12/9/2020 Print content

IST 451 - Network Security

Nessus-Nmap Lab

Introduction
Lab Topology
Exercise 1 - Scan
Review

Introduction
Welcome to the Nessus Nmap Practice Lab. In this module you will be provided with
the instructions and devices needed to develop your hands-on skills.

Learning Outcomes
In this module, you will complete the following exercises:

Exercise 1 - Scan

After completing this lab, you will be able to:

Perform vulnerability scans with Nmap and Nessus

Exam Objectives
The following exam objectives are covered in this lab:

Nmap
Nessus

Note: Our main focus is to cover the practical, hands-on aspects of the exam
objectives. We recommend referring to course material or a search engine to
research theoretical topics in more detail.

https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/6
12/9/2020 Print content

Lab Duration
It will take approximately 60 minutes to complete this lab.

Help and Support

For more information on using Practice Labs, please see our Help and Support page.
You can also raise a technical support ticket from this page.

Click Next to view the Lab topology used in this module.

Lab Topology
During your session, you will have access to the following lab configuration.

Depending on the exercises, you may or may not use all of the devices, but they are
shown here in the layout to get an overall understanding of the topology of the lab.

PLABKALI - Kali Linux

PLABUBUNTU - Ubuntu Linux

Click Next to proceed to the first exercise.

https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 2/6
12/9/2020 Print content

Exercise 1 - Scan
One essential tool for network security administrators or white hat hackers is the
vulnerability scanner. It is an important tool for ensuring the security of your network.
With a vulnerability scanner, you can ensure that the systems on your network meet
security standards, have no unacceptable open vulnerabilities, are properly patched, and
in fact belong on the network.

In this lab we will be looking at two industry standard vulnerability scanners: Nmap and
Nessus.

Learning Outcomes
After completing this exercise, you will be able to:

Perform vulnerability with Nmap and Nessus

Your Devices
You will be using the following devices in this lab. Please power these on now.

Task 1 - Scan

Use the Nmap guide to help you find information need for every address found in the
address range. You are not only looking for the machines found in the above list, but also
all of the machines in the range. For convenience's sake, the subnet you are to look in is
192.168.204.0/24

Nmap Basics

Step 1
Start by opening a terminal window and using Nmap to scan ports and IP addresses.

https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 3/6
12/9/2020 Print content

nmap -p 80 192.168.204.142-147

Step 2
Next scan the network with Nessus. In a terminal type the following command to start
Nessus.

sudo systemctl start nessusd

Step 3
Once Nessus is started, open a browser and type the address https://localhost:8834.
You will be prompted to choose a product to use, select Nessus Essentials. Next you will
see a Get an Activation Code page that asks for a first and last name and an email
address. Use your Penn State email. Next you will see a Register Nessus page that asks
for an activation code. Check your email that you entered in the last page for the code and
input it. Finally, you will see a Create Account page asking for a username and password.
Make sure to take note of what you enter as you may need these credentials in the future.

Once Nessus has finished installing plugins you are ready to scan. Click New Scan and
select the Basic Network Scan to begin with. Configure the scan how you see fit with
target IP addresses and discovery type.

Task 2 - Report
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 4/6
12/9/2020 Print content

Clearly state your results for this project. You are expected to hand in a report in the
following format:

A Cover Page (including project title) with team name and team members
A Table of Contents with page numbers
Use double-spaced type for convenient grading
Number pages. Font size 12, single column
Save the Microsoft Word document with the team name in the title. Upload the
document into the appropriate Dropbox.

The report should include:

IP Address
Host Name
Open Ports
Machine’s purpose on the network
Vulnerabilities

Keep all devices that you have powered on in their current state and proceed to the
review section.

Review
Well done, you have completed the Nessus Nmap Scan Practice Lab.

Summary
You completed the following exercises:

Exercise 1 - Scan

You should now be able to:

Perform vulnerability scans with Nmap and Nessus

Feedback
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 5/6
12/9/2020 Print content

Shutdown all virtual machines used in this lab. Alternatively, you can log out of the
lab platform.

https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 6/6