0:00:10.400,0:00:13.519 hello youtubers welcome back to my 0:00:13.519,0:00:15.280 nasdaq youtube channel 0:00:15.280,0:00:18.560 this is johnny a network and security 0:00:18.560,0:00:20.560 guy 0:00:20.560,0:00:23.600 when i'm wearing security hat 0:00:23.600,0:00:26.720 one of popular questions i got asked 0:00:26.720,0:00:27.920 is about 0:00:27.920,0:00:32.079 security of the system how i'm sure this 0:00:32.079,0:00:35.440 system has been configured securely 0:00:35.440,0:00:38.320 usually my answer is quite simple 0:00:38.320,0:00:41.920 that's wrong cis cat scanning 0:00:41.920,0:00:45.760 what is ciscat 0:00:45.760,0:00:48.960 this is just created the tool center for 0:00:48.960,0:00:50.960 internet security configuration 0:00:50.960,0:00:53.199 assessment tool 0:00:53.199,0:00:55.120 we are going to compare the target 0:00:55.120,0:00:58.079 configuration settings with cure 0:00:58.079,0:01:00.800 configuration settings recommended they 0:01:00.800,0:01:03.840 have 100 cs benchmarks for different 0:01:03.840,0:01:05.119 systems 0:01:05.119,0:01:07.040 after the comparison they're gonna give 0:01:07.040,0:01:09.760 you a report shows the score how to 0:01:09.760,0:01:12.119 secure your system and also give you 0:01:12.119,0:01:15.200 recommendation for how to remediate 0:01:15.200,0:01:18.320 those security holes you might have 0:01:18.320,0:01:20.960 this whole tool makes the scanning 0:01:20.960,0:01:23.840 validation and reporting much easier and 0:01:23.840,0:01:27.040 simpler for users who need to find out 0:01:27.040,0:01:29.680 the best security configuration for 0:01:29.680,0:01:30.960 their system 0:01:30.960,0:01:32.400 this is 0:01:32.400,0:01:35.360 very helpful and useful tool there are 0:01:35.360,0:01:37.040 two versions 0:01:37.040,0:01:40.720 such as cad flow and sas cad catalyte 0:01:40.720,0:01:43.920 in this video i'm gonna present it how 0:01:43.920,0:01:47.360 you can download cs catalyte how you can 0:01:47.360,0:01:50.479 run it and how you can do scan 0:01:50.479,0:01:52.479 for your target 0:01:52.479,0:01:53.360 now 0:01:53.360,0:01:56.000 let's jump into my lab and we can start 0:01:56.000,0:01:58.159 it 0:02:04.159,0:02:08.560 now let's take a look my lab topology 0:02:08.560,0:02:12.319 for this lab i have three machines 0:02:12.319,0:02:14.800 one is windows 2016 0:02:14.800,0:02:16.319 which we are gonna 0:02:16.319,0:02:19.520 launch cs cad lite from this machine to 0:02:19.520,0:02:23.360 do the scanning for windows 10 and 0:02:23.360,0:02:27.200 51 sec to local this dc 0:02:27.200,0:02:30.000 all those machines are in the domain 0:02:30.000,0:02:33.200 if you are using work groups and similar 0:02:33.200,0:02:35.840 operations 0:02:35.840,0:02:38.720 this is very simple network they're all 0:02:38.720,0:02:40.720 running in the same 0:02:40.720,0:02:44.319 network 192.168.2 0:02:44.319,0:02:46.879 if you have firewall between 0:02:46.879,0:02:50.800 your cis cad lite server and your 0:02:50.800,0:02:54.000 destinations you may need to open your 0:02:54.000,0:02:55.440 firewalls 0:02:55.440,0:02:59.760 but that will be in different topic 0:03:03.040,0:03:06.400 now let's download the cs cat lite 0:03:06.400,0:03:08.319 version free 0:03:08.319,0:03:09.440 cat tool 0:03:09.440,0:03:13.360 to scanning your destination 0:03:13.760,0:03:16.640 you can directly using the google to 0:03:16.640,0:03:19.920 search says cat lite the first link jump 0:03:19.920,0:03:20.800 out 0:03:20.800,0:03:23.440 that will be 0:03:23.680,0:03:25.519 this page 0:03:25.519,0:03:28.080 for this form what you need to do is you 0:03:28.080,0:03:30.000 don't need to provide your credit card 0:03:30.000,0:03:32.080 you private your minimum personal 0:03:32.080,0:03:34.239 information name 0:03:34.239,0:03:36.480 organization role 0:03:36.480,0:03:40.159 email sector country 0:03:40.159,0:03:42.239 how many employees how did you hear 0:03:42.239,0:03:43.599 about us 0:03:43.599,0:03:45.040 then 0:03:45.040,0:03:48.879 click get cs cad button 0:03:48.879,0:03:50.640 in couple minutes 0:03:50.640,0:03:52.400 you should be able to get the email like 0:03:52.400,0:03:53.920 this 0:03:53.920,0:03:56.720 cis center for internet security 0:03:56.720,0:03:59.680 says catalyte version 4 0:03:59.680,0:04:03.360 and the download link here 0:04:04.799,0:04:06.000 quick link 0:04:06.000,0:04:07.920 the downloading show happening 0:04:07.920,0:04:10.400 immediately 0:04:10.400,0:04:14.159 at about 148 megabytes 0:04:14.159,0:04:16.320 um place down your internet speed one 0:04:16.320,0:04:18.238 minute two minutes you should be able to 0:04:18.238,0:04:20.639 get it 0:04:20.639,0:04:23.600 so that how you can get it 0:04:23.600,0:04:25.680 you may also get the list 0:04:25.680,0:04:27.919 email as well to show you how to get 0:04:27.919,0:04:30.960 started with cis cad lite 0:04:30.960,0:04:32.639 that will help you 0:04:32.639,0:04:34.800 to start to use 0:04:34.800,0:04:37.280 this tool 0:04:37.840,0:04:40.240 you also can register for webmail 0:04:40.240,0:04:43.840 to get more informations 0:04:46.400,0:04:49.199 after you download the software 0:04:49.199,0:04:50.560 you will see 0:04:50.560,0:04:52.160 this zip file 0:04:52.160,0:04:56.919 says cad lite version 4.21.0 0:04:57.280,0:04:58.800 to run it 0:04:58.800,0:05:00.639 you don't need to install it 0:05:00.639,0:05:05.120 only thing you need to do extract all 0:05:07.759,0:05:09.280 i'm running 0:05:09.280,0:05:12.560 cs catalyte in my virtual machine 0:05:12.560,0:05:16.080 i'm giving a gigabyte to run 0:05:16.080,0:05:19.759 and for virtual cpu 0:05:19.919,0:05:21.360 it depending on 0:05:21.360,0:05:24.800 how many system you need to scan 0:05:24.800,0:05:26.560 usually 0:05:26.560,0:05:28.320 even four giga ram 0:05:28.320,0:05:30.320 to watch cpu 0:05:30.320,0:05:33.680 it's also more enough 0:05:37.440,0:05:40.000 once you unzip it you will get as 0:05:40.000,0:05:41.199 accessor 0:05:41.199,0:05:43.840 this folder 0:05:43.840,0:05:46.800 you will find out this assessor 0:05:46.800,0:05:50.479 dash gui exe file 0:05:50.479,0:05:53.600 to run it it is very simple just right 0:05:53.600,0:05:56.400 click this accessor 0:05:56.400,0:06:00.479 dash gui exe file run as administrator 0:06:00.479,0:06:05.199 you will see it shows cis cad pro access 0:06:05.199,0:06:08.560 in the windows title 0:06:08.880,0:06:11.680 if we are syncing this oh i maybe 0:06:11.680,0:06:13.360 download the wrong one 0:06:13.360,0:06:16.639 but actually the windows title shows 0:06:16.639,0:06:19.520 cscad pro accessor 0:06:19.520,0:06:22.639 eventually you will get cs cat light 0:06:22.639,0:06:23.759 version 0:06:23.759,0:06:24.639 since 0:06:24.639,0:06:26.319 that 0:06:26.319,0:06:29.280 restricted version from this floor 0:06:29.280,0:06:34.199 you will see here says cat light 0:06:34.880,0:06:38.479 it is using same web gui as pro version 0:06:38.479,0:06:39.520 only 0:06:39.520,0:06:42.639 thing is this is a restricted version 0:06:42.639,0:06:45.280 it's a light version and also you will 0:06:45.280,0:06:47.600 see they want you to 0:06:47.600,0:06:49.600 see the documentation which is pro 0:06:49.600,0:06:52.479 documentation you won't find too much 0:06:52.479,0:06:55.039 information about light but you will see 0:06:55.039,0:06:59.319 everything for the plot 0:07:02.560,0:07:05.360 once you launch the web degree scanning 0:07:05.360,0:07:07.360 the system gonna be very simple either 0:07:07.360,0:07:09.599 local or remote 0:07:09.599,0:07:11.440 the lite version 0:07:11.440,0:07:15.039 has no limitation how many targets you 0:07:15.039,0:07:16.880 can scan 0:07:16.880,0:07:18.479 so you can scan local and the remote 0:07:18.479,0:07:21.199 system that start from this local system 0:07:21.199,0:07:22.400 first 0:07:22.400,0:07:25.599 the local system is a windows 2016 as i 0:07:25.599,0:07:28.639 mentioned before so we're gonna 0:07:28.639,0:07:31.639 use 0:07:33.199,0:07:37.440 windows server list sas controls 0:07:37.440,0:07:40.960 assessment module implementation group 1 0:07:40.960,0:07:43.440 which is minimum requirement for the 0:07:43.440,0:07:45.840 server 0:07:46.319,0:07:47.919 and we're gonna choose list one 0:07:47.919,0:07:50.240 automated checks and the survey 0:07:50.240,0:07:51.440 questions 0:07:51.440,0:07:52.960 so you will get a lot of survey 0:07:52.960,0:07:58.160 questions for the interactive answers 0:07:58.160,0:07:59.599 one thing 0:07:59.599,0:08:01.280 the light version 0:08:01.280,0:08:04.000 this is different from pro version is 0:08:04.000,0:08:07.039 you only have limited benchmarks 0:08:07.039,0:08:10.400 for a pro version says dusty's provide 0:08:10.400,0:08:13.440 hundreds benchmarks for you to use but 0:08:13.440,0:08:15.520 here the benchmarks only limited a 0:08:15.520,0:08:17.919 couple from windows 10 0:08:17.919,0:08:19.520 ubuntu 0:08:19.520,0:08:21.039 google chrome 0:08:21.039,0:08:21.919 and the 0:08:21.919,0:08:25.360 minimum requirement for windows server 0:08:25.360,0:08:27.680 after you choose the benchmarks in the 0:08:27.680,0:08:29.440 profile 0:08:29.440,0:08:31.120 basically profile i was thinking it's 0:08:31.120,0:08:34.240 always baseline 0:08:35.599,0:08:38.080 and you can add it 0:08:38.080,0:08:40.719 so once you choose edit they will 0:08:40.719,0:08:42.080 give you 0:08:42.080,0:08:44.240 a text box to ask you 0:08:44.240,0:08:46.880 the questions 0:08:46.880,0:08:48.000 you can just 0:08:48.000,0:08:50.080 click okay okay 0:08:50.080,0:08:51.720 let about 0:08:51.720,0:08:57.200 29 questions for this survey 0:08:57.200,0:08:58.320 so 0:08:58.320,0:09:00.560 for me and just quickly 0:09:00.560,0:09:04.000 demonstrate the process i will pick 0:09:04.000,0:09:08.279 yes for all questions 0:09:23.440,0:09:26.160 so once all questions has been answered 0:09:26.160,0:09:28.320 let's select the profile and the 0:09:28.320,0:09:31.519 benchmark will be in this selected 0:09:31.519,0:09:33.519 section 0:09:33.519,0:09:35.360 after that 0:09:35.360,0:09:38.320 we can choose next 0:09:38.320,0:09:41.440 here report output options 0:09:41.440,0:09:43.360 since we are using light version we only 0:09:43.360,0:09:47.760 have html it's already select for us 0:09:47.760,0:09:50.560 if you using pro you can use in csv text 0:09:50.560,0:09:53.279 xml and json 0:09:53.279,0:09:55.040 and we can pick 0:09:55.040,0:09:58.560 the destination you leave default 0:09:58.560,0:10:01.200 you also can save a configuration file 0:10:01.200,0:10:03.200 for the future to use it and you don't 0:10:03.200,0:10:08.000 have to do all the selection again 0:10:08.160,0:10:10.240 next 0:10:10.240,0:10:12.560 so it's a sql 0:10:12.560,0:10:16.959 confirmation start assessment 0:10:17.120,0:10:19.040 assessments usually 0:10:19.040,0:10:20.000 take 0:10:20.000,0:10:24.200 two minutes to get it done 0:10:45.200,0:10:46.640 all right 0:10:46.640,0:10:49.519 we got a report 0:10:50.320,0:10:54.720 ma'am you can choose view html 0:10:54.720,0:10:58.079 that will show you a really nice report 0:10:58.079,0:11:01.320 in your browser 0:11:02.560,0:11:05.760 for my list machine automatic checks 0:11:05.760,0:11:07.839 failed 11 0:11:07.839,0:11:09.200 items 0:11:09.200,0:11:12.399 we have four passed 0:11:12.399,0:11:14.640 for user survey questions we got 29 0:11:14.640,0:11:16.800 questions since we selected yes for all 0:11:16.800,0:11:19.519 of them we passed 100 0:11:19.519,0:11:21.360 totally 0:11:21.360,0:11:22.959 77 0:11:22.959,0:11:25.279 pass 0:11:26.480,0:11:29.200 you should be able to see all check 0:11:29.200,0:11:31.839 details 0:11:34.800,0:11:38.000 for each failed items 0:11:38.000,0:11:41.040 you will see remediation recommendations 0:11:41.040,0:11:43.120 here 0:11:43.120,0:11:45.040 that should help you 0:11:45.040,0:11:46.320 to remedy 0:11:46.320,0:11:49.600 this failed item 0:11:49.600,0:11:54.760 so this is the local scanning 0:11:56.320,0:11:58.800 we also able to do the remote system 0:11:58.800,0:12:01.360 scanning 0:12:08.079,0:12:11.760 as mentioned before i have windows 10 0:12:11.760,0:12:13.839 setup as my target 0:12:13.839,0:12:18.800 and which is also joined local domain 0:12:18.800,0:12:22.160 i'm going to use him js catalyte 0:12:22.160,0:12:25.200 windows 2016 servers to scan is windows 0:12:25.200,0:12:27.440 10 and we also can do 0:12:27.440,0:12:29.839 that domain controller scan as well so 0:12:29.839,0:12:31.040 we can do 0:12:31.040,0:12:34.040 both 0:12:38.720,0:12:41.760 so you need to choose advanced for 0:12:41.760,0:12:45.279 remote target assistant 0:12:48.079,0:12:51.680 you're going to use windows 10 here 0:12:51.680,0:12:53.440 and one thing you may want to make sure 0:12:53.440,0:12:54.480 is 0:12:54.480,0:12:57.440 you can pin 0:12:57.519,0:13:00.480 your remote server 0:13:04.959,0:13:07.839 that's our 0:13:10.959,0:13:13.440 destination windows 10 server we can 0:13:13.440,0:13:16.240 check the name 0:13:18.160,0:13:21.200 windows 10 4 0:13:21.200,0:13:23.440 so once you confirm that 0:13:23.440,0:13:26.560 you can type your system name there 0:13:26.560,0:13:28.560 choose your system type 0:13:28.560,0:13:30.000 it's windows 0:13:30.000,0:13:32.079 in the future we also can do ubuntu 0:13:32.079,0:13:37.360 scanning by level b in different video 0:13:37.360,0:13:39.440 one thing you need to remember the win 0:13:39.440,0:13:42.560 rm windows remote management service has 0:13:42.560,0:13:44.320 to be up and running by default it 0:13:44.320,0:13:46.800 should be up and running already 0:13:46.800,0:13:49.200 if not in then you need to go back to 0:13:49.200,0:13:52.880 see is cat pro documentation to see how 0:13:52.880,0:13:55.120 to enable windows im how to use group 0:13:55.120,0:13:56.560 policy 0:13:56.560,0:13:57.600 to 0:13:57.600,0:14:00.839 enable indesign for your 0:14:00.839,0:14:04.560 destination username 0:14:05.839,0:14:10.480 i'm going to use a domain admin account 0:14:11.760,0:14:15.160 ip address 0:14:17.680,0:14:19.680 username actually 0:14:19.680,0:14:22.320 you need to specify the domain here as 0:14:22.320,0:14:25.839 well using the format that required 0:14:25.839,0:14:29.120 which is the username plus 51sec 0:14:29.120,0:14:32.240 code just make sure your domain name is 0:14:32.240,0:14:33.199 cracked 0:14:33.199,0:14:36.560 username scratch password is right 0:14:36.560,0:14:39.680 temporary pass we don't need a lot now 0:14:39.680,0:14:42.079 after you enter the destination 0:14:42.079,0:14:45.360 information you need to pick 0:14:45.360,0:14:48.160 the benchmarks 0:14:49.040,0:14:50.560 so we are going to use in windows 10 0:14:50.560,0:14:52.639 enterprise benchmark 0:14:52.639,0:14:53.760 we can 0:14:53.760,0:14:57.199 choose next generation windows security 0:14:57.199,0:14:58.720 there's a couple of other lines you can 0:14:58.720,0:15:00.959 choose we choose level 2 0:15:00.959,0:15:02.639 after all those 0:15:02.639,0:15:06.240 options you select it you can save it 0:15:06.240,0:15:08.959 it will add it into your target system 0:15:08.959,0:15:11.279 here 0:15:11.360,0:15:14.160 before you scan to next step you want to 0:15:14.160,0:15:16.560 make sure you have connections to the 0:15:16.560,0:15:19.040 target 0:15:21.279,0:15:24.639 if you see any errors happens here you 0:15:24.639,0:15:27.120 may want to go back to check your 0:15:27.120,0:15:28.240 settings 0:15:28.240,0:15:31.040 as you can see here i do see an error or 0:15:31.040,0:15:34.480 code creating a section 0:15:35.360,0:15:37.360 so we need to fix that 0:15:37.360,0:15:41.040 information before we can continue 0:15:41.040,0:15:44.079 so you choose your target system 0:15:44.079,0:15:46.240 and choose add it 0:15:46.240,0:15:49.920 and verify those configurations one by 0:15:49.920,0:15:51.920 one so we notice 0:15:51.920,0:15:55.440 we put that wrong ip here 0:15:55.440,0:15:58.320 let's save 0:15:58.399,0:16:00.320 and allow me to test the connection 0:16:00.320,0:16:03.320 again 0:16:11.120,0:16:12.079 now 0:16:12.079,0:16:14.480 alloys calm 0:16:14.480,0:16:16.880 connection establish it 0:16:16.880,0:16:20.759 let's go to the next step 0:16:22.959,0:16:24.959 choose our target system as i mentioned 0:16:24.959,0:16:27.839 before we can add more here target 0:16:27.839,0:16:29.600 system like we can add the domain 0:16:29.600,0:16:32.639 controller dc 0:16:34.399,0:16:37.120 windows 0:16:37.120,0:16:39.360 http 0:16:39.360,0:16:42.680 same thing 0:16:54.639,0:16:57.120 since it's a windows server so we 0:16:57.120,0:16:59.600 probably 0:16:59.680,0:17:01.199 need to change 0:17:01.199,0:17:03.279 the benchmarks so i just choose the 0:17:03.279,0:17:04.559 automated 0:17:04.559,0:17:07.679 subcontrols only 0:17:15.599,0:17:17.679 save 0:17:17.679,0:17:21.039 now we have two systems 0:17:22.400,0:17:24.400 so you need to choose or you can choose 0:17:24.400,0:17:26.959 multiple forefront using a control you 0:17:26.959,0:17:30.240 can choose two of them together to scan 0:17:30.240,0:17:32.720 i want to make sure we can go to the dc 0:17:32.720,0:17:36.679 as well let's test connection 0:17:47.200,0:17:48.960 so connection has been 0:17:48.960,0:17:51.440 tested successfully 0:17:51.440,0:17:54.799 establish it establish it 0:17:54.799,0:17:56.640 so let's uh 0:17:56.640,0:17:58.000 choose both 0:17:58.000,0:18:01.720 and go to next 0:18:16.559,0:18:21.760 we need a benchmark for our windows 10 0:18:21.760,0:18:24.240 believe we can choose this one choose 0:18:24.240,0:18:26.320 add 0:18:26.320,0:18:28.559 and save 0:18:28.559,0:18:32.160 so now it shows one so we need 0:18:32.160,0:18:34.960 benchmarks at least one benchmark for 0:18:34.960,0:18:37.039 each of system 0:18:37.039,0:18:39.039 next 0:18:39.039,0:18:42.480 again html has been selected for us 0:18:42.480,0:18:44.320 report 0:18:44.320,0:18:46.799 folder we keep default 0:18:46.799,0:18:49.600 then we do start 0:18:49.600,0:18:52.160 assessment 0:18:53.440,0:18:55.679 this may take um 0:18:55.679,0:18:58.240 two three minutes to get the post 0:18:58.240,0:19:00.720 dumping since it's remote it's slower 0:19:00.720,0:19:02.960 than doing a local 0:19:02.960,0:19:04.880 the process is the same 0:19:04.880,0:19:07.120 it created a connection 0:19:07.120,0:19:09.200 and the land goes through 0:19:09.200,0:19:12.400 all controls they need to 0:19:12.400,0:19:15.520 validate using script 0:19:15.520,0:19:18.160 and then validate all settings 0:19:18.160,0:19:22.120 and then come back with report 0:20:50.320,0:20:53.200 well after probably five minutes five 0:20:53.200,0:20:55.200 six minutes 0:20:55.200,0:20:56.799 the report 0:20:56.799,0:20:59.200 has been generated 0:20:59.200,0:21:01.600 we finished our scanning 0:21:01.600,0:21:06.000 so you will be able to see both reports 0:21:06.000,0:21:10.360 let's take a quick look here 0:21:20.159,0:21:24.120 it's for windows 10. 0:21:32.320,0:21:34.720 you also can check along 0:21:34.720,0:21:37.440 domain controllers 0:21:37.440,0:21:41.320 51 sec dc1 0:21:46.000,0:21:50.159 so now we finished our remote scanning 0:21:50.159,0:21:53.440 basically that's how you can use 0:21:53.440,0:21:55.520 this free tool 0:21:55.520,0:21:58.159 to validate your security configuration 0:21:58.159,0:22:00.159 on your target system 0:22:00.159,0:22:02.240 you don't have to pay 0:22:02.240,0:22:06.320 any if you are only using those basic 0:22:06.320,0:22:07.600 profiles 0:22:07.600,0:22:10.000 for your system for windows 10 and the 0:22:10.000,0:22:14.480 server ubuntu google clone 0:22:14.480,0:22:17.039 if you have more other system need to be 0:22:17.039,0:22:19.280 validated then you have to 0:22:19.280,0:22:22.880 get the license for your pro version 0:22:22.880,0:22:27.360 that will be in my different videos 0:22:27.360,0:22:30.960 that's all for this video how you can 0:22:30.960,0:22:33.520 use free tool 0:22:33.520,0:22:36.240 cis cad lite 0:22:36.240,0:22:39.200 to check your security settings on your 0:22:39.200,0:22:40.799 target 0:22:40.799,0:22:42.720 i hope you enjoyed it 0:22:42.720,0:22:45.120 if you find anything useful in this 0:22:45.120,0:22:46.960 video give me a thumb up 0:22:46.960,0:22:50.080 also please subscribe my channel if you 0:22:50.080,0:22:51.440 haven't 0:22:51.440,0:22:55.080 thank you for watching 0:22:59.200,0:23:02.269 [Music] 0:23:13.520,0:23:15.600 you