IS360 LAB 2 (20 points total)

Performing a Vulnerability Assessment

Instructions
Login to the Jones & Bartlett website to access the Cloud Labs for Fundamentals of Information Systems
Security. There are three (3) sections to the lab. For this lab assignment, you are only required to
complete Section 3 “Lab Challenge and Analysis.” You are not required to complete Sections 1 or 2,
although it is recommended that you do so to familiarize yourself with the tools.

Background
In Lab 1, you were introduced to a number of tools used to perform reconnaissance on a target system.
These tools (Nessus, ZenMap, Netwitness, Putty, Wireshark, Tftpd64, Filezilla) can be used in a wide
variety of ways to help secure a network. In this lab, we build upon your familiarization of ZenMap and
Nessus to dig deeper and find vulnerabilities in your systems. Specifically, ZenMap is a network scanner
to find network vulnerabilities such as open ports and discover active machines. Nessus is used to find
actual vulnerabilities in operating systems and applications.

Questions
For this lab, you will utilize these two tools to answer the following questions from Section 3.

1. (2 points) Zenmap identified three hosts on the 172.30.0.0/24 subnet. What operating system
version did the scan reveal for each host? List the host IP address and associated operating
system.
Host IP Operating System

2. (2 points) In this lab, you learned a few basic NMAP commands for ZenMap. Use the Internet to
find more NMAP commands, and then construct an NMAP command that could probe a
firewalled network in a stealthy manner (note that NMAP commands are pasted in the command
line in ZenMap). Use the subnet 172.30.0.0/24 in your command syntax. Note that there are
several different ways to achieve this scan – there is no single correct answer. I will accept any
variation of the syntax, as long as it avoids detection at the firewall.

Command syntax:_______________________________________________________________

3. (2 points) Although ZenMap was able to identify the operating systems in the virtual machines, it
can’t identify all operating systems. Why is this?

4. (2 points) Why was ZenMap and Nessus used together harmoniously in this lab?
5. (5 points) Sometimes you will have to scan multiple subnets and thousands of assets. The
easiest way to do this is to import a text file with the host IP address. Create a file with the host IP
addresses from question 1, and then import that into NMAP using the correct syntax. Provide a
screenshot of that scan below:

6. (5 points) Since port scanning a host is intrusive, many admins do no directly scan their hosts for
ports. Rather they use NMAP to send a simple ping to get a list of available hosts on a network.
Malicious attackers also leverage such methods in an attempt to stay invisible. Perform this
command in ZenMap and provide a screenshot of the scan below:

7. (2 points) Explain what this scan does and why would you use it: sudo nmap -sZ --top-ports 20
-T4 172.30.0.0/24