0:00:00.000,0:00:06.470
[Keyboard typing].

0:00:10.400,0:00:13.519
Hello, YouTubers. Welcome back to my

0:00:13.519,0:00:15.280
NetSec YouTube channel.

0:00:15.280,0:00:18.560
This is Johnny, a network and security

0:00:18.560,0:00:19.767
guy.

0:00:20.560,0:00:23.600
When I'm wearing my security hat,

0:00:23.600,0:00:26.720
one of popular questions I got asked

0:00:26.720,0:00:27.920
is about the

0:00:27.920,0:00:32.079
security of the system: How do I ensure this

0:00:32.079,0:00:35.440
system has been configured securely?

0:00:35.440,0:00:38.320
Usually, my answer is quite simple.

0:00:38.320,0:00:41.920
Let's run CIS-CAT scanning.

0:00:41.920,0:00:44.460
What is CIS-CAT?

0:00:45.680,0:00:48.960
This is just a tool created center for

0:00:48.960,0:00:50.960
Internet Security Configuration

0:00:50.960,0:00:53.199
Assessment Tool.

0:00:53.199,0:00:55.120
We are going to compare the target

0:00:55.120,0:00:58.079
configuration settings with core

0:00:58.079,0:01:00.800
configuration settings recommended. They

0:01:00.800,0:01:03.840
have hundreds of CS benchmarks for different

0:01:03.840,0:01:05.119
systems.

0:01:05.119,0:01:07.040
After the comparison, they're going to give

0:01:07.040,0:01:09.760
you a report that shows the score of how to

0:01:09.760,0:01:12.119
secure your system, and also give you

0:01:12.119,0:01:15.200
recommendations for how to remediate

0:01:15.200,0:01:18.320
those security holes you might have.

0:01:18.320,0:01:20.960
This whole tool makes the scanning,

0:01:20.960,0:01:23.840
validation, and reporting much easier and

0:01:23.840,0:01:27.040
simpler for users who need to find out

0:01:27.040,0:01:29.680
the best security configuration for

0:01:29.680,0:01:30.960
their system.

0:01:30.960,0:01:32.400
This is a

0:01:32.400,0:01:35.360
very helpful and useful tool. There are

0:01:35.360,0:01:37.040
two versions,

0:01:37.040,0:01:40.720
such as CIS-CAT Pro and CIS-CAT Lite.

0:01:40.720,0:01:43.920
In this video, I'm going to present how

0:01:43.920,0:01:47.360
you can download CIS-CAT Lite, how you can

0:01:47.360,0:01:50.479
run it, and how you can scan

0:01:50.479,0:01:52.479
for your target.

0:01:52.479,0:01:53.360
Now

0:01:53.360,0:01:56.000
let's jump into my lab, and we can start.

0:01:56.000,0:01:59.829
Let's start it!

0:02:01.128,0:02:04.159
1. Lab Topology

0:02:04.159,0:02:08.560
Now, let's take a look my lab topology.

0:02:08.560,0:02:12.319
For this lab, I have three machines.

0:02:12.319,0:02:14.800
One is Windows 2016,

0:02:14.800,0:02:16.319
which we are going to

0:02:16.319,0:02:19.520
launch CIS-CAT Lite from this machine to

0:02:19.520,0:02:23.360
do the scanning for Windows 10 and

0:02:23.360,0:02:27.200
51sec.local DC.

0:02:27.200,0:02:30.000
All those machines are in the domain.

0:02:30.000,0:02:33.200
If you are using workgroups, similar

0:02:33.200,0:02:35.840
operations.

0:02:35.840,0:02:38.720
Again, this is a very simple network. They're all

0:02:38.720,0:02:40.720
running in the same

0:02:40.720,0:02:44.319
network, 192.168.2.

0:02:44.319,0:02:46.879
If you have firewall between

0:02:46.879,0:02:50.800
your CIS-CAT Lite server and your

0:02:50.800,0:02:54.000
destinations, you may need to open your

0:02:54.000,0:02:55.440
firewalls,

0:02:55.440,0:02:58.779
but that will be in a different topic.

0:02:59.016,0:03:02.387
2. Download

0:03:03.040,0:03:06.400
Now, let's download the CIS-CAT Lite

0:03:06.400,0:03:08.319
version. It's a free

0:03:08.319,0:03:09.440
CAT tool

0:03:09.440,0:03:12.469
to scan your destination.

0:03:13.760,0:03:16.640
You can directly, using Google,

0:03:16.640,0:03:19.920
search for "CIS-CAT Lite." The first link will jump

0:03:19.920,0:03:20.800
out,

0:03:20.800,0:03:23.440
and it will be

0:03:23.680,0:03:25.519
this page.

0:03:25.519,0:03:28.080
For this form, what you need to do is--you

0:03:28.080,0:03:30.000
don't need to provide your credit card.

0:03:30.000,0:03:32.080
You provide your minimum personal

0:03:32.080,0:03:34.239
information: name,

0:03:34.239,0:03:36.480
organization, role,

0:03:36.480,0:03:40.159
email, sector, country,

0:03:40.159,0:03:42.239
how many employees, and how did you hear

0:03:42.239,0:03:43.599
about us.

0:03:43.599,0:03:45.040
Then,

0:03:45.040,0:03:48.879
click the "Get CIS-CAT" button.

0:03:48.879,0:03:50.640
In a couple of minutes,

0:03:50.640,0:03:52.400
you should be able to get the email like

0:03:52.400,0:03:53.920
this:

0:03:53.920,0:03:56.720
CIS Center for Internet Security,

0:03:56.720,0:03:59.680
CIS-CAT version 4,

0:03:59.680,0:04:03.360
and the download link here.

0:04:04.799,0:04:06.000
Click the link,

0:04:06.000,0:04:07.920
and the download should happen

0:04:07.920,0:04:10.400
immediately.

0:04:10.400,0:04:14.159
At about 148 megabytes.

0:04:14.159,0:04:16.320
Depending on your internet speed, one

0:04:16.320,0:04:18.238
minute, two minutes, you should be able to

0:04:18.238,0:04:19.409
get it.

0:04:20.569,0:04:23.600
So that how you can get it.

0:04:23.600,0:04:25.680
You may also get this

0:04:25.680,0:04:27.919
email as well to show you how to get

0:04:27.919,0:04:30.960
started with CIS-CAT Lite.

0:04:30.960,0:04:32.639
That will help you

0:04:32.639,0:04:34.800
to start to use

0:04:34.800,0:04:36.239
this tool.

0:04:37.840,0:04:40.240
You also can register for webmail

0:04:40.240,0:04:42.564
to get more information.

0:04:42.952,0:04:45.934
3. Run CIS-CAT Lite

0:04:46.400,0:04:49.199
After you download the software,

0:04:49.199,0:04:50.560
you will see

0:04:50.560,0:04:52.160
this zip file:

0:04:52.160,0:04:56.919
CIS-CAT Lite version 4.21.0.

0:04:57.280,0:04:58.800
To run it,

0:04:58.800,0:05:00.639
you don't need to install it.

0:05:00.639,0:05:04.472
The only thing you need to do is extract all.

0:05:07.759,0:05:09.280
I'm running

0:05:09.280,0:05:12.560
CIS-CAT Lite in my virtual machine.

0:05:12.560,0:05:16.080
I'm giving it 8 gigabytes of RAM

0:05:16.080,0:05:18.842
and 4 virtual CPUs.

0:05:19.919,0:05:21.360
It depends on

0:05:21.360,0:05:24.800
how many system you need to scan.

0:05:24.800,0:05:26.560
Usually,

0:05:26.560,0:05:28.320
even 4 gigabytes of RAM

0:05:28.320,0:05:30.320
and 2 virtual CPUs are

0:05:30.320,0:05:33.680
more than enough.

0:05:37.440,0:05:40.000
Once you unzip it, you will get

0:05:40.000,0:05:41.199
access to

0:05:41.199,0:05:43.840
this folder,

0:05:43.840,0:05:49.468
and you will find the "accessor-ui.exe" file.

0:05:50.479,0:05:58.634
To run it, it is very simple. Just right-click this "accessor-ui.exe" file and choose

0:05:58.634,0:06:00.479
"Run as administrator."

0:06:00.479,0:06:05.199
You will see it shows CIS-CAT Pro access

0:06:05.199,0:06:08.560
in the Windows title.

0:06:08.880,0:06:11.680
If we are syncing this, "Oh, maybe I

0:06:11.680,0:06:13.360
download the wrong one,"

0:06:13.360,0:06:16.639
but actually, the Windows title shows

0:06:16.639,0:06:19.520
"CIS-CAT Pro Accessor."

0:06:19.520,0:06:22.639
Eventually, you will get the CIS-CAT Lite

0:06:22.639,0:06:23.759
version

0:06:23.759,0:06:24.639
since

0:06:24.639,0:06:26.319
it's

0:06:26.319,0:06:29.280
a restricted version of this Pro.

0:06:29.280,0:06:34.199
You will see here "CIS-CAT Lite."

0:06:34.880,0:06:38.479
It uses the same Web GUI as the Pro version.

0:06:38.479,0:06:39.520
The only

0:06:39.520,0:06:42.639
thing is this is a restricted version.

0:06:42.639,0:06:45.280
It's a Lite version, and also you will

0:06:45.280,0:06:47.600
see they want you to

0:06:47.600,0:06:49.600
see the documentation, which is Pro

0:06:49.600,0:06:52.479
documentation. You won't find too much

0:06:52.479,0:06:55.039
information about the Lite, but you will see

0:06:55.039,0:06:57.713
everything for the Pro.

0:06:58.428,0:07:01.418
4. Assess Local System

0:07:02.560,0:07:05.360
Once you launch the Web GUI, scanning

0:07:05.360,0:07:07.360
the system gonna be very simple, either

0:07:07.360,0:07:09.599
local or remote.

0:07:09.599,0:07:11.440
The Lite version

0:07:11.440,0:07:15.039
has no limitation on how many targets you

0:07:15.039,0:07:16.880
can scan,

0:07:16.880,0:07:18.479
so you can scan local and the remote

0:07:18.479,0:07:21.199
system. Let's start from this local system

0:07:21.199,0:07:22.400
first.

0:07:22.400,0:07:25.599
The local system is Windows 2016, as I

0:07:25.599,0:07:28.639
mentioned before. So we are going to

0:07:28.639,0:07:31.363
use

0:07:33.199,0:07:37.440
Windows Server CIS controls

0:07:37.440,0:07:40.960
Assessment Module: Implementation Group 1,

0:07:40.960,0:07:43.440
which is the minimum requirement for the

0:07:43.440,0:07:45.081
server.

0:07:46.319,0:07:47.919
And we're going to choose this one,

0:07:47.919,0:07:50.240
automated checks, and the survey

0:07:50.240,0:07:51.440
questions.

0:07:51.440,0:07:52.960
So, you will get a lot of survey

0:07:52.960,0:07:58.160
questions for the interactive answers.

0:07:58.160,0:07:59.599
One thing:

0:07:59.599,0:08:01.280
The Lite version,

0:08:01.280,0:08:04.000
this is different from the Pro version:

0:08:04.000,0:08:07.039
you only have limited benchmarks.

0:08:07.039,0:08:10.400
The Pro version provides

0:08:10.400,0:08:13.440
hundreds of benchmarks for you to use, but

0:08:13.440,0:08:15.520
here the benchmarks only limited to a

0:08:15.520,0:08:17.919
couple, from Windows 10,

0:08:17.919,0:08:19.520
Ubuntu,

0:08:19.520,0:08:21.039
Google Chrome,

0:08:21.039,0:08:21.919
and the

0:08:21.919,0:08:25.360
minimum requirement for Windows Server.

0:08:25.360,0:08:27.680
After you choose the benchmarks and the

0:08:27.680,0:08:29.440
profile--

0:08:29.440,0:08:31.120
basically, the profile I would think of as

0:08:31.120,0:08:34.240
always being a baseline--

0:08:35.599,0:08:38.080
and you can add it.

0:08:38.080,0:08:40.719
So, once you choose "Add," it will

0:08:40.719,0:08:42.080
give you

0:08:42.080,0:08:44.240
a text box to ask you

0:08:44.240,0:08:46.880
questions.

0:08:46.880,0:08:48.000
You can just

0:08:48.000,0:08:50.080
click "OK." That's

0:08:50.080,0:08:51.720
about

0:08:51.720,0:08:57.200
29 questions for this survey.

0:08:57.200,0:08:58.320
So,

0:08:58.320,0:09:00.560
for me, I'm just quickly

0:09:00.560,0:09:04.000
demonstrating the process. I will click

0:09:04.000,0:09:08.279
"Yes" for all questions.

0:09:23.440,0:09:26.160
So, once all questions have been answered,

0:09:26.160,0:09:28.320
the selected profile and

0:09:28.320,0:09:31.519
benchmark will be in this selected

0:09:31.519,0:09:33.519
section.

0:09:33.519,0:09:35.360
After that,

0:09:35.360,0:09:38.320
we can choose "Next."

0:09:38.320,0:09:41.440
Here are the report output options.

0:09:41.440,0:09:43.360
Since we are using the Lite version, we only

0:09:43.360,0:09:47.760
have HTML. It's already selected for us.

0:09:47.760,0:09:50.560
If you're using the Pro, you can use CSV, text,

0:09:50.560,0:09:53.279
XML, and JSON.

0:09:53.279,0:09:55.040
And we can pick

0:09:55.040,0:09:58.560
the destination, and you leave it as default.

0:09:58.560,0:10:01.200
You also can save the configuration file

0:10:01.200,0:10:03.200
for the future use, and you don't

0:10:03.200,0:10:08.000
have to do all the selection again.

0:10:08.160,0:10:10.240
Click "Next."

0:10:10.240,0:10:12.560
So it will ask you for

0:10:12.560,0:10:16.959
confirmation to start the assessment.

0:10:17.120,0:10:19.040
The assessment usually

0:10:19.040,0:10:20.000
takes

0:10:20.000,0:10:24.200
two minutes to get done.

0:10:45.200,0:10:46.640
Alright,

0:10:46.640,0:10:49.519
we got a report.

0:10:50.320,0:10:54.720
Then, you can choose "View HTML," and

0:10:54.720,0:10:58.079
that will show you a really nice report

0:10:58.079,0:11:01.320
in your browser.

0:11:02.560,0:11:05.760
For my machine, the automated checks

0:11:05.760,0:11:07.839
failed 11

0:11:07.839,0:11:09.200
items,

0:11:09.200,0:11:12.399
we have 4 passed.

0:11:12.399,0:11:14.640
For user survey questions, we got 29

0:11:14.640,0:11:16.800
questions since we selected "Yes" for all

0:11:16.800,0:11:19.519
of them, we passed 100%.

0:11:19.519,0:11:21.360
Total

0:11:21.360,0:11:22.959
77%

0:11:22.959,0:11:24.336
pass.

0:11:26.480,0:11:29.200
You should be able to see all the check

0:11:29.200,0:11:30.899
details.

0:11:34.800,0:11:38.000
For each failed item,

0:11:38.000,0:11:41.040
you will see remediation recommendations

0:11:41.040,0:11:43.120
here.

0:11:43.120,0:11:45.040
That should help you

0:11:45.040,0:11:46.320
to remedy

0:11:46.320,0:11:49.600
the failed items.

0:11:49.600,0:11:54.760
So, this is the local scanning.

0:11:56.320,0:11:58.800
We're also able to do the remote system

0:11:58.800,0:12:01.360
scanning.

0:12:08.079,0:12:11.760
As mentioned before, I have Windows 10

0:12:11.760,0:12:13.839
set up as my target,

0:12:13.839,0:12:18.800
which is also joined to the local domain.

0:12:18.800,0:12:22.160
I'm going to use the CIS-CAT Lite

0:12:22.160,0:12:25.200
Windows 2016 server to scan this Windows

0:12:25.200,0:12:27.440
10, and we also can do

0:12:27.440,0:12:29.839
the domain controller scan as well. So,

0:12:29.839,0:12:31.040
we can do

0:12:31.040,0:12:34.040
both.

0:12:38.720,0:12:41.760
So, you need to choose "Advanced" for

0:12:41.760,0:12:44.429
remote or target system.

0:12:48.079,0:12:51.680
I'm going to use Windows 10 here.

0:12:51.680,0:12:53.440
And one thing you may want to make sure

0:12:53.440,0:12:54.480
is that

0:12:54.480,0:12:57.440
you can ping

0:12:57.519,0:12:59.844
your remote server.

0:13:04.959,0:13:07.118
That's our

0:13:10.959,0:13:13.440
destination, Windows 10 server. We can

0:13:13.440,0:13:15.496
check the name:

0:13:18.160,0:13:20.630
Windows 10-4.

0:13:21.210,0:13:23.440
So, once you confirm that,

0:13:23.440,0:13:26.560
you can type your system name there,

0:13:26.560,0:13:28.560
choose your system type,

0:13:28.560,0:13:30.000
(Windows).

0:13:30.000,0:13:32.079
In the future, we also can do Ubuntu

0:13:32.079,0:13:37.360
scanning, but that will be in a different video.

0:13:37.360,0:13:40.550
One thing you need to remember: the WinRM

0:13:40.550,0:13:42.560
(Windows Remote Management) Service has

0:13:42.560,0:13:44.320
to be up and running by default. It

0:13:44.320,0:13:46.800
should be up and running already.

0:13:46.800,0:13:49.200
If not, then you need to go back to

0:13:49.200,0:13:52.880
CIS-CAT Pro documentation to see how

0:13:52.880,0:13:55.120
to enable Windows ARM and how to use Group

0:13:55.120,0:13:56.560
Policy

0:13:56.560,0:13:57.600
to

0:13:57.600,0:14:00.839
enable Windows 10 for your

0:14:00.839,0:14:04.560
destination. Username:

0:14:05.839,0:14:10.480
I'm going to use a domain admin account.

0:14:11.760,0:14:15.160
IP address.

0:14:17.680,0:14:19.680
Username, actually,

0:14:19.680,0:14:22.320
you need to specify the domain here as

0:14:22.320,0:14:25.839
well using the format that's required:

0:14:25.839,0:14:30.390
which is username plus 51.sec.local.

0:14:30.390,0:14:32.240
Just make sure your domain name is

0:14:32.240,0:14:33.199
correct.

0:14:33.199,0:14:36.560
Username is correct. Password is correct.

0:14:36.560,0:14:39.680
No temporary password is needed. Now,

0:14:39.680,0:14:42.079
after you enter the destination

0:14:42.079,0:14:45.360
information, you need to pick

0:14:45.360,0:14:48.160
the benchmark.

0:14:49.040,0:14:50.560
So, we are going to use the Windows 10

0:14:50.560,0:14:52.639
Enterprise benchmark.

0:14:52.639,0:14:53.760
We can

0:14:53.760,0:14:57.199
choose Next Generation Windows Security.

0:14:57.199,0:14:58.720
There's a couple of other options you can

0:14:58.720,0:15:00.959
choose, but we choose level 2.

0:15:00.959,0:15:02.639
After all those

0:15:02.639,0:15:06.240
options you selected it, you can save it,

0:15:06.240,0:15:08.959
and it will add it into your target system

0:15:08.959,0:15:11.279
here.

0:15:11.360,0:15:14.160
Before you scan to next step, you want to

0:15:14.160,0:15:16.560
make sure you have a connection to the

0:15:16.560,0:15:19.040
target.

0:15:21.279,0:15:24.639
If you see any errors happens here, you

0:15:24.639,0:15:27.120
may want to go back to check your

0:15:27.120,0:15:28.240
settings.

0:15:28.240,0:15:31.040
As you can see here, I do see an error

0:15:31.040,0:15:34.480
occurred while creating a session.

0:15:35.360,0:15:37.360
So, we need to fix that

0:15:37.360,0:15:41.040
information before we can continue.

0:15:41.040,0:15:44.079
So, you choose your target system,

0:15:44.079,0:15:46.240
and choose "Edit" to

0:15:46.240,0:15:49.920
verify those configurations one by

0:15:49.920,0:15:51.920
one. So, we noticed

0:15:51.920,0:15:55.440
I put that wrong IP here.

0:15:55.440,0:15:58.320
Save.

0:15:58.399,0:16:00.320
Let me test the connection

0:16:00.320,0:16:02.096
again.

0:16:11.120,0:16:12.079
Now,

0:16:12.079,0:16:14.480
the error is gone, and the

0:16:14.480,0:16:16.880
connection is established.

0:16:16.880,0:16:20.759
Let's go to the next step.

0:16:22.959,0:16:24.959
Choose our target system. As I mentioned

0:16:24.959,0:16:27.839
before, we can add more target

0:16:27.839,0:16:29.600
system here, like, we can add the domain

0:16:29.600,0:16:32.639
controller (DC),

0:16:34.399,0:16:37.120
Windows,

0:16:37.120,0:16:39.360
HTTP,

0:16:39.360,0:16:42.680
etc.

0:16:54.639,0:16:57.120
Since it's a Windows Server, we

0:16:57.120,0:16:59.600
probably

0:16:59.680,0:17:01.199
need to change

0:17:01.199,0:17:03.279
the benchmarks, so I just choose the

0:17:03.279,0:17:04.559
automated

0:17:04.559,0:17:07.679
sub-controls only

0:17:15.599,0:17:17.679
and save it.

0:17:17.679,0:17:21.039
Now, we have two systems.

0:17:22.400,0:17:24.400
So, you need to choose, or you can choose

0:17:24.400,0:17:26.959
multiple of them using the controls. You

0:17:26.959,0:17:30.240
can choose two of them together to scan.

0:17:30.240,0:17:32.720
i want to make sure we can go to the DC

0:17:32.720,0:17:36.679
as well. Let's test the connection.

0:17:47.200,0:17:48.960
So, connection has been

0:17:48.960,0:17:51.440
tested successfully.

0:17:51.440,0:17:54.799
It's established.

0:17:54.799,0:17:56.640
So, let's

0:17:56.640,0:17:58.000
choose both

0:17:58.000,0:18:01.720
and go to the next step.

0:18:16.559,0:18:21.760
We need a benchmark for our Windows 10.

0:18:21.760,0:18:24.240
I believe we can choose this one. Choose,

0:18:24.240,0:18:26.320
add,

0:18:26.320,0:18:28.559
and save.

0:18:28.559,0:18:32.160
So, now it shows one. So, we need

0:18:32.160,0:18:34.960
at least one benchmark for

0:18:34.960,0:18:37.039
each system.

0:18:37.039,0:18:39.039
Click "Next."

0:18:39.039,0:18:42.480
Again, HTML has been selected for us.

0:18:42.480,0:18:44.320
The report

0:18:44.320,0:18:46.799
folder, we keep default.

0:18:46.799,0:18:49.600
Then, we do start

0:18:49.600,0:18:51.421
assessment.

0:18:53.440,0:18:55.679
This may take

0:18:55.679,0:18:58.240
two or three minutes to get the post.

0:18:58.240,0:19:00.720
Since it's remote, it's slower

0:19:00.720,0:19:02.960
than doing a local.

0:19:02.960,0:19:04.880
The process is the same.

0:19:04.880,0:19:07.120
It created a connection

0:19:07.120,0:19:09.200
and then goes through

0:19:09.200,0:19:12.400
all the controls they need to

0:19:12.400,0:19:15.520
validate using script.

0:19:15.520,0:19:18.160
And then validate all settings,

0:19:18.160,0:19:20.980
and then come back with the report.

0:20:50.320,0:20:53.200
Well, after probably five minutes or

0:20:53.200,0:20:55.200
six minutes,

0:20:55.200,0:20:56.799
the report

0:20:56.799,0:20:59.200
has been generated.

0:20:59.200,0:21:01.600
We finished our scanning.

0:21:01.600,0:21:06.000
So, you will be able to see both reports.

0:21:06.000,0:21:09.730
Let's take a quick look here.

0:21:20.159,0:21:24.120
It's for Windows 10.

0:21:32.320,0:21:34.720
You also can check along

0:21:34.720,0:21:37.440
domain controllers,

0:21:37.440,0:21:40.210
51secdc1.

0:21:46.000,0:21:50.159
So, now we finished our remote scanning.

0:21:50.159,0:21:53.440
Basically, that's how you can use

0:21:53.440,0:21:55.520
this free tool

0:21:55.520,0:21:58.159
to validate your security configuration

0:21:58.159,0:22:00.159
on your target system.

0:22:00.159,0:22:02.240
You don't have to pay

0:22:02.240,0:22:06.320
anything if you are only using those basic

0:22:06.320,0:22:07.600
profiles.

0:22:07.600,0:22:10.000
For your system, for Windows 10, and the

0:22:10.000,0:22:14.480
server Ubuntu, Google Chrome,

0:22:14.480,0:22:17.039
if you have more, other systems need to be

0:22:17.039,0:22:19.280
validated. Then, you have to

0:22:19.280,0:22:22.880
get the license for your Pro version.

0:22:22.880,0:22:27.360
That will be in different videos.

0:22:27.360,0:22:30.960
That's all for this video. This is how you can

0:22:30.960,0:22:33.520
use the free tool,

0:22:33.520,0:22:36.240
CIS-CAT Lite,

0:22:36.240,0:22:39.200
to check your security settings on your

0:22:39.200,0:22:40.799
target.

0:22:40.799,0:22:42.720
I hope you enjoyed it.

0:22:42.720,0:22:45.120
If you find anything useful in this

0:22:45.120,0:22:46.960
video, give me a thumb up.

0:22:46.960,0:22:50.080
Also, please subscribe to my channel if you

0:22:50.080,0:22:51.440
haven't.

0:22:51.440,0:22:53.991
Thank you for watching.

0:22:53.991,0:23:13.620
[Music].