![Create account nessus login Create account nessus login](/uploads/1/2/4/2/124210855/905958607.png)
Policy Compliance Auditing ScanNow we'll run through a compliance audit scan for Windows 2012 R2 server using a CIS benchmark. After selecting the Policy Compliance Auditing scan and entering a scan name and a target, go to the Credentials tab as with our first scan above and populate the fields with the relevant administrative credentials.Here we had to carry out an extra step to allow Nessus to connect. Whilst still on the Settings screen click on Discovery from the left column and change the scan type to Custom. Selecting this will populate a new option under Discovery which is Host Discovery.
Click that and finally un-check the Ping the remote host option. These steps are shown in the following screenshots.Now click on the Compliance tab and a list of benchmark templates will be visible on the left. The templates cover a number of operating systems and devices across a variety of architectures, however, we're testing a Windows server so we're clicking on Windows, which will spawn a further list of options. Scrolling down the list we find some options for Windows 2012 R2, shown in the picture below. The differences in scan are firstly either a 'DC' or 'MS' template, which stand for domain controller and member server, respectively, and 'L1' or 'L2', which are Level 1 and Level 2, respectively.L1 scans identify configurations and settings that should be implemented on a system at a minimum, and shouldn't disrupt services, whereas L2 scans are tighter lock downs for highly secure environments, often resulting in significantly reduced functionality. Our server is a DC so we're selecting the highlighted CIS Windows Server 2012 R2 DC L1 v2.1.0 template.This will populate some configurable options on the right of the screen, much like when selecting Windows credentials however, we can leave the defaults here. Finally as with our first scan, ensure the target Windows in-built firewall is turned off or configured so Nessus doesn't have any trouble connecting.
Start your scan! ResultsFollowing the scan we can see a total of 305 compliance checks found, of which circa 40% had failed, 30% were warnings, and 30% were passes.Final ThoughtsAlthough we covered a lot in this case, much of it was pre-scan prep work. This preparation needs to be carefully considered for two very important reasons.
![Create Account Nessus Create Account Nessus](/uploads/1/2/4/2/124210855/504267515.jpg)
Nessus is a vulnerability Scanning Software that you know very well. In My this blog I will tell you ‘HOW TO INSTALL NESSUS IN WINDOWS’. STEPS FOR INSTAALINING NESSUS. Nessus Professional. Accurate, high-speed asset discovery and broad coverage and profiling World’s largest continuously-updated library of vulnerability and configuration checks.