-------------------------------------------------
Week 3 Laboratory
How to Identify Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap GUI (Nmap) & Nessus Reports
Learning Objectives and Outcomes
Upon completing this lab, students will be able to: 1. Understand how risk from threats and software vulnerabilities impacts the seven domains of a typical IT infrastructure
2 Review a ZeNmap GUI (Nmap) network discovery and Nessus vulnerability assessment scan report (hardcopy or softcopy)
3. Identify hosts, operating systems, services, applications, and open ports on devices from the ZeNmap GUI (Nmap) scan report
4. Identify critical, major, and minor
…show more content…
Nmap when introduced was all command line interface, ZeNmap was created to make the software user friendly. Nmap doesn’t tell you the vulnerabilities on a system that requires knowledge of the computer network, the network baseline, to figure out where the vulnerabilities exist. Nessus is like Nmap in that it can do network discovery, but unlike Nmap, it is designed to scan systems to determine their vulnerabilities. Nessus has the ability to create policies which are composed of scanning specifications.
2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? The best application for this process would be Nmap
3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be the best application for this process.
4. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability? Nessus allows users to identify vulnerabilities, and attack those vulnerabilities to establish the impact of an attack. Nessus starts with a port scan and attempts to exploit ports that are open.
5. Are open ports necessarily a risk? Why or why not? Open ports are not necessarily a risk, it depends upon the application that is using the port. If no service is using the
I have learned skills to diagnose and repair software vulnerabilities within Windows and Linux operating systems through the CyberPatriot program. I also participated in additional studies within the Cisco Networking Academy and received a perfect score on the Cisco Networking Quiz during the CyberPatriot competition.
We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these
In the past latency issues have derived primarily to out of date hardware or device drivers as opposed to a security breach. It is always a wise choice to update these configurations while running the appropriate operating system updates which may all be contributing factors. During the prerequisite stage of the survey the required information is gathered to develop an effective network survey which would alleviate resource constraint.
Both Wireshark and NetWitness Investigator can be used for packet capture and analysis. Which tool is preferred for each task, and why?
Rob Pettigrew is the manager of technical systems and help desk center of Wyoming Medical Center in Casper, Wyoming. Protecting networks are getting harder as there are different types of devices being used by companies. An example of this is Wyoming Medical Center has four different classifications of PCs, PCs in the hallways for the staff to use, PCs at the nursing stations, PCs in offices, and PCs on that move between patient rooms. Pettigrew deployed Novell ZenWorks to 850 of the medical centers 900 PCs to ensure each one has the right software. With having multiple applications, medical software systems, and the different machine types, and restrictions make it difficult for Pettigrew to ensure proper protection for the network. Another concern is the
HTML5 will also allow pen-testers to review new scans, create new policies, and view scans from any device on the scanner, which means the entire network will be secure. This magnificent security tool is capable of providing any vulnerability within the IP address range, network or host located on the network. Within the configuration and compliance auditing, it can be compared to the Security Content Automation Protocol (SCAP), which is a method used to enable automated vulnerability management (National Institute of Standards and Technology, 2016). Nessus will also ensure the system is configured to be compliant within the security structure of Windows, Linux, Mac OS and applications. One more feature included is the integration of patch management, which allows patch information to be retrieved and to be included in the patch management report. Nessus will go one step further and check to ensure that patches have been properly installed, will audit mobile device weaknesses, gathering data and writing reports about potential threats for the devices connected to the network, whether it be iOS, Android, or Windows operating
During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting.
Utilizing two simple command switches, -O and -v, provided a wealth of information about the host system. Most notably, it listed all of the open ports, protocols, and the operating system of the target system. This quick gathering of information enabled the execution of more detailed commands against specific ports to expose specific vulnerabilities. This information can then be used to address any specific vulnerabilities that are
* Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure
Which domain requires AUPS to minimize unnecessary User initiated Internet traffic and can be monitored and controlled by web content filters?
Nessus is typically installed on a server and runs as a web-based application. Nessus uses plugins to determine if a vulnerability is present on a specified machine.
Despite its impact ping sweeps and port scans are best understood as a huge security threat on today's company's network system.
The goal of intrusion detection is to monitor network assets, detect anomalous behavior, and identify misuse within a network (Ashoor, Gore, 2011). An intrusion detection system (IDS) is a device or software application that monitors network system activities for malicious activity or policy violations and produces reports to a management station (Kashyap, Agrawal, Pandey, Keshri, 2013), additionally there are three types of IDS:
In the three maintained products the threats and risks are to be identified. Such as the data base securing, user identification, authorizing proper managers, protections from hackers and updated firewalls and less vulnerable software.
Network security has changed significantly over the past years. There is more and more data to monitor and analyze in order to detect the activity of your data and systems. Securing a network has many variables. Password authentication, network access, patches, anti-virus protection, intrusion detection, firewall and network monitoring tools are just a few of the things you can do to protect yourself.