Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Nmap is a type of vulnerability scanner

01/12/2021 Client: muhammad11 Deadline: 2 Day

JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

LABORATORY MANUAL TO ACCOMPANY

Managing Risk in Information Systems

VERSION 2.0

Powered by vLab Solutions

INSTRUCTOR VERSION

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.

Lab #5 Identifying Risks, Threats, and Vulnerabilities in an IT Infrastructure Using Zenmap® GUI (Nmap) and Nessus® Reports

Introduction

Imagine a system administrator learns of a server’s vulnerability, and a service patch is available to solve it. Unfortunately, simply applying a patch to a server is not assurance enough that a risk has been mitigated. The system admin has the option of opening the application and verifying that the patch has raised the version number as expected. Still, the admin has no guarantee the vulnerability is closed, at least not until the vulnerability is directly tested. That’s what vulnerability scanners are for.

Two vulnerability scanners available to the system administrator are Nmap® and Nessus®, which produce scan reports. The purpose of using Zenmap® GUI (Nmap) and Nessus® reports is to enable you to create network discovery port scanning reports and vulnerability reports. These reports can identify the hosts, operating systems, services, applications, and open ports that are at risk in an organization.

In this lab, you will look at an Nmap® report and a Nessus® report. You will visit the

http://cve.mitre.org Web site, you will define vulnerability and exposure according to the site,

and you will learn how to conduct searches of the Common Vulnerabilities and Exposures (CVE)

listing.

Learning Objectives

Upon completing this lab, you will be able to:

Review a Zenmap® GUI (Nmap) network discovery and port scanning report and a Nessus®

software vulnerability report.

Identify hosts, operating systems, services, applications, and open ports on devices from the

Zenmap® GUI (Nmap) scan report.

Identify critical, major, and minor software vulnerabilities from the Nessus® vulnerability assessment scan report.

Visit the Common Vulnerabilities and Exposures (CVE) online listing of software vulnerabilities at http://cve.mitre.org and learn how to conduct searches on the site.

41

( Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. )

43

Hands-On Steps

Note:

This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files.

3. Review the Lab 5 Nmap Scan Report that accompanies this lab.

4. Using the Lab 5 Nmap Scan Report, answer the following questions:

 What are the date and timestamp of the Nmap host scan?

 What is the total number of loaded scripts for scanning?

 A synchronize packet (SYN) stealth scan discovers all open ports on the targeted host.

How many ports are open on the targeted host for the SYN stealth scan at 13:36?

 Identify hosts, operating systems, services, applications, and open ports on devices from the Zenmap GUI (Nmap) scan report.

Why Nmap Became Popular

Nmap started more than 15 years ago as a simple, command-line tool. Its one purpose—to send crafted packets to a targeted Internet Protocol (IP) address to determine what ports are listening for connections. Knowing what specific ports are listening, the Nmap operator can infer what services are running.

For example, if Transmission Control Protocol (TCP) port 80 is open and listening, it’s a safe assumption the target machine is a Web server, running the Hypertext Transfer Protocol (HTTP) service on port 80. Other popular ports such as 21, 25, 137, and 161 mean the services File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Network Basic Input/Output System (NetBIOS), and Simple Network Management Protocol (SNMP) are listening, respectively. This made Nmap very popular with administrators who could then monitor and verify their systems’ services.

Nmap also became very popular as an easy tool for reconnaissance. With malicious intent, a person armed with knowing what services were running could research what vulnerabilities to exploit. The fast scanning Nmap made locating the recently discovered exploits called zero-day exploits very efficient.

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Instructor Lab Manual

44 | LAB #5 Identifying Risks, Threats, and Vulnerabilities in an IT Infrastructure

Using Zenmap® GUI (Nmap) and Nessus® Reports

Over the past 15 years, the features available in Nmap have multiplied several times. The ability to craft packets down to specific flags and options can make troubleshooting—and disrupting—networked devices almost limitless. The people and companies tasked with protecting against hackers must play a game of cat and mouse against the growing set of options in tools such as Nmap. Innovation and open source allows this game to be played indefinitely.

5. Review the Lab 5 Nessus Vulnerability Scan Report that accompanies this lab.

6. Using the Lab 5 Nessus Vulnerability Scan Report, answer the following questions:

 How many hosts were scanned?

 What were the start and end times for each of the scans?

 How many total vulnerabilities were discovered for each host?

 How many of the vulnerabilities were critical, major, and minor software vulnerabilities?

Note:

Nessus is a powerful vulnerability scanner, with a fast-growing list of available plug-ins. As a vulnerability scanner, the tool scans the networked devices for potential weaknesses and exploitable services. As you see from the lab sample, reporting can be detailed and customized. While still free for personal, home use, Nessus is also available for commercial use with an annual subscription fee.

Nessus can be installed and run fairly easily, but here are a few tips that will produce much more benefit. First, update the plug-ins on install. By default, Nessus will update plug-ins once a day. Another tip is to use Nessus as a compliance tool. While it is by nature a vulnerability tool, one Nessus feature is to load a configuration file (called an audit file by Nessus) and then scan with Nessus to verify compliance against your end devices.

7. On your local computer, open a new Internet browser window.

8. In the address box of your Internet browser, type the URL http://cve.mitre.org and press

Enter to open the Web site.

9. On the Web site, toward the top left of the screen, click the CVE List link.

10. Review the CVE List Main Page.

11. Define CVE.

12. On the right, under Items of Interest, click the Terminology link.

13. Review the definitions for vulnerability and exposure.

14. Define the terms vulnerability and exposure.

15. At the top right of the Web site, click the Search link.

45

16. In the Search box, type the words Microsoft® XP 2003 Service Pack 1 and click the Search button.

17. Describe some of the results you discover.

18. After viewing the results, conduct another search and this time, type the words Cisco ASA

5505 Security + and click the Search button.

19. Describe some of the search results.

Note:

This completes the lab. Close the Web browser, if you have not already done so.

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Engineering Exam Guru
Peter O.
Financial Solutions Provider
Helping Engineer
Top Academic Guru
Solutions Store
Writer Writer Name Offer Chat
Engineering Exam Guru

ONLINE

Engineering Exam Guru

I am an elite class writer with more than 6 years of experience as an academic writer. I will provide you the 100 percent original and plagiarism-free content.

$30 Chat With Writer
Peter O.

ONLINE

Peter O.

I have done dissertations, thesis, reports related to these topics, and I cover all the CHAPTERS accordingly and provide proper updates on the project.

$41 Chat With Writer
Financial Solutions Provider

ONLINE

Financial Solutions Provider

I have read your project details and I can provide you QUALITY WORK within your given timeline and budget.

$44 Chat With Writer
Helping Engineer

ONLINE

Helping Engineer

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$26 Chat With Writer
Top Academic Guru

ONLINE

Top Academic Guru

As an experienced writer, I have extensive experience in business writing, report writing, business profile writing, writing business reports and business plans for my clients.

$46 Chat With Writer
Solutions Store

ONLINE

Solutions Store

I have assisted scholars, business persons, startups, entrepreneurs, marketers, managers etc in their, pitches, presentations, market research, business plans etc.

$25 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Trade associations provide all of the following except - Vce history study design - Generuler 1kb plus dna ladder sm1331 - Historical disciplines converge to create biological psychology - 05.04 understanding 20th century poetry - Starbucks inputs and outputs - Civil site engineer experience resume - Research Paper - Nanomedicine & nanotechnology open access nnoa - What is coca cola's global strategy - Uma offers students different majors within the allied healthcare field - Muslim Molvi 7340613399 OnLine No 1 FaMOUs VashIKaraN sPecIaLIsT IN Agartala - Nealon Week 6 Forum 602 - Hkdse practice paper english - Willesborough junior school website - All about wales powerpoint - Network security plan - Dupont stone and tile floor cleaner - I have two quetions please go through below - 2 what do your results indicate about cell cycle control - Triangle microworks iec 61850 - Power point final - Camberwell assessment of need for the elderly - Describe the major threats in doing business in global markets - Defineme fragrance opposites attract set - Nutrition - Unilever in brazil case analysis - Business law HW - Flash of silver the leap that changed my world - What money market instrument is used to finance international trade - Socialization into professional nursing ati - Gcse maths foundation revision checklist - What is a unimax people - Pelvic girdle and lower limb lab 17 answers - Bain rio de janeiro - Which of the following is an implicit cost - Mount gambier city bus timetable - Advanced PC Applications Lesson 6 - Catheter associated urinary tract infection picot - A study with questionable sponsorship or motives - Tener y retener cajas de carton - The rear guard poem analysis - Connect chapter 5 homework financial accounting - Mcdonald's darling quarter haymarket nsw - Planting caladium bulbs upside down - Wk2 project - Describe the nature of some important management incentives - Coca cola finance internship - Quantitative Annotated Bibliography - Societies in the world discussion - Descriptive writing about snow - Disadvantages of internal fertilisation - Ammonia color of ph paper - Discussion - Research paper progress report 800 words + 4 APA refernces + palagrisim report - Heinemann chemistry 1 vce sb eb 5e - The drunkard's progress 1846 - The history of dna worksheet answer key - Why uniforms should not be banned - Doubts about doublespeak william lutz - Tim o brien author biography - Cloverleaf plc case study answers - Hay job evaluation system chart - Ktea 3 academic skills battery - The terminal movie questions and answers - Explain the meanings of total architecture and machines for living - A _____ paraphrase focuses attention on the denotative meaning of a message. - Bibl 104 quiz 3 - What is the 666 rule in powerpoint - Ethics in Business Essay: "Personal Values vs. Corporate Interests" - Finding the inverse of a quadratic function - TOUCHSTONE 2.1 EVALUATE A SOURCE (2-3 PAGES//500-750 WORDS DOUBLE SPACE) - A company is more likely to lose current customers if: - One rope pulls a barge directly east - Walmart job satisfaction - Lost my vce certificate - What did robert frost accomplish - Cisco ios security command reference - 600 discussion on the organizational leadership (Description box has more info) - Assignment 3 cultural activity report - Guide to computer forensics and investigations 5th edition case project answers - Telstra apply for phone - Although ken brown is the principal owner - Accounting information systems controls and processes 3rd edition test bank - Red spot fuse holder - Kinetic energy calculations worksheet answers - Leverage adjusted duration gap example - Windhoek mines ltd of namibia is contemplating - Self driving cars informative speech - Eservices comcourts gov au - Discussion - Almost all multimode fiber cables transmit __________ wavelengths - The original 24 m edge length - Http time com 8515 what the world eats hungry planet - Lactase persistence blood glucose test results - 99 luftballons lyrics german translation - Magic quadrant for data center infrastructure management tools - Sociological Imagination Pre-Writing Map - Nsw service and installation rules - Chemistry