Lab 4 Performing a Vulnerability Assessment

In: Computers and Technology

Submitted By teanea
Words 466
Pages 2
Teanea Reed
Lab 4

1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application.

Zenmap is the official graphical user interface (GUI) for the Nmap Security Scanner. It is a multi-platform, free and open-source application designed to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Zenmap is a port scanning tool that can quickly identify hosts and detect what operating system and services are running on them, and all without privileged access. Zenmap, and similar tools, are typically used during the scanning and vulnerability phase of the ethical hacking process

2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process?

OpenVAS, and similar tools, perform vulnerability assessment of Unix, Windows, and network infrastructures and can perform a network discovery of devices, operating systems, applications, databases, and services running on those devices. These tools are typically used to complete the scanning and vulnerability assessment phase of the ethical hacking process once the network-mapping scan (that was in Part 1 of this lab) is completed. Conducting a vulnerability scan on entire subnets can be noisy (making them easily detected) and time-consuming. You can limit the breadth and scope of the scan by specifying the hosts you want to scan in a simple text file.

3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step?

Written permission must be obtained before performing an intrusive penetration test or vulnerability assessment scan on a live network.

4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web…...

Similar Documents

Week 2 Lab #4 Assessment

...ISSC362: IT Security: Attack & Defense 14 Apr 2013 Lab #4 – Assessment Worksheet 1. Phase 1—Reconnaissance, Phase 2—Scanning, Phase 3—Gaining Access, Phase 4—Maintaining Access, Phase 5—Covering Tracks 2. Zenmap does an intense scan of all TCP ports in order to find open and vulnerable ports. 3. Phase 1 Reconnaissance 4. This is referred to by many names, but typically just called a vulnerability scan. Can be done with tools such as Nessus or Microsoft baseline security analyzer. 5. MS04-022: Microsoft Windows Task Scheduler Remote Overflow (841873), MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741), MS03-043: Buffer Overrun in Messenger Service (828035), MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159), MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883), MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687), MS03-039: Microsoft RPC Interface Buffer Overrun (824146), MS04-011: Security Update for Microsoft Windows (835732), MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028), MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422), MS05-043: Vulnerability in Printer Spooler Service Could Allow Remote Code Execution (896423), MS03-026: Microsoft RPC Interface Buffer Overrun (823980), MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644), MS02-045: Microsoft Windows SMB Protocol......

Words: 343 - Pages: 2

Lab 4 Assessment Worksheet

... 4. What other anti-malicious software and anti-malicious code applications are included with Avira under the Real-Time Shields application? What risk and threats do these help mitigate? Real-Time Shield (with Avira) shields the possibility of the program to check data for viruses at the time as the data is written or read, Avira AntiVir Personal have this into the Guard. The Guard will observe the drives and check the data at the time as the data is written or read. Avira AntiVir Personal can’t directly check the content of Websites, but the downloaded data from the sites will be checked after download from the Guard. 5. In a corporate environment, should new AV definitions be installed as soon as they are available? The AV definitions should test thoroughly in a “test” environment extensively, prior to rolling it out to an enterprise network. The last thing you want is for something to happen because proper testing was not done on your network. 6. Is the quick scan good enough to maintain the system protected? Not on a full time basis. Default setting for a weekly Quick scan. Never perform a full scan unless an infection was detected by MSE and a full scan is recommended, or an infection is suspected. 7. Besides the ones mentioned above, what other best practices are there for the Windows Domain that can mitigate the risks and threats caused by malicious code? MSE’s real-time protection scan on a routine basis, Identifying vulnerabilities,......

Words: 992 - Pages: 4

Lab #1 – Assessment Worksheet Performing Reconnaissance and Probing Using Common Tools

...Lab #1 – Assessment Worksheet Performing Reconnaissance and Probing Using Common Tools CPSC 2106 Informations Systems Security Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the common tools available in the virtual lab environment. You used Wireshark to capture and analyze network traffic and OpenVAS to scan the network. You reviewed a sample collection of data using NetWitness Investigator, connected to a remote Windows machine, and explored two file transfer applications, FileZilla and Tftpd64. You used PuTTY to connect to a Linux machine and ran several Cisco commands to display statistics for the network interfaces. Finally, you used Zenmap to perform a scan of the network and created a network topology chart. Lab Assessment Questions & Answers 1. Name at least five applications and tools used in the lab. 2. What is promiscuous mode? Promiscuous mode allows an application to listen to all traffic on a given subnet or VLAN. 3. How does Wireshark differ from NetWitness Investigator? Wireshark captures live traffic and displays results at the packet level. Net Witness Investigator provides an aggregated overview of previously captured traffic which can be...

Words: 452 - Pages: 2

Lab 2 Performing a Vulnerability Assessment

...Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Zenmap is the official GUI for the Nmap Security Scanner. It is a multi-platform, free and open-source application designed to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. This can be used for example to audit a network on a specific IP scheme. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtain before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. It is sponsored by the office of Cybersecurity at the US Department of Homeland Security. The site is managed by the MITRE Corp. 5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, by using TCP/IP stack fingerprinting......

Words: 406 - Pages: 2

Lab 4 Assessment Questions Is3110

...Lab 4 Assessment Questions | Lab Assessment Questions 1. What is the goal or objective of an IT risk assessment? * The goal is to define how the risk to the system will be managed, controlled, and monitored. 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? * A qualitative assessment is based on opinion than actual fact, and IT risk assessments need to be based on a quantitative analysis. 3. What was your rationale in assigning “1” risk impact/risk factor value of “critical” for an identified risk, threat, or vulnerability? * The critical needs to be mitigated immediately. 4. When you assemble all of the “1” and “2” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1”, “2”, and “3” risk elements? What would you say to executive management in regards to your final recommended prioritization? * By assessing how important the risk is to the infrastructure and how quickly the risk needs to be mitigated. The one’s and two’s need to be mitigated as soon as possible and the threes can be mitigated or left alone at management’s decision. 5. Identify a risk mitigation solution for each of the following risk factors: A. Workstation OS has a known software vulnerability- * Patch or update software. B. Need to prevent eavesdropping on WLAN due to customer privacy data access- * Increase WLAN......

Words: 302 - Pages: 2

Lab #1 – Assessment Worksheet. Performing Reconnaissance and Probing Using Common Tools

...Lab #1 – Assessment Worksheet Performing Reconnaissance and Probing Using Common Tools Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the common tools available in the virtual lab environment. You used Wireshark to capture and analyze network traffic and OpenVAS to scan the network. You reviewed a sample collection of data using NetWitness Investigator, connected to a remote Windows machine, and explored two file transfer applications, FileZilla and Tftpd64. You used PuTTY to connect to a Linux machine and ran several Cisco commands to display statistics for the network interfaces. Finally, you used Zenmap to perform a scan of the network and created a network topology chart. Lab Assessment Questions & Answers 1. Name at least five applications and tools used in the lab. Wireshark, Netwitness, Openvas, Filezilla, Tftpd64, Putty and Zenmap 2. What is promiscuous mode? Promiscuous mode allows an application to listen to all traffic on a given subnet or VLAN 3. How does Wireshark differ from NetWitness Investigator? Wireshark deep-dives into individual packets while Netwitness is just a high-level view, that can be compared to newer pracket......

Words: 481 - Pages: 2

Lab Assessment

...Lab #2 – Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating systems are......

Words: 307 - Pages: 2

Vulnerability Assessment Scan

...------------------------------------------------- Lab Assignment for Chapter 3 Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the......

Words: 559 - Pages: 3

Lab 4 Assessment Questions

...1. Which US government agency acts as the legal enforcement entity for businesses and organizations involved in commerce? • Federal Trade Commission 2. Which US government agency acts as the legal enforcement entity regarding HIPAA compliance and HIPAA violations? • Office of Civil Rights: OCR 3. List three (3) similarities between GLBA and HIPAA. • They both protect customer’s information, they both require review of log and access reports, and they protect how the company shares the information. 4. List five (5) examples of privacy data elements for GLBA as defined in the privacy rule. • Credit, Consumer Loan, Money, Tax Returns, and Consumer Debts 5. List five (5) examples of privacy data elements for HIPPA as defined in the privacy rule. • Physical Health Condition, Mental Health Condition, Provision of health care, Payment, and Health plan 6. List three (3) differences between GLBA and HIPAA. • GLBA protects financial information, HIPAA protects medical information, and HIPAA rules and regulation are enforced by the OCR and GLBA by the FTC. 7. How does GLBA and HIPAA privacy rule translate into information systems security controls and countermeasures? • All financial and medical information must be kept confidential. 8. What three areas does the GLBA safeguard rule encompass? • Confidentiality, integrity and availability. 9. What is ePHI? • Electronic Protected Health Information. 10. What three areas does the HIPAA security......

Words: 404 - Pages: 2

Lab #2: Performing a Vulnerability Assessment

...Lab #2 – Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating......

Words: 307 - Pages: 2

Vulnerability Assessment

...Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating systems are present on IP......

Words: 297 - Pages: 2

Lab #4 – Assessment Worksheet

...Lab #4 – Assessment Worksheet Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation IS4650 Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you performed all five phases of ethical hacking: reconnaissance (using Zenmap GUI for Nmap), scanning (using OpenVAS), enumeration (exploring the vulnerabilities identified by OpenVAS), compromise (attack and exploit the known vulnerabilities) using the Metasploit Framework application), and conducted post-attack activities by recommending specific countermeasures for remediating the vulnerabilities and eliminating the possible exploits. Lab Assessment Questions & Answers 1. What are the five steps of ethical hacking? reconnaissance, scanning,enumeration, compromise, post-attack activities: recommended countermeasures for remediation. 2. During the reconnaissance step of the attack, what open ports were discovered by Zenmap? What services were running on those ports? There were several Ports, I will list onl a few POrts, 21,3306,22,53,445,111,25, all running TCP: the services running were Linux telneted, smtp Postfix, Apache Tomcat/Coyote JSP 3. What step in the hacking attack process uses......

Words: 285 - Pages: 2

Vulnerability-Assessment

... Chapter 1 Vulnerability Assessment Solutions in this Chapter: I What Is a Vulnerability Assessment? I Automated Assessments I Two Approaches I Realistic Expectations Summary Solutions Fast Track Frequently Asked Questions 1 285_NSS_01.qxd 2 8/10/04 10:40 AM Page 2 Chapter 1 • Vulnerability Assessment Introduction In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Operating systems, applications, and network protocols have grown so complex over the last decade that it takes a dedicated security administrator to keep even a relatively small network shielded from attack. Each technical advance brings wave after wave of security holes. A new protocol might result in dozens of actual implementations, each of which could contain exploitable programming errors. Logic errors, vendor-installed backdoors, and default configurations plague everything from modern operating systems to the simplest print server.Yesterday’s viruses seem positively tame compared to the highly optimized Internet worms that continuously assault every system attached to the global Internet. To combat these attacks, a network administrator needs the appropriate tools and knowledge to identify vulnerable systems and resolve their security problems before they can be exploited. One of the most powerful tools available today is the vulnerability assessment, and this......

Words: 9203 - Pages: 37

Performing a Vulnerability Assessment

...driver m. systemboard, motherboard n. video cable o. drive cable p. ribbon cable q. expansion slot (ISA, EISA, MCA, VL bus, PCI, local bus; what does each of the acronyms stand for?) r. ZIF socket (what does “ZIF” stand for?) s. SIMM (what does “SIMM” stand for?) t. system realtime clock u. jumper v. chipset w. cache memory x. power supply cable y. RAM and ROM z. CPU, microprocessor aa. coprocessor bb. primary storage and secondary storage (give examples of each, and know which is which) cc. volatile vs. nonvolatile memory (know which is which) dd. CMOS configuration chip ee. traces ff. bus gg. power supply 3. Be able to identify all of the items shown in Figures 1-2, 1-3, 1-4, and 1-5 in Andrews’ A Guide to Managing and Maintaining Your PC. 4. What are the principal functions of an Operating System? 5. Distinguish between, and give examples of the use of: a. a command-driven interface b. a menu-driven interface c. a GUI 6. Define: a. Multitasking b. Multithreading c. Operating environment (e.g., a GUI environment; a single- or multitasking environment) 7. OPTIONAL: Name seven operating systems that are commonly used in desktop computers, and describe the advantages and disadvantages of each. 8. What are the principal operations that occur when an IBM-compatible Personal Computer (PC) boots up? 9. In what ways can configuration information be represented on a computer? 10. Be able to identify all of the......

Words: 2332 - Pages: 10

Vulnerability Assessment

...about techniques used against them and the systems they use. (Tipton, H. & Krause, M., (2007)) C. Simulated vulnerability test using Social Engineering Social engineering attacks have four generally recognized phases. The ‘preparation’ phase is where information is gained, either by chatting up employees, dumpster diving, internet research, or fake job applications/interviews that can be leveraged for intimate information about the target or to develop a rapport with people associated with the target. The ‘pre-attack’ phase takes this information and develops it into a plan of attack, laying out the objectives of the attack and the methods used. The ‘attack phase’ is where individuals are compromised, either directly or remotely, and whatever objectives for the hack are met. The ‘post attack’ phase is dedicated to controlling the aftermath of the attack or turning the objectives of the attack into vectors for further exploitation. (Janczewski & Colarik, 2007) A vulnerability assessment should take care to include each phase of an SE attack so that all correctable deficiencies are found. The first phase of an SE attack is reconnaissance, so a vulnerability assessment should be done on the company’s website. Internet searches of sites like Google and LinkedIn should be done to see what information is already ‘out there’. During this phase of the assessment a physical check of the security of the building should also be performed. Fences, employee access, service......

Words: 1868 - Pages: 8