Perform the following steps:
- Open the Nessus web client.
- Log in to the Nessus client with the user that you created during installation.
- Click on the Policies tab and select Create New Policy. Then, select the Basic Network Scan template:
Alter the settings in the Discovery tab for the port scan by mentioning a range from 1-1000. This will allow the scanner to complete the scan quickly:
- Ensure that Perform thorough tests is not selected in the accuracy tab of the General settings category in ASSESSMENT:
This will ensure that the PLC or any other device on which you are performing the scan is not affected in any way due to the traffic produced. You can also set advanced settings to ensure that minimal traffic is generated:
- Ensure that the SCADA plugins are present in the Plugins tab, otherwise the results obtained would only be for non-SCADA ports:
- Save the policy and select New Scan from the My Scans folder. Navigate to the User Defined policies section and select the policy:
- Select the policy and fill in the required details. Then, launch the scan:
- Wait for the scan to complete and open the results:
The preceding results show us that the scan was successful and that Nessus has found two SCADA-related vulnerabilities:
- ICCP/COTP (ISO 8073) Protocol Detection:
- Modbus/TCP Coil Access:
