like Try Hack Me and LetsDefend, to try and get a feel for some of the tools and concepts. I think this helped more with the questions around attacks and the like.

What's it like taking the exam?


I sat the exam via OnVue, Pearson Vue's online testing platform as there wasn't a local test centre offering the exam. It's a relatively easy way to take the exam, you just need a laptop in a quiet room free of other people and anything that could be used to cheat.

Obviously, it was the same experience as when I took the Network+ exam, with the setup and the annoyingly vague questions but I got a lot more Performance Based questions than I was expecting. The performance questions did tax me and took a lot of time, to the piont that there wasn't much left at the end fo the exam. I'm almost inclined to agree with the people who say flag them and leave them till last to make sure you get the bulk of the other questions done. Again, the biggest piece of advice I could offer for anyone taking this, or any exam for that matter, would be to READ THE QUESTION! It's so important to read it properly and understand what it's asking. It took me a lot longer to complete this exam as I was having to re-read the questions to make sure I knew what they were asking for (still didn't work all of the time).


What did I struggle with?


Well, from a content point of view, Cryptography, Standards and Compliance. I know they're all super important but boy can reading about them put you to sleep. These are areas that I know I need to pay a little more attention to as I continue my education.

Another area I struggled with was focus. Whilst studying, I was also trying to learn much much more. I was spending time on Try Hack Me, the Microsoft Ignite- Protect Everything Challenge, tinkering with my home lab and new tools. Although it was valuable learning it was time taken away from focusing on the Security+ course. I'd get to a topic in the book and think "ooh, that sounds interesting, let me have a look on the internet" and off I'd go researching it. Not necessarily a bad thing, but one thing does lead to another and then down a rabbit hole.

All these things have had a mental note taken of them so when it comes to the next Cert, I'll work a lot smarter.


What are my take aways from gaining the certification?


Foundational Knowledge! It's so important to get to grips with the basics and foundations. As I'd studied a lot for this exam (to the point I thought I'd broken my brain on the weekend before the exam) passing was not only a huge relief but a massive boost to my self confidence. Not only could I talk the talk, but now I have a piece of paper (or digital badge at the time) to prove I can walk the walk ... on a foundational level of course.

To anyone studying towards or looking to take this exam, Good Luck and don't rely on just one source of learning. There's loads of free content out there, especially on YouTube and whenever you think you're ready to sit the exam, by all means book it in but do a lot more studying 😉.


 

Friday, 23 June 2023

CompTIA Network+ CE Certification

On January 30th 2023 I successfully passed the CompTIA Network+ CE exam. Here I'd like to share my thoughts and experiences with studying towards and taking the exam.


What training resources did I use to study for the Network+?

I used a number of methods to study, along with using my existing knowledge from previously being a Helpdesk Analyst and from setting up my home networks and labs. Other methods I used are:

  • The official Study Guide from Sybex. I read through the book alongside other study methods to get a good foundational knowledge of the content. I must say that although it generally well written and I recommend reading the book, I did come across a couple of errors in the text as well as at least one of the questions where the answer given was actually incorrect (confirmed by a trainer I consulted).
  • I was incredibly lucky to have been given the opportunity of a mentoring group internally provided by my current company and run by one of their training experts. We met weekly, reviewing the material from the Study guide and having discussions and quizzes to help enforce the knowledge and identify any weaknesses. This really was a great tool as it gave me the opportunity to query topics that I wasn't overly confident on.
  • LinkedIn Learning has a number of courses and I watched through the one presented by Mike Chapple. The content was pretty much from the Study Guide but with the benefit of embellishments and descriptions with visuals from Mike. I think that having the intakes of visual and audible learning is a massive benefit giving your brain different ways to absorb the information.
  • I watched the videos provided by Professor Messer as these gave an alternative take on the topics, providing his own explanations and visual content. These videos were great to help understanding and the reinforce the information being taken in. I would encourage anyone studying for or looking to study for the Network+ to watch them. You can view them all for free on YouTube or visit his site where you can purchase his full course which includes other learning materials. Home - Professor Messer IT Certification Training - CompTIA A+, Network+, Security+ - (no affiliation to Professor Messer or his site / content, I just think it's really good!)

It's a lot of information and content to take in, trying to memorise Ports, Subnet calculators, IEEE standards, what's at what layer of the OSI model and what it does / how it interacts with other layers etc., so time is required to take it all in. After all this learning it's time to take the exam.


What's it like taking the exam?


I sat the exam via OnVue, Pearson Vue's online testing platform as there wasn't a local test centre offering the exam. It's a relatively easy way to take the exam, you just need a laptop in a quiet room free of other people and anything that could be used to cheat.

Having done practice tests from the Study Guide and via Wiley's online Sybex Test Prep practice exam website can can whole heartedly say that they DO NOT prepare you for the style nor content of the exam questions - and it was a bit of a shock for me, even after the performance based questions. This was the second online exam I'd taken and the nerves didn't get any better. Questions are annoyingly vague but this is to 1: make you think about the situation they are describing and 2: test your knowledge and real understanding. The biggest piece of advice I could offer for anyone taking this, or any exam for that matter, would be to READ THE QUESTION! It's so important to read it properly and understand what it's asking, I've been caught out so many times by misinterpreting a cleverly worded question.


What are your take aways from gaining the certification?


Studying the syllabus has not only reinforced what I already knew but taught me so much more. A lot of it I will never need ever again (much the same with any subject) but having the knowledge and knowing where to find it again if I forget will be a great help in the future.

The benefit of actually taking and passing the exam is twofold. Not only does it give me a sense of pride and self belief but I can now prove my abilities to potential employers and demonstrate that I can and am willing to learn and am serious about what I want to do. 

To anyone studying towards or looking to take this exam, Good Luck and don't rely on just one source of learning. There's loads of free content out there, especially on YouTube and whenever you think you're ready to sit the exam, by all means book it in but do a lot more studying 😉.


Welcome

 Welcome all,

It struck me that having a blog would be useful, not only to share my experiences with others who are also trying to learn and break into the field of Cyber Security (with hints, tips, issues encountered and solutions found) but to showcase my progress, experience and skills to potential employers.

Here I'll be looking to share experiences with training courses / certs, training platforms and security tools that I've taken or used. Talking about how I found them, what I gained from them and any issues / difficulties I came across, along with how I over came them.

I'll also share projects I've completed or am working on with updates and hopefully some write-ups of how others can do the same or similar, discussing what went well, what didn't and what ended up in the recycle bin.

Any views expressed in these blogs will be my own personal opinions based on experiences and thoughts, not sponsored or influenced in any way (although there may be a few affiliate links, and they will be pointed out), and do not reflect other peoples opinions on the subjects. 

Happy readings!

Popular Posts