Lab 5: How to Identify Risks, Threats &

Vulnerabilities in an IT Infrastructure Using

ZeNmap GUI (Nmap) & Nessus® Reports
Name: Nguyễn Huỳnh Minh Đan
Student ID: SE151945
Assessment Worksheet Identify Threats and Vulnerabilities in an IT
Infrastructure
Overview:

One of the most important first steps to risk management and implementing a security strategy is to
identify all resources and hosts within the IT infrastructure. Once you identify the workstations and
servers, you now must then find the threats and vulnerabilities found on these workstations and
servers. Servers that support mission critical applications require security operations and
management procedures to ensure C-I-A throughout. Servers that house customer privacy data or
intellectual property require additional security controls to ensure the C-I-A of that data. This lab
requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and
Systems/Applications Domains.

Lab Assessment Questions:

1. What are the differences between ZeNmap GUI (Nmap) and Nessus?

Zenmap is the official GUI of Nmap Security Scanner. It is a cross-platform free and open source
application (Linux, Windows, Mac OS X, BSD, etc.) that aims to make Nmap easy for beginners to use
while also providing advanced features. high for experienced Nmap users.

Nessus is a proprietary vulnerability scanning tool developed by Cybersecurity Company Tenable,

which is released free of charge for non-commercial use.

Different:

NMAP is run more often than not on a host and port disclosure, Nessus is normally introduced on
servers and takes it to a higher level. It examines the ports and searches for potential security issues.

2. Which scanning application is better for performing a network discovery reconnaissance probing
of an IP network infrastructure?

NMAP

3. Which scanning application is better for performing a software vulnerability assessment with
suggested remediation steps?

Nessus

4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?

36 scripts
5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco
Security Appliance device?

Port 443 and ssl/http service are enabled on the Cisco Security Appliance device.

6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the pdf
report)?

Nmap scan report for 172.30.0.1

7. How many IP hosts were identified in the Nessus® vulnerability scan? List them.

172.16.20.1
172.17.20.1
172.18.20.1
172.19.20.1
172.20.20.1
172.30.0.10
172.30.0.66

8. While Nessus provides suggestions for remediation steps, what else does Nessus provide that
can help you assess the risk impact of the identified software vulnerability?

The quantity of effects on your frameworks and which ones relate to the sweep.

9. Are open ports necessarily a risk? Why or why not?

Yes, I would say. If you have an open port that isn't being used, it's an open invitation for hackers to
come in. On the other side, a honey pot could be used to trap and trace an attack. So the answer is
yes and no.

10. When you identify a known software vulnerability, where can you go to assess the risk impact
of the software vulnerability?

Through many times of vulnerability assessment, you must have saved the process that we analyze
and evaluate that vulnerability. We can check based on the data that we did before.

11. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-
3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are,
and assess the severity of the vulnerability.

CVE stands for Standard Vulnerabilities and Exposures, and it is a collection of information security
vulnerabilities and exposures that tries to offer common names for publicly known issues. It is
possible to exploit the network. Allows unlawful alteration and service disruption. This is a Medium-
Risk situation.

12. Explain how the CVE search listing can be a tool for security practitioners and a tool for
hackers.

It helps users to find security flaws in the system. For a hacker, this is valuable information. He can
use this vulnerability to conduct an attack if he learns about it. This will assist administrators in
identifying and resolving problems, or at the very least minimizing them.
13. What must an IT organization do to ensure that software updates and security patches are
implemented timely?

Regularly check and scan for vulnerabilities, if a vulnerability is found, a patch or new software
update must be timely.

14. What would you define in a vulnerability management policy for an organization?

The potential risk associated with vulnerabilities discovered on your systems and how you intend to
address them.

15. Which tool should be used first if performing an ethical hacking penetration test and why?

I'd start with Nessus to see what vulnerabilities are previously known, and then use Nmap to see if
there are any further weaknesses in the system that can be attacked.