Nmap vs nessus

Assessment Questions and Answers

1. What are the differences between ZeNmap GUI (Nmap) and Nessus?

Nessus is a vulnerability scanner whereas Nmap is used for mapping a network’s hosts and the hosts’ open ports. Nmap discovers active IP hosts and gathers information about the open ports. Nessus scans ports just like Nmap, however it will notify if the open ports have potential security vulnerabilities attached to them.

2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure?

Nmap is better for performing a network discovery reconnaissance probing of an IP network infrastructure.

3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps?

Nessus is better for performing a software vulnerability assessment.

4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?

There are 36 scripts loaded for scanning.

5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security Appliance device?

Port 443 and ssl/http service are enabled on the Cisco Security Appliance device.

6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the PDF report)?

The IP address is 172.30.0.1

7. How many IP hosts were identified in the Nessus® vulnerability scan? List them.

There are 7 IP host. They are:

172.16.20.1

172.17.20.1

172.18.20.1

172.19.20.1

172.20.20.1

172.30.0.10

172.30.0.66

8. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability?

Beside remediation steps, Nessus also provides devices and software on the network that are not authorized or indicate a network compromise.

9. Are open ports necessarily a risk? Why or why not?

Of course open ports are a risk, because the attacker can use these ports to exploit the vulnerabilities such as use Trojan to make a screenshot and then send a screenshot back to the attacker.

10. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability?

Common Vulnerability Scoring System (CVSS) is a place where we can go to assess the risk impact of the software vulnerability. This is a classification system for the exploitability of software vulnerabilities and exposures.

11. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability.

CVE is a list of information security vulnerabilities and exposures that provides common names for publicity known problems. CVE also helps to share data across separate vulnerability capabilities easily.

12. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers.

The CVE search listing can be an useful tool for both security practitioners and hackers since it helps practitioners and hackers know what program they can use and what they cannot to secure or hack the systems.

13. What must an IT organization do to ensure that software updates and security patches are implemented timely?

An IT organization should establish a patch management plan which evaluate the criticality and applicability to the software patch.

14. What would you define in a vulnerability management policy for an organization?

A vulnerability management policy should have defined timelines for how long an administrator has to address vulnerability on a system.

15. Which tool should be used first if performing an ethical hacking penetration test and why?

Nmap is the one that should be used when performing an ethical hacking penetration test. Because it is a powerful port scanner and auditing utility. Besides that it is an open source application and can run on many different operating systems such as Windows, Linux, Mac OS.