After hardening, you need an independent verification. This capstone uses Nessus Essentials (free) or OpenVAS (open-source) to scan your hardened Windows and Linux VMs from the previous labs. You'll compare the scan results to a scan of an unhardened baseline, demonstrating the reduction in vulnerabilities. This is the ultimate proof that your security measures work.
You need two VMs: one unhardened (baseline), and one hardened using your CIS/Lynis work. Install Nessus or OpenVAS on a scanner VM. Configure scans with credentials for authenticated scanning (the gold standard for vulnerability assessment). Scan both targets.
# Example: launch a credentialed Nessus scan via API
curl -X POST -k -H "X-ApiKeys: accessKey=..." -H "Content-Type: application/json" \
--data '{"uuid": "ab12cd34-...", "settings": {"name":"MyScan","policy_id":1}}' \
https://nessus.local:8834/scansCompare the number of critical/high vulnerabilities between baseline and hardened. The hardened VM should have zero criticals and significantly fewer highs. Any remaining issues should be documented with justification or added to a remediation backlog. The report should highlight specific hardening changes that eliminated particular vulnerabilities (e.g., disabling SMBv1 removed MS17-010).
| Vulnerability Severity | Baseline (Count) | Hardened (Count) |
|---|---|---|
| Critical | 5 | 0 |
| High | 12 | 2 |
| Medium | 20 | 8 |
Produce a report comparing the two scans, with a before/after chart. Include recommendations for any remaining vulnerabilities. This report is exactly what you'd present to management or an auditor to prove your security improvements.
⚠️ Unauthenticated scans show only external exposures. Always use credentialed scans to see the full OS-level vulnerabilities.
Verify exercises to earn ★ 250 XP and unlock next lab level.