hello youtubers welcome back to my

nasdaq youtube channel

this is johnny a network and security

guy

when i'm wearing security hat

one of popular questions i got asked

is about

security of the system how i'm sure this

system has been configured securely

usually my answer is quite simple

that's wrong cis cat scanning

what is ciscat

this is just created the tool center for

internet security configuration

assessment tool

we are going to compare the target

configuration settings with cure

configuration settings recommended they

have 100 cs benchmarks for different

systems

after the comparison they're gonna give

you a report shows the score how to

secure your system and also give you

recommendation for how to remediate

those security holes you might have

this whole tool makes the scanning

validation and reporting much easier and

simpler for users who need to find out

the best security configuration for

their system

this is

very helpful and useful tool there are

two versions

such as cad flow and sas cad catalyte

in this video i'm gonna present it how

you can download cs catalyte how you can

run it and how you can do scan

for your target

now

let's jump into my lab and we can start

it

now let's take a look my lab topology

for this lab i have three machines

one is windows 2016

which we are gonna

launch cs cad lite from this machine to

do the scanning for windows 10 and

51 sec to local this dc

all those machines are in the domain

if you are using work groups and similar

operations

this is very simple network they're all

running in the same

network 192.168.2

if you have firewall between

your cis cad lite server and your

destinations you may need to open your

firewalls

but that will be in different topic

now let's download the cs cat lite

version free

cat tool

to scanning your destination

you can directly using the google to

search says cat lite the first link jump

out

that will be

this page

for this form what you need to do is you

don't need to provide your credit card

you private your minimum personal

information name

organization role

email sector country

how many employees how did you hear

about us

then

click get cs cad button

in couple minutes

you should be able to get the email like

this

cis center for internet security

says catalyte version 4

and the download link here

quick link

the downloading show happening

immediately

at about 148 megabytes

um place down your internet speed one

minute two minutes you should be able to

get it

so that how you can get it

you may also get the list

email as well to show you how to get

started with cis cad lite

that will help you

to start to use

this tool

you also can register for webmail

to get more informations

after you download the software

you will see

this zip file

says cad lite version 4.21.0

to run it

you don't need to install it

only thing you need to do extract all

i'm running

cs catalyte in my virtual machine

i'm giving a gigabyte to run

and for virtual cpu

it depending on

how many system you need to scan

usually

even four giga ram

to watch cpu

it's also more enough

once you unzip it you will get as

accessor

this folder

you will find out this assessor

dash gui exe file

to run it it is very simple just right

click this accessor

dash gui exe file run as administrator

you will see it shows cis cad pro access

in the windows title

if we are syncing this oh i maybe

download the wrong one

but actually the windows title shows

cscad pro accessor

eventually you will get cs cat light

version

since

that

restricted version from this floor

you will see here says cat light

it is using same web gui as pro version

only

thing is this is a restricted version

it's a light version and also you will

see they want you to

see the documentation which is pro

documentation you won't find too much

information about light but you will see

everything for the plot

once you launch the web degree scanning

the system gonna be very simple either

local or remote

the lite version

has no limitation how many targets you

can scan

so you can scan local and the remote

system that start from this local system

first

the local system is a windows 2016 as i

mentioned before so we're gonna

use

windows server list sas controls

assessment module implementation group 1

which is minimum requirement for the

server

and we're gonna choose list one

automated checks and the survey

questions

so you will get a lot of survey

questions for the interactive answers

one thing

the light version

this is different from pro version is

you only have limited benchmarks

for a pro version says dusty's provide

hundreds benchmarks for you to use but

here the benchmarks only limited a

couple from windows 10

ubuntu

google chrome

and the

minimum requirement for windows server

after you choose the benchmarks in the

profile

basically profile i was thinking it's

always baseline

and you can add it

so once you choose edit they will

give you

a text box to ask you

the questions

you can just

click okay okay

let about

29 questions for this survey

so

for me and just quickly

demonstrate the process i will pick

yes for all questions

so once all questions has been answered

let's select the profile and the

benchmark will be in this selected

section

after that

we can choose next

here report output options

since we are using light version we only

have html it's already select for us

if you using pro you can use in csv text

xml and json

and we can pick

the destination you leave default

you also can save a configuration file

for the future to use it and you don't

have to do all the selection again

next

so it's a sql

confirmation start assessment

assessments usually

take

two minutes to get it done

all right

we got a report

ma'am you can choose view html

that will show you a really nice report

in your browser

for my list machine automatic checks

failed 11

items

we have four passed

for user survey questions we got 29

questions since we selected yes for all

of them we passed 100

totally

77

pass

you should be able to see all check

details

for each failed items

you will see remediation recommendations

here

that should help you

to remedy

this failed item

so this is the local scanning

we also able to do the remote system

scanning

as mentioned before i have windows 10

setup as my target

and which is also joined local domain

i'm going to use him js catalyte

windows 2016 servers to scan is windows

10 and we also can do

that domain controller scan as well so

we can do

both

so you need to choose advanced for

remote target assistant

you're going to use windows 10 here

and one thing you may want to make sure

is

you can pin

your remote server

that's our

destination windows 10 server we can

check the name

windows 10 4

so once you confirm that

you can type your system name there

choose your system type

it's windows

in the future we also can do ubuntu

scanning by level b in different video

one thing you need to remember the win

rm windows remote management service has

to be up and running by default it

should be up and running already

if not in then you need to go back to

see is cat pro documentation to see how

to enable windows im how to use group

policy

to

enable indesign for your

destination username

i'm going to use a domain admin account

ip address

username actually

you need to specify the domain here as

well using the format that required

which is the username plus 51sec

code just make sure your domain name is

cracked

username scratch password is right

temporary pass we don't need a lot now

after you enter the destination

information you need to pick

the benchmarks

so we are going to use in windows 10

enterprise benchmark

we can

choose next generation windows security

there's a couple of other lines you can

choose we choose level 2

after all those

options you select it you can save it

it will add it into your target system

here

before you scan to next step you want to

make sure you have connections to the

target

if you see any errors happens here you

may want to go back to check your

settings

as you can see here i do see an error or

code creating a section

so we need to fix that

information before we can continue

so you choose your target system

and choose add it

and verify those configurations one by

one so we notice

we put that wrong ip here

let's save

and allow me to test the connection

again

now

alloys calm

connection establish it

let's go to the next step

choose our target system as i mentioned

before we can add more here target

system like we can add the domain

controller dc

windows

http

same thing

since it's a windows server so we

probably

need to change

the benchmarks so i just choose the

automated

subcontrols only

save

now we have two systems

so you need to choose or you can choose

multiple forefront using a control you

can choose two of them together to scan

i want to make sure we can go to the dc

as well let's test connection

so connection has been

tested successfully

establish it establish it

so let's uh

choose both

and go to next

we need a benchmark for our windows 10

believe we can choose this one choose

add

and save

so now it shows one so we need

benchmarks at least one benchmark for

each of system

next

again html has been selected for us

report

folder we keep default

then we do start

assessment

this may take um

two three minutes to get the post

dumping since it's remote it's slower

than doing a local

the process is the same

it created a connection

and the land goes through

all controls they need to

validate using script

and then validate all settings

and then come back with report

well after probably five minutes five

six minutes

the report

has been generated

we finished our scanning

so you will be able to see both reports

let's take a quick look here

it's for windows 10.

you also can check along

domain controllers

51 sec dc1

so now we finished our remote scanning

basically that's how you can use

this free tool

to validate your security configuration

on your target system

you don't have to pay

any if you are only using those basic

profiles

for your system for windows 10 and the

server ubuntu google clone

if you have more other system need to be

validated then you have to

get the license for your pro version

that will be in my different videos

that's all for this video how you can

use free tool

cis cad lite

to check your security settings on your

target

i hope you enjoyed it

if you find anything useful in this

video give me a thumb up

also please subscribe my channel if you

haven't

thank you for watching

[Music]

you