Leveraging Free Cyber Tools: Deploying Tenable Nessus Essentials on AWS Lightsail

Introduction

There have been several walkthroughs in the past on deploying Nessus Essentials in a home lab or within a VLAN where all devices are easily accessible. However, this guide aims to provide a real-world use case designed for small businesses. In this scenario, we’ll deploy a cloud-hosted vulnerability scanner using AWS Lightsail and create a Virtual LAN (VLAN) leveraging SaaS provided by LogMeIn Hamachi.

Network scanning is a critical part of any cybersecurity strategy. It allows businesses to identify vulnerabilities, misconfigurations, and unauthorized devices within their network. Regular vulnerability scans help detect potential entry points for attackers, ensuring that security patches are applied promptly and reducing the risk of data breaches. For small businesses, this can mean the difference between maintaining secure operations and falling victim to costly cyberattacks.

Over the past week, we’ve successfully deployed six instances of Tenable Nessus Essentials for various customers, helping them identify vulnerabilities at almost no cost. Small businesses can take advantage of free cybersecurity tools like Nessus Essentials to assess their security risks with minimal investment.

Each deployment took about two hours, using the following setup:

• AWS Lightsail Ubuntu 24 instance – $12/month (with the first 90 days free).
• LogMeIn Hamachi – Provides a static IP and secure access, free for the first 5 systems.
• Nessus Essentials – A free vulnerability scanner for up to 16 IPs.

Here’s how you can set up your own Nessus Essentials instance on AWS Lightsail, connect it securely using Hamachi, and run vulnerability scans on your business systems.

Step 1: Create an AWS Lightsail Instance

1. Log in to your AWS Lightsail account.
2. Click Create Instance.

3. Select Ubuntu 24.04 as the operating system.
4. Choose the $12/month plan (first 90 days free).
5. Name the instance (e.g., “Nessus-Scanner”).
6. Click Create Instance and wait for it to launch.
7. Once running, connect to the instance via SSH using the Lightsail console or your own SSH client:

ssh ubuntu@<Lightsail_Public_IP>

Step 2: Request Nessus Essentials Activation Code

1. Navigate to https://www.tenable.com/products/nessus/nessus-essentials and complete the signup form.

2. Check your email for the activation key after submitting the form.

Step 3: Install and Configure Nessus Essentials

1. Update system packages:

   sudo apt update && sudo apt upgrade -y

2. Download Nessus Essentials:

   wget https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-<latest-version>-ubuntu-amd64.deb

3. Install Nessus:

   sudo dpkg -i Nessus-*.deb

4. Enable and start Nessus service:

   sudo systemctl enable nessusd
   sudo systemctl start nessusd

5. Access Nessus Web UI:

   Locate the public IP of your instance from the Lightsail console by clicking on your instance:

   

   Open a browser and go to:

   https://<Lightsail_Public_IP>:8834

   Enter the activation key from your email to complete the Nessus Essentials setup.

Step 4: Install Hamachi on the End-User PC or Server

1. Go to VPN.net and click on Sign Up to create a free account.

2. Follow the instructions to create a new virtual network.

3. Give your network a name and continue.

4. Select No Password and ensure the Free Tier is selected.

5. Note your 9-digit network ID (formatted as xxx-xxx-xxx).

6. Download Hamachi on the server and join using your network ID.

Step 4.1: Create a Local Admin Account for Scanning

1. On the end-user PC or server, create a new local account with administrative privileges.
2. For Windows:

   net user NessusAdmin StrongPassword123 /add
   net localgroup administrators NessusAdmin /add

3. For Linux:

   sudo adduser nessusadmin
   sudo usermod -aG sudo nessusadmin

4. Ensure this account is active and that the password is securely stored, as it will be required when configuring Nessus scans.

Step 5: Configure Nessus and Run a Scan

1. In the Nessus Web UI (https://<Hamachi_IP>:8834), log in.

2. Click New Scan → Basic Network Scan.
3. Enter a name (e.g., “Small Business Scan”).
4. Under Targets, enter the Hamachi IP of the end-user system.
5. When prompted, provide the local admin credentials you created in Step 4.1 for authenticated scanning.
6. Click Launch Scan.
7. Review the vulnerability report.

Conclusion

By leveraging AWS Lightsail, Nessus Essentials, and Hamachi, small businesses can conduct vulnerability assessments at minimal cost. This method is easy to deploy, scalable, and provides a secure way to scan remote systems.

Need help setting this up for your business? Reach out to One Circle Solutions www.OneCS.net 🚀