Lab #5: Assessment Worksheet

Identify Threats and Vulnerabilities in an IT Infrastructure

Course Name:
____________________________________________________________
_
Student Name:
____________________________________________________________
_
Instructor Name:
___________________________________________________________
Lab Due Date:
____________________________________________________________
_
Overview
One of the most important first steps to risk management and implementing
a security strategy is to
identify all resources and hosts within the IT infrastructure. Once you identify
the workstations and
servers, you now must then find the threats and vulnerabilities found on
these workstations and servers.
Servers that support mission critical applications require security operations
and management procedures
to ensure C-I-A throughout. Servers that house customer privacy data or
intellectual property require
additional security controls to ensure the C-I-A of that data. This lab requires
the students to identify
threats and vulnerabilities found within the Workstation, LAN, and
Systems/Applications Domains.
Lab Assessment Questions
1. What are the differences between ZeNmap GUI (Nmap) and Nessus?
NMAP is primarily a host detection and port discovery tool. Instead of using
Nessus to look for specific vulnerabilities against a known quantity of hosts,
NMAP discovers active IP hosts using a combination of probes. On the
other hand Nessus takes the open ports into account and notifies you if
these ports have potential security vulnerabilities attached to them.Nessus is
typically installed on a server and runs as a web based application. Nessus
uses plugins to determine if a vulnerability is present on a specified machine.
2. Which scanning application is better for performing a network discovery
reconnaissance probing of
an IP network infrastructure?
NMAP
3. Which scanning application is better for performing a software
vulnerability assessment with
suggested remediation steps?
Nessus
4. How many total scripts (i.e., test scans) does the Intense Scan using
ZenMap GUI perform?
36
5. From the ZenMap GUI pdf report page 6, what ports and services are
enabled on the Cisco Security
Appliance device?
21/tcp open ftp vsftpd 2.3.4
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.4.2
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
111/tcp open rpcbind 2 (RPC #100000)
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
512/tcp open exec netkit-rsh rexecd
513/tcp open login?
514/tcp open shell?
1099/tcp open java-rmi Java RMI Registry
1524/tcp open shell Metasploitable root shell
2049/tcp open nfs 2-4 (RPC #100003)
2121/tcp open ftp ProFTPD 1.3.1
3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
5900/tcp open vnc VNC (protocol 3.3)
6000/tcp open X11 (access denied)
6667/tcp open irc Unreal ircd
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
6. What is the source IP address of the Cisco Security Appliance device
(refer to page 6 of the pdf
report)?
172.30.0.30
7. How many IP hosts were identified in the Nessus® vulnerability scan? List
them.
8. While Nessus provides suggestions for remediation steps, what else does
Nessus provide that can help
you assess the risk impact of the identified software vulnerability?
9. Are open ports necessarily a risk? Why or why not?
10. When you identify a known software vulnerability, where can you go to
assess the risk impact of the
software vulnerability?
11. If Nessus provides a pointer in the vulnerability assessment scan report
to look up CVE-2009-3555
when using the CVE search listing, specify what this CVE is, what the
potential exploits are, and
assess the severity of the vulnerability.
12. Explain how the CVE search listing can be a tool for security
practitioners and a tool for hackers.
13. What must an IT organization do to ensure that software updates and
security patches are
implemented timely?
14. What would you define in a vulnerability management policy for an
organization?
15. Which tool should be used first if performing an ethical hacking
penetration test and why?