Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Nmap is a type of vulnerability scanner

01/12/2021 Client: muhammad11 Deadline: 2 Day

JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

LABORATORY MANUAL TO ACCOMPANY

Managing Risk in Information Systems

VERSION 2.0

Powered by vLab Solutions

INSTRUCTOR VERSION

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.

Lab #5 Identifying Risks, Threats, and Vulnerabilities in an IT Infrastructure Using Zenmap® GUI (Nmap) and Nessus® Reports

Introduction

Imagine a system administrator learns of a server’s vulnerability, and a service patch is available to solve it. Unfortunately, simply applying a patch to a server is not assurance enough that a risk has been mitigated. The system admin has the option of opening the application and verifying that the patch has raised the version number as expected. Still, the admin has no guarantee the vulnerability is closed, at least not until the vulnerability is directly tested. That’s what vulnerability scanners are for.

Two vulnerability scanners available to the system administrator are Nmap® and Nessus®, which produce scan reports. The purpose of using Zenmap® GUI (Nmap) and Nessus® reports is to enable you to create network discovery port scanning reports and vulnerability reports. These reports can identify the hosts, operating systems, services, applications, and open ports that are at risk in an organization.

In this lab, you will look at an Nmap® report and a Nessus® report. You will visit the

http://cve.mitre.org Web site, you will define vulnerability and exposure according to the site,

and you will learn how to conduct searches of the Common Vulnerabilities and Exposures (CVE)

listing.

Learning Objectives

Upon completing this lab, you will be able to:

Review a Zenmap® GUI (Nmap) network discovery and port scanning report and a Nessus®

software vulnerability report.

Identify hosts, operating systems, services, applications, and open ports on devices from the

Zenmap® GUI (Nmap) scan report.

Identify critical, major, and minor software vulnerabilities from the Nessus® vulnerability assessment scan report.

Visit the Common Vulnerabilities and Exposures (CVE) online listing of software vulnerabilities at http://cve.mitre.org and learn how to conduct searches on the site.

41

( Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. )

43

Hands-On Steps

Note:

This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files.

3. Review the Lab 5 Nmap Scan Report that accompanies this lab.

4. Using the Lab 5 Nmap Scan Report, answer the following questions:

 What are the date and timestamp of the Nmap host scan?

 What is the total number of loaded scripts for scanning?

 A synchronize packet (SYN) stealth scan discovers all open ports on the targeted host.

How many ports are open on the targeted host for the SYN stealth scan at 13:36?

 Identify hosts, operating systems, services, applications, and open ports on devices from the Zenmap GUI (Nmap) scan report.

Why Nmap Became Popular

Nmap started more than 15 years ago as a simple, command-line tool. Its one purpose—to send crafted packets to a targeted Internet Protocol (IP) address to determine what ports are listening for connections. Knowing what specific ports are listening, the Nmap operator can infer what services are running.

For example, if Transmission Control Protocol (TCP) port 80 is open and listening, it’s a safe assumption the target machine is a Web server, running the Hypertext Transfer Protocol (HTTP) service on port 80. Other popular ports such as 21, 25, 137, and 161 mean the services File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Network Basic Input/Output System (NetBIOS), and Simple Network Management Protocol (SNMP) are listening, respectively. This made Nmap very popular with administrators who could then monitor and verify their systems’ services.

Nmap also became very popular as an easy tool for reconnaissance. With malicious intent, a person armed with knowing what services were running could research what vulnerabilities to exploit. The fast scanning Nmap made locating the recently discovered exploits called zero-day exploits very efficient.

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Instructor Lab Manual

44 | LAB #5 Identifying Risks, Threats, and Vulnerabilities in an IT Infrastructure

Using Zenmap® GUI (Nmap) and Nessus® Reports

Over the past 15 years, the features available in Nmap have multiplied several times. The ability to craft packets down to specific flags and options can make troubleshooting—and disrupting—networked devices almost limitless. The people and companies tasked with protecting against hackers must play a game of cat and mouse against the growing set of options in tools such as Nmap. Innovation and open source allows this game to be played indefinitely.

5. Review the Lab 5 Nessus Vulnerability Scan Report that accompanies this lab.

6. Using the Lab 5 Nessus Vulnerability Scan Report, answer the following questions:

 How many hosts were scanned?

 What were the start and end times for each of the scans?

 How many total vulnerabilities were discovered for each host?

 How many of the vulnerabilities were critical, major, and minor software vulnerabilities?

Note:

Nessus is a powerful vulnerability scanner, with a fast-growing list of available plug-ins. As a vulnerability scanner, the tool scans the networked devices for potential weaknesses and exploitable services. As you see from the lab sample, reporting can be detailed and customized. While still free for personal, home use, Nessus is also available for commercial use with an annual subscription fee.

Nessus can be installed and run fairly easily, but here are a few tips that will produce much more benefit. First, update the plug-ins on install. By default, Nessus will update plug-ins once a day. Another tip is to use Nessus as a compliance tool. While it is by nature a vulnerability tool, one Nessus feature is to load a configuration file (called an audit file by Nessus) and then scan with Nessus to verify compliance against your end devices.

7. On your local computer, open a new Internet browser window.

8. In the address box of your Internet browser, type the URL http://cve.mitre.org and press

Enter to open the Web site.

9. On the Web site, toward the top left of the screen, click the CVE List link.

10. Review the CVE List Main Page.

11. Define CVE.

12. On the right, under Items of Interest, click the Terminology link.

13. Review the definitions for vulnerability and exposure.

14. Define the terms vulnerability and exposure.

15. At the top right of the Web site, click the Search link.

45

16. In the Search box, type the words Microsoft® XP 2003 Service Pack 1 and click the Search button.

17. Describe some of the results you discover.

18. After viewing the results, conduct another search and this time, type the words Cisco ASA

5505 Security + and click the Search button.

19. Describe some of the search results.

Note:

This completes the lab. Close the Web browser, if you have not already done so.

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Engineering Exam Guru
Peter O.
Financial Solutions Provider
Helping Engineer
Top Academic Guru
Solutions Store
Writer Writer Name Offer Chat
Engineering Exam Guru

ONLINE

Engineering Exam Guru

I am an elite class writer with more than 6 years of experience as an academic writer. I will provide you the 100 percent original and plagiarism-free content.

$30 Chat With Writer
Peter O.

ONLINE

Peter O.

I have done dissertations, thesis, reports related to these topics, and I cover all the CHAPTERS accordingly and provide proper updates on the project.

$41 Chat With Writer
Financial Solutions Provider

ONLINE

Financial Solutions Provider

I have read your project details and I can provide you QUALITY WORK within your given timeline and budget.

$44 Chat With Writer
Helping Engineer

ONLINE

Helping Engineer

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$26 Chat With Writer
Top Academic Guru

ONLINE

Top Academic Guru

As an experienced writer, I have extensive experience in business writing, report writing, business profile writing, writing business reports and business plans for my clients.

$46 Chat With Writer
Solutions Store

ONLINE

Solutions Store

I have assisted scholars, business persons, startups, entrepreneurs, marketers, managers etc in their, pitches, presentations, market research, business plans etc.

$25 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Heart valves and pumps experiment - The unadjusted trial balance columns of a worksheet total 84000 - Bi-rite home appliances fairfield - Godly line of seth - Lección 7 estructura 7.1 reflexive verbs answers - The anatomy coloring book 4th edition answer key - Religion test year 10 - International finance multiple choice questions and answers - Cross site request forgery csrf attack lab answer - Living in a risk society unimelb - Greg doucette cookbook 2 pdf - Arctic tundra endangered plants - Cultural Diversity - Biomedical statistic independent project - Beth r jordan tax return solution - Boys and girls alice munro quotes - Priority nursing diagnosis for renal failure - Women in film noir janey place - Examples of infinite games - Evaluating a good dance - Electrophilic aromatic substitution nitration of methyl benzoate lab report - Acorn ward whipps cross hospital - What do atoms look like - Keyhomes east org uk - Given positions find velocity and acceleration mastering physics - All the world's a stage theme - One – Group Assessment - Peptide bond formation in translation - Cuckoo's Book Analysis - Introducing new coke case study - Jesus i am statements - Nutritional Side Effects of Cancer Treatments - Whinney hill tip opening times - Spearman rank order correlation spss - Martinez owns an asset that cost 87000 - 887 visa processing time forum - Deutsch connector how to - Methods for documenting student progress - Caribbean queen billy jean - Illawarra fly treetop walk knights hill road knights hill nsw - JMP analyze - Zalesnik - Unit 4 Essay - Break-even point exercises and answers - Nursing diagnosis of acute appendicitis - Molecular polarity lab - Debemos llenar este formulario cuando solicitemos el préstamo. - In 24 hour time what is midnight - Smith chart matching network - Shoreline stadium case study answers - 4.380 kg in pounds and ounces - Many modern Singaporean families have both parents working - Anthropology exam - Turn This passage from "fresh off the boat' to a revised passage. - Occupational justice in occupational therapy - Wave on a string simulation answers - Post installed rebar connections - Wreck the text activity road trip to canterbury - Vanguard 960 101 staples - Find the tangential and normal components of the acceleration vector. r(t) = 6(3t − t3) i + 18t2 j - Vision statement for mcdonalds - Poem 7 syllables per line - Write an essay:The Rhythm of the Rhythm - History - Can Someone Do My Assignment For Me In London? - Nsw department of education adobe - Shortness of breath soap note - What is inappropriate communication - Gensteel doors madison ga jobs - Bar graph histogram and frequency polygon - What if serious scientific answers to absurd hypothetical questions summary - The relationship between research and counseling - Walmart failure in germany ppt - Show indignation crossword clue - Read two articles and complete an annotated bibliography for each article (scholarly/peer-reviewed journal articles). - Internal scanning organizational analysis - Fleetwood grammar school reunion 2014 - Wells fargo competitive advantage - Jasper jones essay year 10 - Job Requisition Proposal - Extracted metal from ore crossword - Case analysis - Copyright 2016 pearson education inc - Walworth gate valve catalogue - DISCUSSION GRAD SCHOOL APA FORMAT - Bf3 react with ammonia - Wedow v city of kansas city - Renaissance art literature and science - Ucl architecture entry requirements - Reaction order and rate laws lab answers - Hospital ransomware attack - SOCW 6090 - Discussion: Applying Differential Diagnosis to Neurodevelopmental Disorders - 2 phase motor example - Match the terms below with their correct definitions - Ecu academic integrity module - Key concepts in cinema studies pdf - Christoph lengauer henrietta lacks - Sonata allegro form diagram - Case Study - Team paper