1
00:00:00,000 --> 00:00:06,470
[Keyboard typing].

2
00:00:10,400 --> 00:00:13,519
Hello, YouTubers. Welcome back to my

3
00:00:13,519 --> 00:00:15,280
NetSec YouTube channel.

4
00:00:15,280 --> 00:00:18,560
This is Johnny, a network and security

5
00:00:18,560 --> 00:00:19,767
guy.

6
00:00:20,560 --> 00:00:23,600
When I'm wearing my security hat,

7
00:00:23,600 --> 00:00:26,720
one of popular questions I got asked

8
00:00:26,720 --> 00:00:27,920
is about the

9
00:00:27,920 --> 00:00:32,079
security of the system: How do I ensure this

10
00:00:32,079 --> 00:00:35,440
system has been configured securely?

11
00:00:35,440 --> 00:00:38,320
Usually, my answer is quite simple.

12
00:00:38,320 --> 00:00:41,920
Let's run CIS-CAT scanning.

13
00:00:41,920 --> 00:00:44,460
What is CIS-CAT?

14
00:00:45,680 --> 00:00:48,960
This is just a tool created center for

15
00:00:48,960 --> 00:00:50,960
Internet Security Configuration

16
00:00:50,960 --> 00:00:53,199
Assessment Tool.

17
00:00:53,199 --> 00:00:55,120
We are going to compare the target

18
00:00:55,120 --> 00:00:58,079
configuration settings with core

19
00:00:58,079 --> 00:01:00,800
configuration settings recommended. They

20
00:01:00,800 --> 00:01:03,840
have hundreds of CS benchmarks for different

21
00:01:03,840 --> 00:01:05,119
systems.

22
00:01:05,119 --> 00:01:07,040
After the comparison, they're going to give

23
00:01:07,040 --> 00:01:09,760
you a report that shows the score of how to

24
00:01:09,760 --> 00:01:12,119
secure your system, and also give you

25
00:01:12,119 --> 00:01:15,200
recommendations for how to remediate

26
00:01:15,200 --> 00:01:18,320
those security holes you might have.

27
00:01:18,320 --> 00:01:20,960
This whole tool makes the scanning,

28
00:01:20,960 --> 00:01:23,840
validation, and reporting much easier and

29
00:01:23,840 --> 00:01:27,040
simpler for users who need to find out

30
00:01:27,040 --> 00:01:29,680
the best security configuration for

31
00:01:29,680 --> 00:01:30,960
their system.

32
00:01:30,960 --> 00:01:32,400
This is a

33
00:01:32,400 --> 00:01:35,360
very helpful and useful tool. There are

34
00:01:35,360 --> 00:01:37,040
two versions,

35
00:01:37,040 --> 00:01:40,720
such as CIS-CAT Pro and CIS-CAT Lite.

36
00:01:40,720 --> 00:01:43,920
In this video, I'm going to present how

37
00:01:43,920 --> 00:01:47,360
you can download CIS-CAT Lite, how you can

38
00:01:47,360 --> 00:01:50,479
run it, and how you can scan

39
00:01:50,479 --> 00:01:52,479
for your target.

40
00:01:52,479 --> 00:01:53,360
Now

41
00:01:53,360 --> 00:01:56,000
let's jump into my lab, and we can start.

42
00:01:56,000 --> 00:01:59,829
Let's start it!

43
00:02:01,128 --> 00:02:04,159
1. Lab Topology

44
00:02:04,159 --> 00:02:08,560
Now, let's take a look my lab topology.

45
00:02:08,560 --> 00:02:12,319
For this lab, I have three machines.

46
00:02:12,319 --> 00:02:14,800
One is Windows 2016,

47
00:02:14,800 --> 00:02:16,319
which we are going to

48
00:02:16,319 --> 00:02:19,520
launch CIS-CAT Lite from this machine to

49
00:02:19,520 --> 00:02:23,360
do the scanning for Windows 10 and

50
00:02:23,360 --> 00:02:27,200
51sec.local DC.

51
00:02:27,200 --> 00:02:30,000
All those machines are in the domain.

52
00:02:30,000 --> 00:02:33,200
If you are using workgroups, similar

53
00:02:33,200 --> 00:02:35,840
operations.

54
00:02:35,840 --> 00:02:38,720
Again, this is a very simple network. They're all

55
00:02:38,720 --> 00:02:40,720
running in the same

56
00:02:40,720 --> 00:02:44,319
network, 192.168.2.

57
00:02:44,319 --> 00:02:46,879
If you have firewall between

58
00:02:46,879 --> 00:02:50,800
your CIS-CAT Lite server and your

59
00:02:50,800 --> 00:02:54,000
destinations, you may need to open your

60
00:02:54,000 --> 00:02:55,440
firewalls,

61
00:02:55,440 --> 00:02:58,779
but that will be in a different topic.

62
00:02:59,016 --> 00:03:02,387
2. Download

63
00:03:03,040 --> 00:03:06,400
Now, let's download the CIS-CAT Lite

64
00:03:06,400 --> 00:03:08,319
version. It's a free

65
00:03:08,319 --> 00:03:09,440
CAT tool

66
00:03:09,440 --> 00:03:12,469
to scan your destination.

67
00:03:13,760 --> 00:03:16,640
You can directly, using Google,

68
00:03:16,640 --> 00:03:19,920
search for "CIS-CAT Lite." The first link will jump

69
00:03:19,920 --> 00:03:20,800
out,

70
00:03:20,800 --> 00:03:23,440
and it will be

71
00:03:23,680 --> 00:03:25,519
this page.

72
00:03:25,519 --> 00:03:28,080
For this form, what you need to do is--you

73
00:03:28,080 --> 00:03:30,000
don't need to provide your credit card.

74
00:03:30,000 --> 00:03:32,080
You provide your minimum personal

75
00:03:32,080 --> 00:03:34,239
information: name,

76
00:03:34,239 --> 00:03:36,480
organization, role,

77
00:03:36,480 --> 00:03:40,159
email, sector, country,

78
00:03:40,159 --> 00:03:42,239
how many employees, and how did you hear

79
00:03:42,239 --> 00:03:43,599
about us.

80
00:03:43,599 --> 00:03:45,040
Then,

81
00:03:45,040 --> 00:03:48,879
click the "Get CIS-CAT" button.

82
00:03:48,879 --> 00:03:50,640
In a couple of minutes,

83
00:03:50,640 --> 00:03:52,400
you should be able to get the email like

84
00:03:52,400 --> 00:03:53,920
this:

85
00:03:53,920 --> 00:03:56,720
CIS Center for Internet Security,

86
00:03:56,720 --> 00:03:59,680
CIS-CAT version 4,

87
00:03:59,680 --> 00:04:03,360
and the download link here.

88
00:04:04,799 --> 00:04:06,000
Click the link,

89
00:04:06,000 --> 00:04:07,920
and the download should happen

90
00:04:07,920 --> 00:04:10,400
immediately.

91
00:04:10,400 --> 00:04:14,159
At about 148 megabytes.

92
00:04:14,159 --> 00:04:16,320
Depending on your internet speed, one

93
00:04:16,320 --> 00:04:18,238
minute, two minutes, you should be able to

94
00:04:18,238 --> 00:04:19,409
get it.

95
00:04:20,569 --> 00:04:23,600
So that how you can get it.

96
00:04:23,600 --> 00:04:25,680
You may also get this

97
00:04:25,680 --> 00:04:27,919
email as well to show you how to get

98
00:04:27,919 --> 00:04:30,960
started with CIS-CAT Lite.

99
00:04:30,960 --> 00:04:32,639
That will help you

100
00:04:32,639 --> 00:04:34,800
to start to use

101
00:04:34,800 --> 00:04:36,239
this tool.

102
00:04:37,840 --> 00:04:40,240
You also can register for webmail

103
00:04:40,240 --> 00:04:42,564
to get more information.

104
00:04:42,952 --> 00:04:45,934
3. Run CIS-CAT Lite

105
00:04:46,400 --> 00:04:49,199
After you download the software,

106
00:04:49,199 --> 00:04:50,560
you will see

107
00:04:50,560 --> 00:04:52,160
this zip file:

108
00:04:52,160 --> 00:04:56,919
CIS-CAT Lite version 4.21.0.

109
00:04:57,280 --> 00:04:58,800
To run it,

110
00:04:58,800 --> 00:05:00,639
you don't need to install it.

111
00:05:00,639 --> 00:05:04,472
The only thing you need to do is extract all.

112
00:05:07,759 --> 00:05:09,280
I'm running

113
00:05:09,280 --> 00:05:12,560
CIS-CAT Lite in my virtual machine.

114
00:05:12,560 --> 00:05:16,080
I'm giving it 8 gigabytes of RAM

115
00:05:16,080 --> 00:05:18,842
and 4 virtual CPUs.

116
00:05:19,919 --> 00:05:21,360
It depends on

117
00:05:21,360 --> 00:05:24,800
how many system you need to scan.

118
00:05:24,800 --> 00:05:26,560
Usually,

119
00:05:26,560 --> 00:05:28,320
even 4 gigabytes of RAM

120
00:05:28,320 --> 00:05:30,320
and 2 virtual CPUs are

121
00:05:30,320 --> 00:05:33,680
more than enough.

122
00:05:37,440 --> 00:05:40,000
Once you unzip it, you will get

123
00:05:40,000 --> 00:05:41,199
access to

124
00:05:41,199 --> 00:05:43,840
this folder,

125
00:05:43,840 --> 00:05:49,468
and you will find the "accessor-ui.exe" file.

126
00:05:50,479 --> 00:05:58,634
To run it, it is very simple. Just right-click this "accessor-ui.exe" file and choose

127
00:05:58,634 --> 00:06:00,479
"Run as administrator."

128
00:06:00,479 --> 00:06:05,199
You will see it shows CIS-CAT Pro access

129
00:06:05,199 --> 00:06:08,560
in the Windows title.

130
00:06:08,880 --> 00:06:11,680
If we are syncing this, "Oh, maybe I

131
00:06:11,680 --> 00:06:13,360
download the wrong one,"

132
00:06:13,360 --> 00:06:16,639
but actually, the Windows title shows

133
00:06:16,639 --> 00:06:19,520
"CIS-CAT Pro Accessor."

134
00:06:19,520 --> 00:06:22,639
Eventually, you will get the CIS-CAT Lite

135
00:06:22,639 --> 00:06:23,759
version

136
00:06:23,759 --> 00:06:24,639
since

137
00:06:24,639 --> 00:06:26,319
it's

138
00:06:26,319 --> 00:06:29,280
a restricted version of this Pro.

139
00:06:29,280 --> 00:06:34,199
You will see here "CIS-CAT Lite."

140
00:06:34,880 --> 00:06:38,479
It uses the same Web GUI as the Pro version.

141
00:06:38,479 --> 00:06:39,520
The only

142
00:06:39,520 --> 00:06:42,639
thing is this is a restricted version.

143
00:06:42,639 --> 00:06:45,280
It's a Lite version, and also you will

144
00:06:45,280 --> 00:06:47,600
see they want you to

145
00:06:47,600 --> 00:06:49,600
see the documentation, which is Pro

146
00:06:49,600 --> 00:06:52,479
documentation. You won't find too much

147
00:06:52,479 --> 00:06:55,039
information about the Lite, but you will see

148
00:06:55,039 --> 00:06:57,713
everything for the Pro.

149
00:06:58,428 --> 00:07:01,418
4. Assess Local System

150
00:07:02,560 --> 00:07:05,360
Once you launch the Web GUI, scanning

151
00:07:05,360 --> 00:07:07,360
the system gonna be very simple, either

152
00:07:07,360 --> 00:07:09,599
local or remote.

153
00:07:09,599 --> 00:07:11,440
The Lite version

154
00:07:11,440 --> 00:07:15,039
has no limitation on how many targets you

155
00:07:15,039 --> 00:07:16,880
can scan,

156
00:07:16,880 --> 00:07:18,479
so you can scan local and the remote

157
00:07:18,479 --> 00:07:21,199
system. Let's start from this local system

158
00:07:21,199 --> 00:07:22,400
first.

159
00:07:22,400 --> 00:07:25,599
The local system is Windows 2016, as I

160
00:07:25,599 --> 00:07:28,639
mentioned before. So we are going to

161
00:07:28,639 --> 00:07:31,363
use

162
00:07:33,199 --> 00:07:37,440
Windows Server CIS controls

163
00:07:37,440 --> 00:07:40,960
Assessment Module: Implementation Group 1,

164
00:07:40,960 --> 00:07:43,440
which is the minimum requirement for the

165
00:07:43,440 --> 00:07:45,081
server.

166
00:07:46,319 --> 00:07:47,919
And we're going to choose this one,

167
00:07:47,919 --> 00:07:50,240
automated checks, and the survey

168
00:07:50,240 --> 00:07:51,440
questions.

169
00:07:51,440 --> 00:07:52,960
So, you will get a lot of survey

170
00:07:52,960 --> 00:07:58,160
questions for the interactive answers.

171
00:07:58,160 --> 00:07:59,599
One thing:

172
00:07:59,599 --> 00:08:01,280
The Lite version,

173
00:08:01,280 --> 00:08:04,000
this is different from the Pro version:

174
00:08:04,000 --> 00:08:07,039
you only have limited benchmarks.

175
00:08:07,039 --> 00:08:10,400
The Pro version provides

176
00:08:10,400 --> 00:08:13,440
hundreds of benchmarks for you to use, but

177
00:08:13,440 --> 00:08:15,520
here the benchmarks only limited to a

178
00:08:15,520 --> 00:08:17,919
couple, from Windows 10,

179
00:08:17,919 --> 00:08:19,520
Ubuntu,

180
00:08:19,520 --> 00:08:21,039
Google Chrome,

181
00:08:21,039 --> 00:08:21,919
and the

182
00:08:21,919 --> 00:08:25,360
minimum requirement for Windows Server.

183
00:08:25,360 --> 00:08:27,680
After you choose the benchmarks and the

184
00:08:27,680 --> 00:08:29,440
profile--

185
00:08:29,440 --> 00:08:31,120
basically, the profile I would think of as

186
00:08:31,120 --> 00:08:34,240
always being a baseline--

187
00:08:35,599 --> 00:08:38,080
and you can add it.

188
00:08:38,080 --> 00:08:40,719
So, once you choose "Add," it will

189
00:08:40,719 --> 00:08:42,080
give you

190
00:08:42,080 --> 00:08:44,240
a text box to ask you

191
00:08:44,240 --> 00:08:46,880
questions.

192
00:08:46,880 --> 00:08:48,000
You can just

193
00:08:48,000 --> 00:08:50,080
click "OK." That's

194
00:08:50,080 --> 00:08:51,720
about

195
00:08:51,720 --> 00:08:57,200
29 questions for this survey.

196
00:08:57,200 --> 00:08:58,320
So,

197
00:08:58,320 --> 00:09:00,560
for me, I'm just quickly

198
00:09:00,560 --> 00:09:04,000
demonstrating the process. I will click

199
00:09:04,000 --> 00:09:08,279
"Yes" for all questions.

200
00:09:23,440 --> 00:09:26,160
So, once all questions have been answered,

201
00:09:26,160 --> 00:09:28,320
the selected profile and

202
00:09:28,320 --> 00:09:31,519
benchmark will be in this selected

203
00:09:31,519 --> 00:09:33,519
section.

204
00:09:33,519 --> 00:09:35,360
After that,

205
00:09:35,360 --> 00:09:38,320
we can choose "Next."

206
00:09:38,320 --> 00:09:41,440
Here are the report output options.

207
00:09:41,440 --> 00:09:43,360
Since we are using the Lite version, we only

208
00:09:43,360 --> 00:09:47,760
have HTML. It's already selected for us.

209
00:09:47,760 --> 00:09:50,560
If you're using the Pro, you can use CSV, text,

210
00:09:50,560 --> 00:09:53,279
XML, and JSON.

211
00:09:53,279 --> 00:09:55,040
And we can pick

212
00:09:55,040 --> 00:09:58,560
the destination, and you leave it as default.

213
00:09:58,560 --> 00:10:01,200
You also can save the configuration file

214
00:10:01,200 --> 00:10:03,200
for the future use, and you don't

215
00:10:03,200 --> 00:10:08,000
have to do all the selection again.

216
00:10:08,160 --> 00:10:10,240
Click "Next."

217
00:10:10,240 --> 00:10:12,560
So it will ask you for

218
00:10:12,560 --> 00:10:16,959
confirmation to start the assessment.

219
00:10:17,120 --> 00:10:19,040
The assessment usually

220
00:10:19,040 --> 00:10:20,000
takes

221
00:10:20,000 --> 00:10:24,200
two minutes to get done.

222
00:10:45,200 --> 00:10:46,640
Alright,

223
00:10:46,640 --> 00:10:49,519
we got a report.

224
00:10:50,320 --> 00:10:54,720
Then, you can choose "View HTML," and

225
00:10:54,720 --> 00:10:58,079
that will show you a really nice report

226
00:10:58,079 --> 00:11:01,320
in your browser.

227
00:11:02,560 --> 00:11:05,760
For my machine, the automated checks

228
00:11:05,760 --> 00:11:07,839
failed 11

229
00:11:07,839 --> 00:11:09,200
items,

230
00:11:09,200 --> 00:11:12,399
we have 4 passed.

231
00:11:12,399 --> 00:11:14,640
For user survey questions, we got 29

232
00:11:14,640 --> 00:11:16,800
questions since we selected "Yes" for all

233
00:11:16,800 --> 00:11:19,519
of them, we passed 100%.

234
00:11:19,519 --> 00:11:21,360
Total

235
00:11:21,360 --> 00:11:22,959
77%

236
00:11:22,959 --> 00:11:24,336
pass.

237
00:11:26,480 --> 00:11:29,200
You should be able to see all the check

238
00:11:29,200 --> 00:11:30,899
details.

239
00:11:34,800 --> 00:11:38,000
For each failed item,

240
00:11:38,000 --> 00:11:41,040
you will see remediation recommendations

241
00:11:41,040 --> 00:11:43,120
here.

242
00:11:43,120 --> 00:11:45,040
That should help you

243
00:11:45,040 --> 00:11:46,320
to remedy

244
00:11:46,320 --> 00:11:49,600
the failed items.

245
00:11:49,600 --> 00:11:54,760
So, this is the local scanning.

246
00:11:56,320 --> 00:11:58,800
We're also able to do the remote system

247
00:11:58,800 --> 00:12:01,360
scanning.

248
00:12:08,079 --> 00:12:11,760
As mentioned before, I have Windows 10

249
00:12:11,760 --> 00:12:13,839
set up as my target,

250
00:12:13,839 --> 00:12:18,800
which is also joined to the local domain.

251
00:12:18,800 --> 00:12:22,160
I'm going to use the CIS-CAT Lite

252
00:12:22,160 --> 00:12:25,200
Windows 2016 server to scan this Windows

253
00:12:25,200 --> 00:12:27,440
10, and we also can do

254
00:12:27,440 --> 00:12:29,839
the domain controller scan as well. So,

255
00:12:29,839 --> 00:12:31,040
we can do

256
00:12:31,040 --> 00:12:34,040
both.

257
00:12:38,720 --> 00:12:41,760
So, you need to choose "Advanced" for

258
00:12:41,760 --> 00:12:44,429
remote or target system.

259
00:12:48,079 --> 00:12:51,680
I'm going to use Windows 10 here.

260
00:12:51,680 --> 00:12:53,440
And one thing you may want to make sure

261
00:12:53,440 --> 00:12:54,480
is that

262
00:12:54,480 --> 00:12:57,440
you can ping

263
00:12:57,519 --> 00:12:59,844
your remote server.

264
00:13:04,959 --> 00:13:07,118
That's our

265
00:13:10,959 --> 00:13:13,440
destination, Windows 10 server. We can

266
00:13:13,440 --> 00:13:15,496
check the name:

267
00:13:18,160 --> 00:13:20,630
Windows 10-4.

268
00:13:21,210 --> 00:13:23,440
So, once you confirm that,

269
00:13:23,440 --> 00:13:26,560
you can type your system name there,

270
00:13:26,560 --> 00:13:28,560
choose your system type,

271
00:13:28,560 --> 00:13:30,000
(Windows).

272
00:13:30,000 --> 00:13:32,079
In the future, we also can do Ubuntu

273
00:13:32,079 --> 00:13:37,360
scanning, but that will be in a different video.

274
00:13:37,360 --> 00:13:40,550
One thing you need to remember: the WinRM

275
00:13:40,550 --> 00:13:42,560
(Windows Remote Management) Service has

276
00:13:42,560 --> 00:13:44,320
to be up and running by default. It

277
00:13:44,320 --> 00:13:46,800
should be up and running already.

278
00:13:46,800 --> 00:13:49,200
If not, then you need to go back to

279
00:13:49,200 --> 00:13:52,880
CIS-CAT Pro documentation to see how

280
00:13:52,880 --> 00:13:55,120
to enable Windows ARM and how to use Group

281
00:13:55,120 --> 00:13:56,560
Policy

282
00:13:56,560 --> 00:13:57,600
to

283
00:13:57,600 --> 00:14:00,839
enable Windows 10 for your

284
00:14:00,839 --> 00:14:04,560
destination. Username:

285
00:14:05,839 --> 00:14:10,480
I'm going to use a domain admin account.

286
00:14:11,760 --> 00:14:15,160
IP address.

287
00:14:17,680 --> 00:14:19,680
Username, actually,

288
00:14:19,680 --> 00:14:22,320
you need to specify the domain here as

289
00:14:22,320 --> 00:14:25,839
well using the format that's required:

290
00:14:25,839 --> 00:14:30,390
which is username plus 51.sec.local.

291
00:14:30,390 --> 00:14:32,240
Just make sure your domain name is

292
00:14:32,240 --> 00:14:33,199
correct.

293
00:14:33,199 --> 00:14:36,560
Username is correct. Password is correct.

294
00:14:36,560 --> 00:14:39,680
No temporary password is needed. Now,

295
00:14:39,680 --> 00:14:42,079
after you enter the destination

296
00:14:42,079 --> 00:14:45,360
information, you need to pick

297
00:14:45,360 --> 00:14:48,160
the benchmark.

298
00:14:49,040 --> 00:14:50,560
So, we are going to use the Windows 10

299
00:14:50,560 --> 00:14:52,639
Enterprise benchmark.

300
00:14:52,639 --> 00:14:53,760
We can

301
00:14:53,760 --> 00:14:57,199
choose Next Generation Windows Security.

302
00:14:57,199 --> 00:14:58,720
There's a couple of other options you can

303
00:14:58,720 --> 00:15:00,959
choose, but we choose level 2.

304
00:15:00,959 --> 00:15:02,639
After all those

305
00:15:02,639 --> 00:15:06,240
options you selected it, you can save it,

306
00:15:06,240 --> 00:15:08,959
and it will add it into your target system

307
00:15:08,959 --> 00:15:11,279
here.

308
00:15:11,360 --> 00:15:14,160
Before you scan to next step, you want to

309
00:15:14,160 --> 00:15:16,560
make sure you have a connection to the

310
00:15:16,560 --> 00:15:19,040
target.

311
00:15:21,279 --> 00:15:24,639
If you see any errors happens here, you

312
00:15:24,639 --> 00:15:27,120
may want to go back to check your

313
00:15:27,120 --> 00:15:28,240
settings.

314
00:15:28,240 --> 00:15:31,040
As you can see here, I do see an error

315
00:15:31,040 --> 00:15:34,480
occurred while creating a session.

316
00:15:35,360 --> 00:15:37,360
So, we need to fix that

317
00:15:37,360 --> 00:15:41,040
information before we can continue.

318
00:15:41,040 --> 00:15:44,079
So, you choose your target system,

319
00:15:44,079 --> 00:15:46,240
and choose "Edit" to

320
00:15:46,240 --> 00:15:49,920
verify those configurations one by

321
00:15:49,920 --> 00:15:51,920
one. So, we noticed

322
00:15:51,920 --> 00:15:55,440
I put that wrong IP here.

323
00:15:55,440 --> 00:15:58,320
Save.

324
00:15:58,399 --> 00:16:00,320
Let me test the connection

325
00:16:00,320 --> 00:16:02,096
again.

326
00:16:11,120 --> 00:16:12,079
Now,

327
00:16:12,079 --> 00:16:14,480
the error is gone, and the

328
00:16:14,480 --> 00:16:16,880
connection is established.

329
00:16:16,880 --> 00:16:20,759
Let's go to the next step.

330
00:16:22,959 --> 00:16:24,959
Choose our target system. As I mentioned

331
00:16:24,959 --> 00:16:27,839
before, we can add more target

332
00:16:27,839 --> 00:16:29,600
system here, like, we can add the domain

333
00:16:29,600 --> 00:16:32,639
controller (DC),

334
00:16:34,399 --> 00:16:37,120
Windows,

335
00:16:37,120 --> 00:16:39,360
HTTP,

336
00:16:39,360 --> 00:16:42,680
etc.

337
00:16:54,639 --> 00:16:57,120
Since it's a Windows Server, we

338
00:16:57,120 --> 00:16:59,600
probably

339
00:16:59,680 --> 00:17:01,199
need to change

340
00:17:01,199 --> 00:17:03,279
the benchmarks, so I just choose the

341
00:17:03,279 --> 00:17:04,559
automated

342
00:17:04,559 --> 00:17:07,679
sub-controls only

343
00:17:15,599 --> 00:17:17,679
and save it.

344
00:17:17,679 --> 00:17:21,039
Now, we have two systems.

345
00:17:22,400 --> 00:17:24,400
So, you need to choose, or you can choose

346
00:17:24,400 --> 00:17:26,959
multiple of them using the controls. You

347
00:17:26,959 --> 00:17:30,240
can choose two of them together to scan.

348
00:17:30,240 --> 00:17:32,720
i want to make sure we can go to the DC

349
00:17:32,720 --> 00:17:36,679
as well. Let's test the connection.

350
00:17:47,200 --> 00:17:48,960
So, connection has been

351
00:17:48,960 --> 00:17:51,440
tested successfully.

352
00:17:51,440 --> 00:17:54,799
It's established.

353
00:17:54,799 --> 00:17:56,640
So, let's

354
00:17:56,640 --> 00:17:58,000
choose both

355
00:17:58,000 --> 00:18:01,720
and go to the next step.

356
00:18:16,559 --> 00:18:21,760
We need a benchmark for our Windows 10.

357
00:18:21,760 --> 00:18:24,240
I believe we can choose this one. Choose,

358
00:18:24,240 --> 00:18:26,320
add,

359
00:18:26,320 --> 00:18:28,559
and save.

360
00:18:28,559 --> 00:18:32,160
So, now it shows one. So, we need

361
00:18:32,160 --> 00:18:34,960
at least one benchmark for

362
00:18:34,960 --> 00:18:37,039
each system.

363
00:18:37,039 --> 00:18:39,039
Click "Next."

364
00:18:39,039 --> 00:18:42,480
Again, HTML has been selected for us.

365
00:18:42,480 --> 00:18:44,320
The report

366
00:18:44,320 --> 00:18:46,799
folder, we keep default.

367
00:18:46,799 --> 00:18:49,600
Then, we do start

368
00:18:49,600 --> 00:18:51,421
assessment.

369
00:18:53,440 --> 00:18:55,679
This may take

370
00:18:55,679 --> 00:18:58,240
two or three minutes to get the post.

371
00:18:58,240 --> 00:19:00,720
Since it's remote, it's slower

372
00:19:00,720 --> 00:19:02,960
than doing a local.

373
00:19:02,960 --> 00:19:04,880
The process is the same.

374
00:19:04,880 --> 00:19:07,120
It created a connection

375
00:19:07,120 --> 00:19:09,200
and then goes through

376
00:19:09,200 --> 00:19:12,400
all the controls they need to

377
00:19:12,400 --> 00:19:15,520
validate using script.

378
00:19:15,520 --> 00:19:18,160
And then validate all settings,

379
00:19:18,160 --> 00:19:20,980
and then come back with the report.

380
00:20:50,320 --> 00:20:53,200
Well, after probably five minutes or

381
00:20:53,200 --> 00:20:55,200
six minutes,

382
00:20:55,200 --> 00:20:56,799
the report

383
00:20:56,799 --> 00:20:59,200
has been generated.

384
00:20:59,200 --> 00:21:01,600
We finished our scanning.

385
00:21:01,600 --> 00:21:06,000
So, you will be able to see both reports.

386
00:21:06,000 --> 00:21:09,730
Let's take a quick look here.

387
00:21:20,159 --> 00:21:24,120
It's for Windows 10.

388
00:21:32,320 --> 00:21:34,720
You also can check along

389
00:21:34,720 --> 00:21:37,440
domain controllers,

390
00:21:37,440 --> 00:21:40,210
51secdc1.

391
00:21:46,000 --> 00:21:50,159
So, now we finished our remote scanning.

392
00:21:50,159 --> 00:21:53,440
Basically, that's how you can use

393
00:21:53,440 --> 00:21:55,520
this free tool

394
00:21:55,520 --> 00:21:58,159
to validate your security configuration

395
00:21:58,159 --> 00:22:00,159
on your target system.

396
00:22:00,159 --> 00:22:02,240
You don't have to pay

397
00:22:02,240 --> 00:22:06,320
anything if you are only using those basic

398
00:22:06,320 --> 00:22:07,600
profiles.

399
00:22:07,600 --> 00:22:10,000
For your system, for Windows 10, and the

400
00:22:10,000 --> 00:22:14,480
server Ubuntu, Google Chrome,

401
00:22:14,480 --> 00:22:17,039
if you have more, other systems need to be

402
00:22:17,039 --> 00:22:19,280
validated. Then, you have to

403
00:22:19,280 --> 00:22:22,880
get the license for your Pro version.

404
00:22:22,880 --> 00:22:27,360
That will be in different videos.

405
00:22:27,360 --> 00:22:30,960
That's all for this video. This is how you can

406
00:22:30,960 --> 00:22:33,520
use the free tool,

407
00:22:33,520 --> 00:22:36,240
CIS-CAT Lite,

408
00:22:36,240 --> 00:22:39,200
to check your security settings on your

409
00:22:39,200 --> 00:22:40,799
target.

410
00:22:40,799 --> 00:22:42,720
I hope you enjoyed it.

411
00:22:42,720 --> 00:22:45,120
If you find anything useful in this

412
00:22:45,120 --> 00:22:46,960
video, give me a thumb up.

413
00:22:46,960 --> 00:22:50,080
Also, please subscribe to my channel if you

414
00:22:50,080 --> 00:22:51,440
haven't.

415
00:22:51,440 --> 00:22:53,991
Thank you for watching.

416
00:22:53,991 --> 00:23:13,620
[Music].